OSINT & geopolitical
60 alerts in this category.
Open-source intelligence on threats outside the CVE ecosystem — geopolitical events, cyber-physical incidents, sanctions, and infrastructure attacks. Curated for security teams that need situational awareness alongside their patch queue.
SANS Internet Storm Center Advisory — May 14, 2026
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages.
MicrosoftFragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel
Bulletin ID: 2026-029-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 18:45 PM PDT This is an ongoing issue. Information is subject to change. Please refer to
LinuxCVE-2026-46300Ongoing updates on Copy.fail and variants
Bulletin ID: 2026-030-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 10:00 PM PDT This is an ongoing issue. This bulletin will be updated as more information
LinuxBeta Channel Update for ChromeOS / ChromeOS Flex
Google Chrome Releases published an advisory on "Beta Channel Update for ChromeOS / ChromeOS Flex". Topic areas: google, chrome, browser, patch. Published May 13, 2026. See the original source linked
GoogleFoxconn Confirms North American Factories Hit by Cyberattack
The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents. The post Foxconn Confirms North American Factories Hit by Cyberattack
Kubernetes v1.36: Advancing Workload-Aware Scheduling
AI/ML and batch workloads introduce unique scheduling challenges that go beyond simple Pod-by-Pod scheduling. In Kubernetes v1.35, we introduced the first tranche of workload-aware scheduling improvem
KubernetesCVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (Seve
CVE-2026-0259CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulne
CVE-2026-0251CVE-2026-0246 Prisma Access Agent: Local Privilege Escalation Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0246 Prisma Access Agent: Local Privilege Escalation Vulnerability (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulne
CVE-2026-0246CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (Severity: MEDIUM)". Topic areas:
CVE-2026-0250USN-8268-1: Dnsmasq vulnerabilities
Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write
UbuntuCVE-2026-2291Malwarebytes Labs Advisory — May 13, 2026
Malwarebytes Labs published an research on "Malwarebytes Labs Advisory — May 13, 2026". Topic areas: ransomware, malware, phishing, data-breach. Published May 13, 2026. See the original source linked
MicrosoftCVE-2026-40361Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
BleepingComputer published an news on "Foxconn confirms cyberattack claimed by Nitrogen ransomware gang". Topic areas: ransomware, malware, data-breach, zero-day. Published May 13, 2026. See the origi
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
The Hacker News published an news on "GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data". Topic areas: zero-day, malware, ransomware, data-breach. Published May 13, 2026.
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Microsoft Security Response Center published an advisory on "CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifac
CVE-2026-43895SANS Internet Storm Center Advisory — May 12, 2026
Today's Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. ]]>
MicrosoftCVE-2026-41103SANS Internet Storm Center Advisory — May 13, 2026
[This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor's degree in Applied Cybersecurity (BACS) program.] ]]>
GoogleDefense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark
Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH). The post Defense at AI speed: Microsoft’s new multi-model
MicrosoftCVE-2026-33827Rapid7 Blog Advisory — May 13, 2026
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Micr
MicrosoftCVE-2026-41089Signal adds security warnings for social engineering, phishing attacks
BleepingComputer published an news on "Signal adds security warnings for social engineering, phishing attacks". Topic areas: ransomware, malware, data-breach, zero-day. Published May 12, 2026. See the
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
BleepingComputer published an news on "Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator". Topic areas: ransomware, malware, data-breach, zero-day. Published May 12, 2026. Se
FortinetAndroid Adds Intrusion Logging for Sophisticated Spyware Forensics
The Hacker News published an news on "Android Adds Intrusion Logging for Sophisticated Spyware Forensics". Topic areas: zero-day, malware, ransomware, data-breach. Published May 13, 2026. See the orig
Cisco Talos Intelligence Advisory — May 12, 2026
Cisco Talos Intelligence published an research on "Cisco Talos Intelligence Advisory — May 12, 2026". Topic areas: malware, ransomware, zero-day, supply-chain. Published May 12, 2026. See the original
MicrosoftCVE-2026-32161New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN
Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without dela
IntelCVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent netw
CVE-2026-32161CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34350CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
AzureCVE-2026-41086Škoda warns of customer data breach after online shop hack
BleepingComputer published an news on "Škoda warns of customer data breach after online shop hack". Topic areas: ransomware, malware, data-breach, zero-day. Published May 12, 2026. See the original so
Fuji Electric Tellus
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of ser
CVE-2026-8108Subnet Solutions PowerSYSTEM Center
View CSAF Summary Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. The following versions of Subnet Sol
CVE-2026-26289ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
View CSAF Summary ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the
CVE-2025-4675ABB Automation Builder Gateway for Windows
View CSAF Summary ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers
CVE-2024-41975ABB AC500 V3 Multiple Vulnerabilities
View CSAF Summary ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who succ
OpenSSLCVE-2025-2595ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who s
CVE-2025-15467West Pharmaceutical Services Hit by Disruptive Ransomware Attack
The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware. The post West Pharmaceutical Services Hit by Disruptive Ransomware Attack appeared fir
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The post Free OnlyFans Lure Used to Spread Cross-Platform C
LinuxCopy.Fail Linux Vulnerability
This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC
LinuxANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation Workflows
Security teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introdu
IntelMay 2026 Security Update
Ivanti releases standard security patches on the second Tuesday of every month. In today’s rapidly evolving technology and threat landscape, we believe responsible transparency should be a cornerstone
IvantiSoftware Bill of Materials for AI - Minimum Elements
CISA and the Group of Seven (G7) international partners—Germany, Canada, France, Italy, Japan, the United Kingdom, and the European Union—have released joint guidance, Software Bill of Materials for A
IntelApple Patches Dozens of Vulnerabilities in macOS, iOS
The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS. The post Apple Patches Dozens of Vulnerabilities in macOS, iOS appeared first on SecurityWe
AppleSANS Internet Storm Center Advisory — May 11, 2026
Apple today released its typical feature update across it's operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. Upd
AppleCVE-2025-43524Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M for Awareness and Training Platform app
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advan
Long Term Support Channel Update for ChromeOS
Google Chrome Releases published an advisory on "Long Term Support Channel Update for ChromeOS". Topic areas: google, chrome, browser, patch. Published May 11, 2026. See the original source linked und
GoogleCVE-2026-3921USN-8267-1: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary
LinuxCVE-2026-23268GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations
Google11th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure, the US education technology company behin
MicrosoftCVE-2026-4670VU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation
Overview dnsmasq is affected by multiple memory safety and input validation vulnerabilities, including heap buffer overflows, heap corruption, and code execution flaws. Collectively, these vulnerabili
AWSCVE-2026-2291USN-8266-1: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary
LinuxCVE-2026-23268VU#937808: Casdoor contains Arbitrary File Write vulnerability
Overview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authentic
CVE-2026-6815Instructure confirms hackers used Canvas flaw to deface portals
BleepingComputer published an news on "Instructure confirms hackers used Canvas flaw to deface portals". Topic areas: ransomware, malware, data-breach, zero-day. Published May 11, 2026. See the origin
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In Mar
LinuxCVE-2025-55182CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
Microsoft Security Response Center published an advisory on "CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE". Topic areas: microsoft, windows, azure, patch. Published May 11, 2026. Se
CVE-2025-21833USN-8265-1: Linux kernel (NVIDIA Tegra) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En
LinuxCVE-2024-36347Skoda Data Breach Hits Online Shop Customers
Using a vulnerability in the portal, hackers accessed names, addresses, email addresses, and phone numbers. The post Skoda Data Breach Hits Online Shop Customers appeared first on SecurityWeek. ]]>
Over 500 Organizations Hit in Years-Long Phishing Campaign
Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors. The post Over 500 Organizations Hit in Years-Long Phishing Campaign appeare
Hackers abuse Google ads, Claude.ai chats to push Mac malware
BleepingComputer published an news on "Hackers abuse Google ads, Claude.ai chats to push Mac malware". Topic areas: ransomware, malware, data-breach, zero-day. Published May 10, 2026. See the original
GoogleCVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Microsoft Security Response Center published an advisory on "CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil". Topic areas: microsoft, win
CVE-2026-39825
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan