Defense and military organizations face the most sophisticated threat actors in the cybersecurity landscape, including nation-state espionage programs targeting classified information, weapons systems, and defense supply chains. defend.network tracks threats to the defense industrial base, military networks, and cleared contractor environments.
Critical vulnerabilities in Palo Alto Networks and Ivanti EPMM under active exploitation. PCPJack credential stealer worm targeting cloud infrastructure. Russian state actors harvesting Office tokens via router compromise.
Critical vulnerabilities in vm2, Palo Alto firewalls, and DAEMON Tools combined with Russian military intelligence token harvesting and Iranian APT false-flag campaigns demand immediate patching and investigation.
Critical vulnerabilities in Apache HTTP/2 and MetInfo CMS, supply-chain compromise of DAEMON Tools, and persistent OAuth backdoors require immediate response.
Critical vulnerabilities in cPanel and MOVEit, widespread RMM-based phishing compromising 80+ organizations, and supply-chain malware in PyTorch Lightning demand immediate patching and credential rotation.
Critical Linux root access vulnerability added to CISA KEV with active exploitation confirmed. Multiple critical threats including cPanel mass-exploitation, source code breaches, and state-sponsored APT campaigns.
Critical cPanel RCE exploited for ransomware; Russian military harvesting Office tokens; 30K Facebook accounts compromised; Trellix source code breached; automated Azure OAuth attacks.
Critical vulnerabilities, state-sponsored token harvesting, large-scale phishing operations, and coordinated SaaS extortion attacks demand immediate defensive action across government and technology sectors.
Critical RCE vulnerabilities in GitHub and Hugging Face, destructive VECT 2.0 ransomware, Russian token harvesting, and BlueNoroff deepfake attacks demand immediate defensive action.
Critical threats include FIRESTARTER backdoor persistence on federal Cisco devices, Russian military token theft via router exploitation, Chinese APT GopherWhisper attacks, and four actively exploited CISA KEV vulnerabilities with May 2026 federal patching deadline.
FIRESTARTER backdoor persists on federal Cisco infrastructure despite patches; Russian state actors harvesting Office tokens via router exploits; four critical CVEs added to CISA KEV with May 2026 deadline; APT campaigns targeting U.S. defense sector; AI-powered phishing escalates to personalized 1-to-1 attacks.
FIRESTARTER backdoor persists on federal Cisco infrastructure despite patches. Russian military intelligence harvesting Office tokens via router exploits. Chinese APT targeting NASA and defense sector with spear-phishing. AI-powered phishing and FakeWallet credential theft escalating.
Critical Microsoft Defender zero-days actively exploited, 68% of cloud breaches from unmanaged service accounts, Russian state actors harvesting Office tokens, protobuf.js RCE with public exploit, APT28 targeting Ukrainian government.
Critical Microsoft Defender zero-days under active exploitation, 68% of cloud breaches from unmanaged service accounts, and Russian state-sponsored token harvesting campaigns demand immediate action.
Critical zero-day exploits in Microsoft Defender and Apache ActiveMQ, Russian state-sponsored token harvesting, and sophisticated ransomware evasion techniques pose immediate threats requiring emergency patching and threat hunting.
Critical Microsoft zero-days under exploitation, Russian state hackers harvesting Office tokens via routers, and 220K users compromised by Mirax RAT. Supply-chain risks escalating across PHP and development ecosystems.
Critical Adobe zero-day under active exploitation, Russian state-sponsored token harvesting, and APT37 social engineering campaigns compound with AI-powered vulnerability discovery threats.
Critical Adobe Reader zero-day, CPUID supply-chain compromise distributing STX RAT, Russian APT harvesting Office tokens via router exploits, and Iranian actors targeting 4,000+ U.S. industrial control systems.
Critical threats span Iranian PLC targeting, Russian token harvesting, Marimo RCE exploitation within 10 hours, and GlassWorm IDE infections. Immediate patching and detection deployment required.
APT28 deploys PRISMEX malware targeting NATO allies; 13-year-old ActiveMQ RCE and Russian router-based token theft critical; new botnets and healthcare ransomware disruptions.
Russian APT28 conducting large-scale DNS hijacking via compromised routers for token theft; Iranian hackers targeting U.S. critical infrastructure PLCs; critical Docker and Flowise vulnerabilities under active exploitation.
State-sponsored APT campaigns targeting Microsoft 365 and supply chains escalate with GitHub C2 usage and zero-day exploits deployed within 24 hours of breach.
Nation-state campaigns targeting European governments and supply chain infrastructure. TA416 resumes targeting with PlugX. North Korean UNC1069 compromises Axios npm. Device code phishing surges 37x.
Critical zero-day in TrueConf, resurgent Chinese APT targeting European governments, North Korean npm supply chain compromise, and third-party vendor breaches require immediate response
Critical Citrix vulnerability actively exploited, Axios npm supply chain attack spreading RAT, OpenAI vulnerabilities enabling data theft, state-sponsored APT operations escalating against telecom and healthcare sectors
FBI Director's email breached by Iran-linked hackers; critical Citrix and F5 vulnerabilities under active exploitation; wiper attacks target Stryker; nation-state exploit kits leaked publicly.
Iran-linked actors breached FBI Director Kash Patel's email and launched wiper attacks on Stryker. Critical Citrix and F5 vulnerabilities under active exploitation with no patches available.
AI-powered autonomous cyber espionage, device code phishing at 340+ organizations, and critical infrastructure vulnerabilities require immediate defensive action across all sectors.
Russian intelligence conducting mass Signal/WhatsApp phishing; critical Oracle RCE vulnerability; Trivy supply-chain attack spreads CanisterWorm across 47+ npm packages; VoidStealer bypasses Chrome encryption; Iran-backed wiper attacks on medical technology.
Critical Oracle RCE, Russian state-sponsored phishing, Trivy supply-chain worm, and Iran-backed healthcare wiper attacks demand immediate emergency response and patching across enterprise infrastructure.
Critical vulnerabilities in Oracle Identity Manager and Langflow actively exploited; Trivy supply chain attack escalates with CanisterWorm across 47 npm packages; Russian intelligence phishing campaigns compromise thousands.
This week presents an exceptionally high-risk threat landscape dominated by active exploitation campaigns and critical infrastructure vulnerabilities. Federal agencies face an immediate Sunday deadlin
This week presents elevated risk from actively exploited vulnerabilities across network infrastructure, IoT devices, and enterprise software. Immediate patching is required for Cisco Firepower/ASA dev
This week presents elevated risk across OT/ICS sectors with multiple critical RCE vulnerabilities in industrial control systems and emerging threats to cloud infrastructure. Active exploitation of Mic
This week presents an elevated threat landscape dominated by actively exploited critical vulnerabilities in both IT and OT environments. Iranian-affiliated threat actors are actively targeting US crit
This week presents elevated risk with five critical vulnerabilities actively exploited in the wild, including FortiClient EMS and video conferencing systems requiring immediate patching. Organizations
This week reflects sustained critical threats across OT/ICS and enterprise systems with multiple actively exploited vulnerabilities. F5 BIG-IP APM (CVE-2025-53521) and Citrix NetScaler (CVE-2026-3055)
Subscribe free and never miss a threat briefing.