Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CISA KEV Threat Intel Orchestrator
0

The CISA KEV Threat Intel Orchestrator is an automation pipeline that transforms newly weaponized vulnerabilities listed in the CISA Known Exploited Vulnerabilities (KEV) catalog into production-ready Sigma detection rules. It automates a process that typically takes security teams several hours per vulnerability, generating detection rules weekly and delivering them via email and logging them for audit purposes. This tool is designed to improve efficiency in vulnerability detection and response workflows but is not itself a vulnerability or threat.

Join the discussion
The Replicant in Your Directory: AI Agents and the Identity Security Gap
0

This threat highlights the security challenges posed by the rapid growth of non-human identities such as AI agents, service accounts, and machine identities within enterprise environments. These identities often outnumber human users and do not follow traditional identity lifecycle management, making it difficult for organizations to track ownership, permissions, and access. The expansion of trusted machine identities increases the attack surface and complicates governance, as these identities can inherit permissions, create additional identities, and operate at machine speed. Despite stronger governance practices, organizations with significant AI-driven identity growth have experienced higher breach rates. The core issue is the identity security gap where existing identity governance frameworks, designed for humans, are insufficient for managing AI and machine identities effectively.

MediumVulnerability
Join the discussion
CVE-2025-12127CVE-2025-12127
0

CVE-2025-12127 is a vulnerability record that has been rejected and contains no technical details or description. There is no information on affected versions, impact, or remediation.

Join the discussion
MAL-2026-10117: Malicious code in nodemon-slint (npm)
0

The nodemon-slint package on npm contains malicious code that fully compromises any computer on which it is installed or running. The compromise may allow an attacker full control over the affected system. Removal of the package does not guarantee elimination of all malicious software introduced. Immediate rotation of all secrets and keys stored on the compromised machine is strongly advised.

Join the discussion
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security UpdateCVE-2026-59725
0

Red Hat has issued a security advisory for its Hardened Images RPMs, specifically addressing vulnerabilities in the dotnet8.0 packages. The update includes multiple RPMs for aarch64 and x86_64 architectures. The advisory references two CVEs, including CVE-2026-59725, and provides updated package versions to mitigate these issues. No explicit patch versions are stated as affected or fixed in the advisory. No known exploits in the wild have been reported. The severity is assessed as high by the vendor.

Join the discussion
The Hidden Security Risks of Reduced Summer IT Coverage
0

This report discusses the security risks associated with reduced IT staffing during summer vacations, emphasizing that security operations continue despite lower personnel availability. It highlights how AI-driven automation can help maintain consistent security operations and reduce dependence on manual processes throughout the year.

LowVulnerability
Join the discussion
Zimbra urges customers to patch critical web client XSS flaw
0

A critical cross-site scripting (XSS) vulnerability affects the Classic Web Client of the Zimbra Collaboration suite. The Zimbra security team has urged customers to apply patches to address this flaw. No specific affected versions or patch details are provided in the available information. The vulnerability could allow attackers to execute malicious scripts in the context of the web client, potentially impacting user interactions.

CriticalVulnerability#web#xss
Join the discussion
CVE-2026-56813: CWE-141 Improper Neutralization of Parameter/Argument Delimiters in elixir-plug plugCVE-2026-56813
0

CVE-2026-56813 is a vulnerability in the elixir-plug plug library where improper neutralization of the ';' delimiter in HTTP cookie attributes allows attackers to inject or override cookie attributes. This occurs because the Plug.Conn.Cookies.encode/2 function directly interpolates cookie values and attributes into the Set-Cookie header without sanitizing the ';' character. Exploitation can lead to cookie tossing and session fixation by altering cookie scope or security flags. The vulnerability affects multiple versions of plug prior to specific fixed releases. The CVSS score is low, reflecting limited impact and attack complexity.

Join the discussion
CVE-2026-54470: CWE-611: Improper Restriction of XML External Entity Reference in Dell Unisphere for PowerMaxCVE-2026-54470
0

Dell Unisphere for PowerMax versions 10.3.0.5 and earlier contain an XML External Entity (XXE) vulnerability (CWE-611). This vulnerability allows a low privileged attacker with remote access to potentially gain unauthorized access. The CVSS score is 5.3, indicating medium severity. No patch or official remediation has been confirmed yet.

Join the discussion
CVE-2026-54469: CWE-502: Deserialization of Untrusted Data in Dell Unisphere for PowerMaxCVE-2026-54469
0

Dell Unisphere for PowerMax versions 10.3.0.5 and earlier contain a deserialization of untrusted data vulnerability. This flaw allows a low privileged remote attacker to potentially execute arbitrary commands with root privileges. The vulnerability is classified as CWE-502 and has a high severity CVSS score of 8.8. No official patch or remediation guidance has been provided yet by the vendor.

Join the discussion

Showing 1 to 10 of 10228 results

Page 1 of 1023
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses