Threat Intelligence

Intel Feed

Aggregated threat intelligence from GTI, Cybernews, CISA, BleepingComputer, and more. Wire up your RSS sources and refresh.

Ready — configure your RSS sources in the sidebar, then refresh
Today · Mar 25, 2026
GTI CRITICAL 2h ago
New zero-day in widely deployed VPN client — active exploitation observed in the wild
Google Threat Intelligence reports active exploitation of a heap overflow in a major enterprise VPN client. Patch not yet available. Mitigations and IOCs included.
CISA HIGH 4h ago
CISA adds three new vulnerabilities to Known Exploited Vulnerabilities Catalog
Three new CVEs added to the KEV catalog, including vulnerabilities in widely deployed network devices. Federal agencies required to patch by April 8.
Cybernews HIGH 6h ago
Ransomware group deploys new encryptor variant targeting ESXi hypervisors
A new encryptor variant with improved anti-analysis capabilities is being deployed by a known ransomware group, specifically targeting VMware ESXi environments in the finance sector.
 Yesterday · Mar 24, 2026
BleepingComputer MEDIUM 1d ago
Credential stuffing campaign targeting SaaS platforms uses 3.5B leaked records
A large-scale credential stuffing operation leveraging a recent data breach compilation has been hitting SaaS login pages with high velocity. Affected vendors listed.
NVD CRITICAL 9.8 1d ago
CVE-2026-1337: Remote code execution in OpenSSH via pre-auth memory corruption
CVSS 9.8. Pre-authentication memory corruption vulnerability in OpenSSH versions prior to 9.7p1. Patch immediately. PoC reportedly circulating privately.
Krebs ANALYSIS 1d ago
Inside the infrastructure of a prolific cybercrime-as-a-service operation
An in-depth investigation tracing the bulletproof hosting, money mule networks, and front companies behind one of the most active CaaS operations of the past two years.
NCSC ADVISORY 1d ago
NCSC advisory: state-sponsored actor targeting critical national infrastructure
Joint advisory from NCSC and CISA regarding a state-sponsored threat actor conducting reconnaissance and pre-positioning against UK and US critical infrastructure operators.
 Mar 23, 2026
GTI HIGH 2d ago
New threat actor profile: APT-UNC4822 targets semiconductor supply chain
Google Threat Intelligence has published a new threat actor profile on UNC4822, a cluster conducting long-term intrusions against semiconductor design firms in Southeast Asia.
Cybernews MEDIUM 2d ago
Exposed Kubernetes dashboards serving as initial access vectors in cloud compromises
Researchers identified thousands of publicly exposed Kubernetes dashboards being actively scanned. Several confirmed as entry points in recent cloud-native breaches.