Security Feed
Curated advisories, threat briefs & field intel — attributed, dated & severity-tagged. Kept deliberately separate from my own writing.
1. Executive summary The threat actor group "ShinyHunters" claims to have compromised over 100 organizations, including the University of Nottingham, by exploiting
1. Executive summary Threat actor UNC6240 (attributed publicly to "ShinyHunters") is actively exploiting CVE-2026-35273, a critical remote code execution vulnerability
1. Executive summary Threat actors are actively exploiting CVE-2026-5027, a high-severity (CVSS 8.8) path traversal vulnerability in the AI development
1. Executive summary Threat actors are actively exploiting CVE-2026-10520, a maximum-severity (CVSS 10.0) OS command injection vulnerability in Ivanti Sentry
1. Executive summary A native Windows URI handler (search:) contains an unpatched NTLM credential leakage vulnerability functionally identical to the recently patched Snipping Tool
1. Executive summary The source code for 'Miasma', a credential-stealing supply chain worm previously targeting Red Hat and Microsoft ecosystems, was
1. Executive summary The ShinyHunters extortion group claims to have compromised over 100 organizations by exploiting a "gadget chain" of legacy and
1. Executive summary Microsoft has released security updates addressing CVE-2026-42897, a high-severity Cross-Site Scripting (XSS) vulnerability in Microsoft Exchange Server
1. Executive summary ServiceNow has confirmed a security incident wherein threat actors exploited an unauthenticated access flaw in a specific API endpoint to query
Issuer: Adverse Trace Date issued: 2026-06-09 Version: 1.0 1. Executive summary The ransomware group "shinyhunters" has claimed responsibility for
Issuer: Adverse Trace Date issued: 2026-06-09 Version: 1.0 1. Executive summary Veeam has released patches for CVE-2026-44963, a critical
Issuer: Adverse Trace Date issued: 2026-06-09 Version: 1.0 1. Executive summary The "Miasma" supply-chain attack toolkit, previously used