// Cyber
Intel Feed

A vulnerability categorized as problematic has been discovered in its-a-feature Mythic . Impacted is an unknown function. The manipulation results in incorrect authorization. This vulnerability is ide…

A vulnerability identified as problematic has been detected in yahoo elide up to 7.1.17 . The affected element is an unknown function of the component Expressions Handler . This manipulation causes mi…

A vulnerability labeled as problematic has been found in iv-org Invidious up to 25.x . The impacted element is an unknown function of the component RSS Feed Playlist Endpoint . Such manipulation leads…

A vulnerability marked as problematic has been reported in PhotoPrism . This affects an unknown function of the component PUT Users API Endpoint . Performing a manipulation results in authorization by…

A vulnerability described as problematic has been identified in signoz up to 0.130.1 . This impacts an unknown function of the component Organization Handler . Executing a manipulation can lead to aut…

A vulnerability classified as problematic has been found in HiEventsDev Hi.Events up to 1.9.0 . Affected is an unknown function of the file /api/public/check-in-lists . The manipulation leads to expos…

A vulnerability classified as problematic was found in inovector mixpost up to 2.6.0 . Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. Thi…

A vulnerability, which was classified as critical , has been found in pinpoint-apm pinpoint up to 3.1.0 . Affected by this issue is some unknown functionality of the component Webhook Registration End…

A vulnerability, which was classified as critical , was found in signoz up to 0.130.1 . This affects the function url . Such manipulation leads to sql injection. This vulnerability is traded as CVE-20…

A vulnerability has been found in pinpoint-apm pinpoint up to 3.1.0 and classified as problematic . This vulnerability affects unknown code of the component Session Cookie Handler . Performing a manip…

A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension…

Federal Investment Shifts From Research Toward Implementation The Office of Management and Budget has issued a detailed road map requiring agencies to begin post-quantum cryptography implementation im…

Thousands of Victims Tricked Into Giving Attackers Account Access, Say Officials Russian military hackers, foiled by end-to-end encryption in Signal and WhatsApp, have compromised thousands of people …

Model Context Protocol Rewrite Leaves More Security Decisions to Developers The new MCP specifications fix a long-standing weakness in how AI agents authenticate to external tools, but security expert…

Threat actors are actively exploiting CVE-2026-46817, a critical unauthenticated remote takeover vulnerability in Oracle E-Business Suite (EBS), with live attack activity captured across honeypot infr…

A public proof-of-concept (PoC) exploit has been released for CVE-2026-20251, a high-severity remote code execution (RCE) vulnerability affecting Splunk Secure Gateway (SSG). The flaw, carrying a CVSS…

The U.S. Department of Justice (DOJ) has announced the seizure of nearly 400 domains used to illegally stream FIFA World Cup 2026 matches, marking a significant crackdown on global digital piracy netw…

Researchers at Mozilla’s Zero Day Investigative Network (0DIN) have demonstrated a proof-of-concept attack that shows how a completely clean-looking GitHub repository can trick AI-powered coding agent…

EvilTokens can keep serious account-takeover activity out of your SOC’s view by relying on “ghost” code that only surfaces after the browser decrypts it. Because of this, analysis that looks only at t…

WhatsApp introduces a new privacy update that lets users connect using unique handles, eliminating the need to share phone numbers with strangers or new group members. Earlier, we detailed that WhatsA…

The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to…

Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.

Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.

Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.