Threat Intelligence
A live, filtered feed of the most dangerous and urgent items, grouped by threat type.
// 71 ACTIVE THREATS · 0 IN THE LAST 24H
CRITICAL 6 Critical severity · CVSS ≥ 9.0 or pipeline-flagged
CRITICAL
SharePoint Critical RCE via Cryptographic Signature Flaw: The Token Danger
CRITICALSAP Patches CVSS 9.9 ABAP Kernel Bug: Mandatory Downtime or SAP GUI for HTML Breaks
CRITICALProgress Orders ShareFile Shutdown: Third Critical Incident in Three Years
CRITICALBeyondTrust Patches Four Critical Flaws: The AI That Finds Bugs Risks Becoming the Weapon That Exploits Them
CRITICALAdobe ColdFusion: 10 Critical CVEs With In-the-Wild RCE, Forced Update
CRITICALZimbra Patches Critical Stored XSS in Classic Web Client, Reported by Google TAG
ZERO-DAY 19 Actively exploited zero-days
ZERO-DAY
Delta Electronics DTM Soft: Project BIN Files Become RCE Attack Vector
ZERO-DAYZDI-26-416: Hyper-V netvsc.sys Bug Lets Local VM Attacker Escalate to Kernel
ZERO-DAYMSI Center: LPE Vulnerability in NTIOLib_X64.sys Kernel Driver
ZERO-DAYNVIDIA NeMo Framework: RCE Vulnerability in ML Checkpoints
ZERO-DAYG DATA Total Security: LPE in Backup Service, SYSTEM Compromised via Symlink
ZERO-DAYZDI-26-438: RCE in Rockwell Arena Simulation via DOE File, Patch Available
ZERO-DAYOpenSSL: Double-Free in OCSP Stapling — The Gap Between Theoretical Risk and Official Rating
ZERO-DAY7-Zip XZ Parser RCE Vulnerability: Opening an Archive Is Enough
ZERO-DAYMicrosoft July 2026 Patch Tuesday: Record Vulnerability Volume Forces a Reckoning
ZERO-DAYSonicWall SMA 1000: Two Actively Exploited Zero-Days and a Patch That Isn't Enough
ZERO-DAYSharePoint JWT Bypass and the AI Agent That Rewrites Zero-Day Discovery
ZERO-DAYFortiBleed: 75,000 Firewalls at Risk from Stolen Credentials, Not a Zero-Day
CVE 25 Advisories and patches with an assigned CVE
CVE
SharePoint Critical RCE via Cryptographic Signature Flaw: The Token Danger
CVESharePoint On-Premises Under Attack: Three Days to Patch Actively Exploited RCE
CVEDelta Electronics DTM Soft: Project BIN Files Become RCE Attack Vector
CVEX.Org Server: GLX Use-After-Free Bug Enables Local Root Escalation on Linux
CVEWindows WMI: ZDI-26-415 Vulnerability Allows Escalation to SYSTEM
CVEZDI-26-416: Hyper-V netvsc.sys Bug Lets Local VM Attacker Escalate to Kernel
CVEAdobe Creative Cloud Update Service Turned Into Privilege Escalation Weapon
CVEMSI Center: LPE Vulnerability in NTIOLib_X64.sys Kernel Driver
CVESynology DS925+: Pre-Auth Root RCE via Weak Redis Passwords — Patch Available
CVEG DATA Total Security: LPE in Backup Service, SYSTEM Compromised via Symlink
CVEOpenSSL: Double-Free in OCSP Stapling — The Gap Between Theoretical Risk and Official Rating
CVE7-Zip XZ Parser RCE Vulnerability: Opening an Archive Is Enough
EXPLOIT 19 PoC and exploits in the wild
EXPLOIT
SharePoint Critical RCE via Cryptographic Signature Flaw: The Token Danger
EXPLOITSharePoint On-Premises Under Attack: Three Days to Patch Actively Exploited RCE
EXPLOITDelta Electronics DTM Soft: Project BIN Files Become RCE Attack Vector
EXPLOITSynology DS925+: Pre-Auth Root RCE via Weak Redis Passwords — Patch Available
EXPLOITNVIDIA NeMo Framework: RCE Vulnerability in ML Checkpoints
EXPLOITZDI-26-438: RCE in Rockwell Arena Simulation via DOE File, Patch Available
EXPLOITOpenSSL: Double-Free in OCSP Stapling — The Gap Between Theoretical Risk and Official Rating
EXPLOIT7-Zip XZ Parser RCE Vulnerability: Opening an Archive Is Enough
EXPLOITPre-Auth RCE in Autel EV Chargers: OCPP Protocol Becomes Attack Vector
EXPLOITSonicWall SMA 1000: Two Actively Exploited Zero-Days and a Patch That Isn't Enough
EXPLOITCISA Adds Two Joomla Zero-Days to KEV Catalog: Deadline July 13
EXPLOITBeyondTrust Patches Four Critical Flaws: The AI That Finds Bugs Risks Becoming the Weapon That Exploits Them
ADVISORY 2 CISA, CERT-AgID and vendor advisories