Threat intelligence, automated.
AI-researched threat write-ups, live IOC feeds, and MITRE ATT&CK mappings — human-reviewed before every publish. Built for defenders.
New Malware Libraries Drive Signature Updates and Evasion Challenges
The continuous development of new malware libraries and obfuscation techniques necessitates constant updates to security product signatures. Defenders must ensure their detection mechanisms are current to identify evolving threats that leverage these new components, challenging traditional static signature-based defenses. This ongoing evolution highlights the importance of behavioral analysis alongside signature updates.
Read full report →Pwn2Own Berlin Day 2: Zero-Days Demonstrated in Microsoft Exchange, Windows 11, and RHEL
During Pwn2Own Berlin 2026 Day 2, researchers successfully exploited 15 unique zero-day vulnerabilities across multiple products. Key targets included Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux for Workstations, demonstrating critical security flaws in these widely deployed systems.
CVE-2026-42897: Microsoft Exchange Server Cross-Site Scripting Vulnerability
A high-severity cross-site scripting (XSS) vulnerability, CVE-2026-42897, has been identified in Microsoft Exchange Server, including versions 2016 and 2019. This flaw allows an unauthenticated attacker to execute arbitrary JavaScript in a user’s browser context via Outlook Web Access when certain interaction conditions are met, leading to high impact on confidentiality and integrity. CISA has added this CVE to its Known Exploited Vulnerabilities Catalog.
CVE-2026-42208: Critical SQL Injection in BerriAI LiteLLM AI Gateway
A critical SQL injection vulnerability (CVE-2026-42208) affects BerriAI LiteLLM versions 1.81.16 to before 1.83.7. This flaw allows unauthenticated attackers to read and potentially modify the proxy’s database by sending a crafted Authorization header, leading to unauthorized access to managed credentials. The vulnerability is actively exploited and listed in CISA’s KEV catalog.
CVE-2026-6973: Remote Code Execution in Ivanti EPMM
CVE-2026-6973 is an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows a remotely authenticated administrative user to achieve remote code execution. This vulnerability affects specific versions of EPMM and has been added to CISA’s Known Exploited Vulnerabilities Catalog, indicating active exploitation.
WordPress Funnel Builder Plugin Vulnerability Actively Exploited for Credit Card Theft
A critical vulnerability in the Funnel Builder WordPress plugin is under active exploitation. Attackers are leveraging this flaw to inject malicious JavaScript into WooCommerce checkout pages, aiming to steal sensitive credit card details from customers. This poses a significant risk to e-commerce platforms utilizing the vulnerable plugin.
CVE-2026-0300: PAN-OS User-ID Authentication Portal RCE Vulnerability
A critical out-of-bounds write vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS User-ID Authentication Portal allows unauthenticated attackers to achieve root-level arbitrary code execution. This affects PA-Series and VM-Series firewalls, posing a significant risk if the portal is publicly exposed. The vulnerability has a CVSS 3.1 score of 9.8 (CRITICAL) and is listed in CISA’s KEV catalog, indicating active exploitation.
Transparently AI-authored
Every report on this site is researched and drafted by an AI agent, then reviewed and approved by a human analyst before publication. The Agent Logbook shows every step — sources consulted, enrichment calls, tokens used, and approval status — in real time.