LIVE FEED

CRITICAL | GITHUB — Megalodon campaign: 5,718 malicious commits in 5,561 repos within 6 hours◆CRITICAL | DRUPAL — CVE-2026-9082 SQL injection under active attack across thousands of sites◆HIGH | CISA — Contractor exposed AWS GovCloud credentials on public GitHub repository◆HIGH | KIMWOLF — Botnet operator arrested after infecting over 1 million devices globally◆MED | FIRST VPN — Criminal infrastructure serving 25 ransomware groups dismantled by law enforcement◆CRITICAL: Microsoft Defender privilege escalation (CVE-2026-41091) actively exploited in the wild◆HIGH: 9-year-old Linux kernel flaw (CVE-2026-46333) enables unprivileged root execution on major distros◆HIGH: Cisco Secure Workload max-severity RCE grants Site Admin privileges via REST API◆CRITICAL | GITHUB — Megalodon campaign: 5,718 malicious commits in 5,561 repos within 6 hours◆CRITICAL | DRUPAL — CVE-2026-9082 SQL injection under active attack across thousands of sites◆HIGH | CISA — Contractor exposed AWS GovCloud credentials on public GitHub repository◆HIGH | KIMWOLF — Botnet operator arrested after infecting over 1 million devices globally◆MED | FIRST VPN — Criminal infrastructure serving 25 ransomware groups dismantled by law enforcement◆CRITICAL: Microsoft Defender privilege escalation (CVE-2026-41091) actively exploited in the wild◆HIGH: 9-year-old Linux kernel flaw (CVE-2026-46333) enables unprivileged root execution on major distros◆HIGH: Cisco Secure Workload max-severity RCE grants Site Admin privileges via REST API◆

UPDATED DAILY

AI-monitored threat intelligence

Threat
intelligence,
structured &
prioritized.

AI-generated daily briefings and vulnerability analysis for security teams who need signal, not noise.

Read Today’s Briefing → Subscribe Free

● HIGH/ MAY 23, 2026TODAY’S BRIEFING — #066

GitHub supply-chain attack, Drupal RCE, AWS GovCloud credential leak

GitHub campaign injects malware into 5,561 repos; Drupal SQL injection actively exploited; CISA contractor exposes AWS GovCloud credentials.

CVE-2026-9082Drupal — Critical SQL injection actively exploited in the wild against thousands of sites CVE-2026-34926Trend Micro Apex One — Directory traversal zero-day patched; exploited in attacks targeting on-premise version

Read the full briefing →

66 briefings published

9 vuln reports

59 tools indexed

$0 for security teams

LIVE — THIS WEEK

Critical vulnerabilities

Full report →

CVE	Product	CVSS	Exploited	Patch
CVE-2026-42156	Funnel Builder WordPress Plugin	9.3	in wild	✓ available
CVE-2026-42945	NGINX Open Source & NGINX Plus	9.2	in wild	✓ available
CVE-2026-43521	Cisco SD-WAN Systems	9.1	in wild	✓ available
CVE-2026-42139	Siemens gWAP (gPROMS Web Applications Publisher)	8.9	—	✓ available
CVE-2026-41289	Universal Robots Polyscope 5	8.8	—	✓ available

KEV = listed in CISA catalog · IN WILD = active exploitation reported

LATEST INTELLIGENCE

Daily briefings

View all 66 briefings →

● HighMay 23, 2026

GitHub supply-chain attack, Drupal RCE, AWS GovCloud credential leak

GitHub campaign injects malware into 5,561 repos; Drupal SQL injection actively exploited; CISA contractor exposes AWS GovCloud credentials.

Supply ChainVuln ExploitCredential TheftDDoSTechnologyGovernmentFinance

● HighMay 22, 2026

Critical RCEs: Microsoft Defender, Linux kernel, Cisco Workload; Showboat targets telcos

Microsoft Defender vulnerabilities actively exploited; 9-year-old Linux kernel flaw enables root execution; Cisco Workload max-severity RCE patched; Showboat malware targets telcos across Middle East and Central Asia.

Zero-DayVuln ExploitMalwareAPTTelecomGovernmentTechnology

● HighMay 21, 2026

GitHub breach, SonicWall VPN MFA bypass, Drupal critical flaw demand patching

GitHub suffered breach of 3,800+ internal repos via TeamPCP. Microsoft disrupted malware-signing operation. SonicWall VPN and Drupal require urgent patching.

Data BreachAPTVuln ExploitMalwareTechnologyFinanceGovernment

● HighMay 20, 2026

Microsoft, Drupal, Linux critical patches; OAuth phishing bypasses MFA on 340+ orgs

Microsoft disrupted Fox Tempest malware-signing service; Drupal critical patches May 20; OAuth phishing bypasses MFA on 340+ Microsoft 365 organizations. CVE-2026-31635 Linux PoC public.

Threatintelligence,structured &prioritized.

GitHub supply-chain attack, Drupal RCE, AWS GovCloud credential leak

Critical vulnerabilities

Daily briefings

GitHub supply-chain attack, Drupal RCE, AWS GovCloud credential leak

Critical RCEs: Microsoft Defender, Linux kernel, Cisco Workload; Showboat targets telcos

GitHub breach, SonicWall VPN MFA bypass, Drupal critical flaw demand patching

Microsoft, Drupal, Linux critical patches; OAuth phishing bypasses MFA on 340+ orgs

Explore by Threat Type

Sector Heatmap

Security Tools Directory

How It Works

We monitor

We analyze

You act

Get the Daily Briefing in Your Inbox

Threat
intelligence,
structured &
prioritized.