Krypteia Sec
Cyber Threat Intelligence

Threat Intel Briefs

Daily intelligence reports on emerging cyber threats, critical vulnerabilities, AI security risks, and threat actor operations. Published every morning at 07:00 UTC.

June 3, 202611 min read
TLP:CLEAR
CTI-2026-0603

Daily Threat Intelligence Brief - June 3, 2026

Google patches actively exploited Android zero-day CVE-2025-48595 in 124-flaw update; CISA adds Linux CVE-2022-0492 and Oracle WebLogic CVE-2024-21182 to KEV; ShinyHunters claims 275M records via Instructure Canvas; OX Security exposes systemic MCP tool-poisoning flaw across all Anthropic SDK languages.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
June 2, 202612 min read
TLP:CLEAR
CTI-2026-0602

Daily Threat Intelligence Brief - June 2, 2026

Oracle WebLogic CVE-2024-21182 added to CISA KEV; Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) exploited by UAT-8616; Microsoft Exchange zero-day CVE-2026-42897 under active attack; ShinyHunters claims 275M education records; joint OpenAI/Anthropic/DeepMind study bypasses 12 prompt-injection defenses at over 90 percent.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
June 1, 202612 min read
TLP:CLEAR
CTI-2026-0601

Daily Threat Intelligence Brief - June 1, 2026

Microsoft Exchange OWA zero-day CVE-2026-42897 (CVSS 8.1) exploited with no permanent patch; PAN-OS GlobalProtect CVE-2026-0257 and Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) under active attack; Semantic Kernel prompt-injection RCE CVEs (CVE-2026-25592, CVE-2026-26030); ShinyHunters claims 275M records from Canvas/Instructure education breach.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 31, 202614 min read
TLP:CLEAR
CTI-2026-0531

Daily Threat Intelligence Brief - May 31, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange OWA zero-day CVE-2026-42897 under active attack with no permanent patch; ShinyHunters claims 275M records from Canvas education breach; Langflow CVE-2026-33017 and n8n CVE-2026-21858 (CVSS 10.0) drive an AI-agent RCE wave across 7,000+ exposed MCP servers.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 30, 202614 min read
TLP:CLEAR
CTI-2026-0530

Daily Threat Intelligence Brief - May 30, 2026

Microsoft Exchange OWA zero-day CVE-2026-42897 exploited with no patch, cPanel CVE-2026-41940 (CVSS 9.8) compromises 44,000+ servers, Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) auth bypass, ShinyHunters claims 275M education records via Canvas, and 40+ MCP CVEs expose the agentic AI supply chain.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 29, 202616 min read
TLP:CLEAR
CTI-2026-0529

Daily Threat Intelligence Brief - May 29, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange OWA CVE-2026-42897 under active exploitation, Microsoft Semantic Kernel prompt-injection RCE (CVE-2026-25592/26030), Defender RedSun and UnDefend zero-days fueling ransomware, and ShinyHunters' 275M-record Canvas breach top today's findings.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 28, 202614 min read
TLP:CLEAR
CTI-2026-0528

Daily Threat Intelligence Brief - May 28, 2026

CISA adds Daemon Tools embedded malware CVE-2026-8398 to KEV; Ivanti EPMM CVE-2026-6973 under active exploitation; Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange CVE-2026-42897 still being weaponized; BlueRock finds 36.7% of 7,000 surveyed MCP servers SSRF-vulnerable; Iranian APT disrupts Rockwell PLCs across US water and energy.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 27, 202612 min read
TLP:CLEAR
CTI-2026-0527

Daily Threat Intelligence Brief - May 27, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Defender zero-days RedSun/UnDefend hit KEV; ShinyHunters ransomware breaches Instructure exposing 275M records; Salt Typhoon now in 600 telcos across 80 countries; agentic AI flaw CVE-2026-32173 exposes Azure SRE Agent.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 26, 202612 min read
TLP:CLEAR
CTI-2026-0526

Daily Threat Intelligence Brief - May 26, 2026

Exchange OWA zero-day CVE-2026-42897 under active exploitation, Cisco SD-WAN CVE-2026-20182 CVSS 10.0, MCP protocol design flaw exposes 150M downloads, ShinyHunters claims 275M Canvas records, Azure SRE Agent CVE-2026-32173 leaks live command streams.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 25, 202614 min read
TLP:CLEAR
CTI-2026-0525

Daily Threat Intelligence Brief - May 25, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) under active exploit, Exchange CVE-2026-42897 zero-day, ShinyHunters claims 275M Instructure/Canvas records across 8,809 institutions, LiteLLM PyPI supply-chain compromise, CISA adds 10 KEV entries in May.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 24, 202610 min read
TLP:CLEAR
CTI-2026-0524

Daily Threat Intelligence Brief - May 24, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange CVE-2026-42897 under active exploit; ShinyHunters claims 275M Instructure/Canvas records; Microsoft Defender zero-days enable SYSTEM access; Nightmare-Eclipse drops 6 Windows zero-days; agentic AI prompt-injection success rates exceed 85%.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 23, 202611 min read
TLP:CLEAR
CTI-2026-0523

Daily Threat Intelligence Brief - May 23, 2026

CISA adds 10 KEV entries this week including Cisco SD-WAN CVE-2026-20182 and Langflow CVE-2025-34291, Microsoft Exchange zero-day CVE-2026-42897 under active exploitation, Instructure breach exposes 240M student records, MCP server crisis spreads with 200K servers vulnerable, Microsoft patches 118 flaws with 16 Critical.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 22, 202612 min read
TLP:CLEAR
CTI-2026-0522

Daily Threat Intelligence Brief - May 22, 2026

CISA adds Trend Micro Apex One CVE-2026-34926 and Langflow CVE-2025-34291 to KEV, Cisco SD-WAN CVE-2026-20182 hits CVSS 10.0, ShinyHunters claims 275M record Instructure Canvas breach, Azure SRE Agent CVE-2026-32173 exposes agentic AI attack surface, Salt Typhoon persistence in US networks confirmed.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 21, 202611 min read
TLP:CLEAR
CTI-2026-0521

Daily Threat Intelligence Brief - May 21, 2026

CISA adds 7 KEV entries May 20; Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) exploited; Exchange zero-day CVE-2026-42897 unpatched; Foxconn 11M files stolen; Instructure Canvas breach exposes 275M students; 36.7% of MCP servers vulnerable to SSRF.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 20, 202612 min read
TLP:CLEAR
CTI-2026-0520

Daily Threat Intelligence Brief - May 20, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Ivanti EPMM CVE-2026-6973 added to CISA KEV; Instructure Canvas breach exposes 275M records; Iranian APTs disrupt US PLCs; MCP design flaw threatens 150M downloads.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 19, 202613 min read
TLP:CLEAR
CTI-2026-0519

Daily Threat Intelligence Brief - May 19, 2026

Microsoft Exchange zero-day CVE-2026-42897 and Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) under active exploitation; Ivanti EPMM CVE-2026-6973 RCE in the wild; ShinyHunters extorts Instructure for 3.65TB of Canvas data covering 275 million student records; nginx-ui MCP flaw CVE-2026-33032 (CVSS 9.8) threatens 2,600+ agentic AI deployments.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 18, 202611 min read
TLP:CLEAR
CTI-2026-0518

Daily Threat Intelligence Brief - May 18, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) hits KEV, ShinyHunters exfiltrates 275M records from Canvas/Instructure, Anthropic MCP flaw exposes 7,000+ servers and 150M+ downloads, Foxconn confirms Nitrogen ransomware breach, Salt Typhoon active in 80+ countries.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 17, 202611 min read
TLP:CLEAR
CTI-2026-0517

Daily Threat Intelligence Brief - May 17, 2026

Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) federal patch deadline today, Anthropic MCP RCE flaw exposes 200,000 AI agent servers, ShinyHunters Canvas breach hits 275M records, Iranian APT disrupts US PLCs, Google detects first AI-generated zero-day.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 16, 202612 min read
TLP:CLEAR
CTI-2026-0516

Daily Threat Intelligence Brief - May 16, 2026

Linux CVE-2026-31431 added to CISA KEV, Microsoft patches 120 flaws including CVE-2026-41089 Netlogon RCE (CVSS 9.8), Instructure Canvas breach hits 275 million users via ShinyHunters, Google detects first AI-developed 2FA bypass zero-day, Foxconn hit by Nitrogen ransomware.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 15, 202612 min read
TLP:CLEAR
CTI-2026-0515

Daily Threat Intelligence Brief - May 15, 2026

Cisco SD-WAN zero-day CVE-2026-20182 added to KEV, Foxconn confirms Nitrogen ransomware breach of 11M files, Anthropic MCP design flaw threatens 7,000+ servers, Microsoft patches 118 CVEs with no zero-days.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 14, 202613 min read
TLP:CLEAR
CTI-2026-0514

Daily Threat Intelligence Brief - May 14, 2026

Linux kernel LPE CVE-2026-31431 hits KEV deadline today, Microsoft ships 120-flaw Patch Tuesday including Azure DevOps CVSS 10.0, Canvas/Instructure breach reaches 275M users, prompt injection detections surge 32% across agentic AI platforms.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 13, 202612 min read
TLP:CLEAR
CTI-2026-0513

Daily Threat Intelligence Brief - May 13, 2026

Microsoft May Patch Tuesday fixes 120 CVEs including 17 critical RCEs (CVE-2026-41089 Netlogon, CVE-2026-41096 DNS Client). Palo Alto PAN-OS firewall RCE (CVE-2026-0300) under active exploitation. Ivanti EPMM zero-day (CVE-2026-6973) added to CISA KEV. ShinyHunters claims 3.65TB Canvas LMS theft hitting 275M users. BerriAI LiteLLM and Anthropic MCP SDK flaws expand the agentic AI attack surface.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 12, 202613 min read
TLP:CLEAR
CTI-2026-0512

Daily Threat Intelligence Brief - May 12, 2026

CISA flags LiteLLM pre-auth SQL injection CVE-2026-42208 (CVSS 9.3) exploited within 36 hours; Ivanti EPMM CVE-2026-6973 RCE under active attack; Linux kernel CVE-2026-31431 LPE rooted via 732-byte script; ShinyHunters Canvas breach exposes 275M records across 8,809 institutions.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 11, 202612 min read
TLP:CLEAR
CTI-2026-0511

Daily Threat Intelligence Brief - May 11, 2026

ShinyHunters Canvas LMS breach hits 275M users across 8,809 institutions. CISA adds Linux CVE-2026-31431, LiteLLM CVE-2026-42208 (CVSS 9.8), and PAN-OS CVE-2026-0300 to KEV. Microsoft Semantic Kernel RCE via prompt injection (CVE-2026-25592, CVE-2026-26030). Salt Typhoon active in 80 countries.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 10, 202612 min read
TLP:CLEAR
CTI-2026-0510

Daily Threat Intelligence Brief - May 10, 2026

Palo Alto PAN-OS CVE-2026-0300 root RCE under active exploit, Linux kernel CVE-2026-31431 LPE added to KEV, Ivanti EPMM CVE-2026-6973 zero-day, ShinyHunters Canvas breach hits 275M records, Iranian APT disrupts US critical infrastructure PLCs.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 9, 202611 min read
TLP:CLEAR
CTI-2026-0509

Daily Threat Intelligence Brief - May 9, 2026

Palo Alto PAN-OS RCE (CVE-2026-0300) and Ivanti EPMM zero-day (CVE-2026-6973) under active exploitation, ShinyHunters claims 275M records from Instructure Canvas breach, Microsoft discloses RCE class in AI agent frameworks, Google reports 32% rise in indirect prompt injection payloads.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 8, 202614 min read
TLP:CLEAR
CTI-2026-0508

Daily Threat Intelligence Brief - May 8, 2026

ShinyHunters extorts Instructure Canvas (275M records, 9,000 schools), CVE-2026-0300 PAN-OS root RCE actively exploited, Salt Typhoon hits Italy's Sistemi Informativi, Anthropic Claude Code Security Review action leaks API keys via PR-title prompt injection, FortiClient EMS CVE-2026-35616 added to CISA KEV.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 7, 202613 min read
TLP:CLEAR
CTI-2026-0507

Daily Threat Intelligence Brief - May 7, 2026

Linux LPE CVE-2026-31431 added to KEV, Palo Alto firewall zero-day CVE-2026-0300 under active exploitation, ShinyHunters claims 275M Instructure Canvas records, MCP server study finds 36.7% vulnerable to SSRF, MuddyWater pivots to false-flag ransomware via Teams.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 6, 202613 min read
TLP:CLEAR
CTI-2026-0506

Daily Threat Intelligence Brief - May 6, 2026

Linux Copy Fail (CVE-2026-31431) on CISA KEV, cPanel auth bypass CVE-2026-41940 (CVSS 9.8) hits 1.5M servers, MCP design flaw exposes 200,000+ AI agent servers to RCE, Salt Typhoon and Iranian APTs active in critical infrastructure, Qilin ransomware claims General Hardware.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 5, 202614 min read
TLP:CLEAR
CTI-2026-0505

Daily Threat Intelligence Brief - May 5, 2026

CISA flags Linux kernel CVE-2026-31431 and Windows NTLM-leak CVE-2026-32202 as actively exploited; Iran-affiliated APT disrupts US PLCs across water and energy; Fiserv, Nike, Brightspeed and England Hockey listed by ransomware crews; agentic AI memory-poisoning attacks hit 380 documented incidents with >85% success rates.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 4, 20269 min read
TLP:CLEAR
CTI-2026-0504

Daily Threat Intelligence Brief - May 4, 2026

FortiClient EMS CVE-2026-35616 (CVSS 9.8) actively exploited; Linux kernel CVE-2026-31431 in CISA KEV; Unit42 documents 22 in-the-wild AI agent prompt injection techniques; Fiserv breach claimed by Everest; Qilin leads ransomware volume.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 2, 202613 min read
TLP:CLEAR
CTI-2026-0502

Daily Threat Intelligence Brief - May 2, 2026

cPanel CVE-2026-41940 actively exploited with 44K scanning IPs, Microsoft April Patch Tuesday fixes 167 flaws including SharePoint zero-day CVE-2026-32201, Anthropic MCP design flaw exposes 200,000 AI agent instances, Medtronic confirms 9M record breach by ShinyHunters, Iranian APTs continue targeting US water and energy OT systems.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
May 1, 202615 min read
TLP:CLEAR
CTI-2026-0501

Daily Threat Intelligence Brief - May 1, 2026

CISA adds cPanel CVE-2026-41940 to KEV after months of silent exploitation, Vercel breach via Context.ai exposes 200K+ MCP servers downstream, SharePoint zero-day CVE-2026-32201 still unpatched on 1,300 servers, Iranian APTs disrupt US PLCs, ShinyHunters hits Rockstar Games.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 30, 202613 min read
TLP:CLEAR
CTI-2026-0430

Daily Threat Intelligence Brief - April 30, 2026

Anthropic MCP design RCE exposes 200K AI agent servers, LiteLLM SQL injection (CVE-2026-42208) weaponized in 36 hours, Carnival ransomware exposes 8.7M records, Iranian APT hits US OT/ICS, Marimo pre-auth RCE (CVE-2026-39987) added to CISA KEV.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 29, 202616 min read
TLP:CLEAR
CTI-2026-0429

Daily Threat Intelligence Brief - April 29, 2026

CISA confirms active exploitation of Windows Shell CVE-2026-32202 (NTLM coercion via LNK) and ConnectWise ScreenConnect CVE-2024-1708 in same-day KEV add; Cisco Catalyst SD-WAN flaw CVE-2026-20133 weaponized in attacks; Robinhood account-creation flaw abused for SPF/DKIM-passing phishing; Vercel breach traced to Context.ai OAuth supply chain compromise; ADT breach exposes 5.5M customers via vished Okta SSO; Lazarus subgroup TraderTraitor linked to $290M KelpDAO heist.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 28, 202614 min read
TLP:CLEAR
CTI-2026-0428

Daily Threat Intelligence Brief - April 28, 2026

Microsoft patches 167 flaws including SharePoint zero-day CVE-2026-32201; Fortinet FortiClient EMS RCE (CVE-2026-35616, CVSS 9.8) actively exploited; Anthropic MCP design flaw threatens 7,000+ servers and 150M+ downloads across the AI supply chain; France Titres breach exposes 19M records; CISA flags Chinese state-sponsored router compromise campaign.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 27, 202622 min read
TLP:CLEAR
CTI-2026-0427

Daily Threat Intelligence Brief - April 27, 2026

Scattered Spider + DragonForce attribution confirmed for the Marks & Spencer ransomware attack (NTDS.dit theft, ESXi encryption, Co-op and Harrods linked), CISA sets April 27 deadline for six new KEV entries (Fortinet, Microsoft, Adobe), CVE-2026-20133 Cisco Catalyst SD-WAN Manager actively exploited, FortiClient EMS CVE-2026-35616 (CVSS 9.8) under hotfix, MCP supply chain remains unpatched at the protocol layer.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 26, 202617 min read
TLP:CLEAR
CTI-2026-0426

Daily Threat Intelligence Brief - April 26, 2026

Anthropic MCP design RCE shakes AI supply chain (8,000+ exposed servers, 43% command-exec vulnerable), DOJ disrupts APT28 FrostArmada router botnet (18,000 IPs in 120 countries), ShinyHunters claims Abrigo 1.75M records, Chrome WebGPU zero-day CVE-2026-5281 in active exploitation, French government breach exposes 600M log lines.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 25, 202612 min read
TLP:CLEAR
CTI-2026-0425

Daily Threat Intelligence Brief - April 25, 2026

Marimo CVE-2026-39987 pre-auth RCE exploited within 10 hours, three Microsoft Defender zero-days active (BlueHammer, RedSun, UnDefend), France Titres 19M record breach, ShinyHunters claims Udemy 1.4M and Carnival 8.7M, Iran-linked CyberAv3ngers disrupting Rockwell PLCs across U.S. critical infrastructure.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 24, 202613 min read
TLP:CLEAR
CTI-2026-0424

Daily Threat Intelligence Brief - April 24, 2026

SharePoint zero-day CVE-2026-32201 hits 1,300+ servers, France ANTS breach exposes 19M citizen IDs, Iranian APT disrupts US critical infrastructure PLCs, three Microsoft Defender zero-days in active exploitation with two still unpatched.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 23, 202617 min read
TLP:CLEAR
CTI-2026-0423

Daily Threat Intelligence Brief - April 23, 2026

CISA adds Defender BlueHammer (CVE-2026-33825) to KEV with May 13 deadline, Microsoft ships out-of-band ASP.NET Core privilege-escalation fix CVE-2026-40372 (CVSS 9.1), Forescout discloses BRIDGE:BREAK (22 vulns in Lantronix/Silex serial-to-IP converters), Terrarium Python sandbox RCE disclosed, Cisco Catalyst SD-WAN CVE-2026-20133 federal deadline hits today, ShinyHunters leaks 30M Marcus & Millichap Salesforce records, France Titres breach exposes 19M citizen records, Azure MCP Server CVE-2026-32211 hits day 20 unpatched.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 22, 202618 min read
TLP:CLEAR
CTI-2026-0422

Daily Threat Intelligence Brief - April 22, 2026

Oracle CPU lands 241 CVEs across 481 fixes, Cisco Catalyst SD-WAN trio (CVE-2026-20122/20128/20133) hits accelerated April 23 federal deadline, SAP ships CVSS 9.9 ABAP SQL injection CVE-2026-27681, Iranian CyberAv3ngers PLC campaign against Rockwell/Allen-Bradley expands with 5,219 exposed devices, Rockstar Games confirms ShinyHunters exfiltrated 78.6M records via Anodot-Snowflake token abuse, Azure MCP Server CVE-2026-32211 (CVSS 9.1) unpatched on day 19.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 21, 202619 min read
TLP:CLEAR
CTI-2026-0421

Daily Threat Intelligence Brief - April 21, 2026

Oracle CPU ships 483 patches today, CISA adds 8 KEV entries including Cisco Catalyst SD-WAN trio and Zimbra CVE-2025-48700, APT28 FrostArmada router campaign disrupted across 120 countries, Storm-1175 deploys Medusa ransomware inside 24 hours using PaperCut and Ivanti chains, Trend Micro discloses Sockpuppeting jailbreak bypassing 11 major LLMs with a single line of code.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 20, 202615 min read
TLP:CLEAR
CTI-2026-0420

Daily Threat Intelligence Brief - April 20, 2026

Oracle readies 483-patch CPU for April 21, Cisco ISE CVE-2026-20147 (CVSS 9.9) patched, Citrix NetScaler CitrixBleed 3 on KEV, SharePoint CVE-2026-32201 exploitation expands, CrewAI four-CVE chain enables RCE, Anthropic MCP 150M-download systemic flaw remains unfixed.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 19, 202612 min read
TLP:CLEAR
CTI-2026-0419

Daily Threat Intelligence Brief - April 19, 2026

SharePoint zero-day CVE-2026-32201 under active attack, BlueHammer Defender exploit (CVE-2026-33825) leaked, McGraw-Hill exposes 13.5M records, Iranian APT hits US PLCs, Anthropic MCP architectural RCE flaw exposes 150M+ downloads.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
Invalid Date18 min read
TLP:CLEAR
CTI-2026-0418

Daily Threat Intelligence Brief - April 18, 2026

Apache ActiveMQ 13-year-old RCE (CVE-2026-34197) added to CISA KEV amid active exploitation, SharePoint zero-day CVE-2026-32201 patched in 168-CVE Patch Tuesday, Fortinet FortiClient EMS SQL injection (CVE-2026-21643) under mass attack, ShinyHunters leaks 78.6M Rockstar Games records and 13.5M McGraw Hill accounts via Salesforce misconfig, IBM rolls out agentic-AI defenses as Unit 42 catalogs 22 indirect prompt injection techniques.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
Invalid Date13 min read
TLP:CLEAR
CTI-2026-0407

Daily Threat Intelligence Brief - April 7, 2026

FortiClient EMS zero-day added to CISA KEV (CVE-2026-35616, CVSS 9.8), Azure MCP Server auth bypass enables agent data theft (CVE-2026-32211, CVSS 9.1), JBFuzz achieves 99% jailbreak rate across GPT-4o/Gemini/DeepSeek, Qilin ransomware hits US law enforcement, Iran claims 598GB Lockheed Martin cache.

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors
April 6, 202613 min read
TLP:CLEAR
CTI-2026-0406

Daily Threat Intelligence Brief - April 6, 2026

Cisco IMC/SSM dual CVSS 9.8 flaws (CVE-2026-20093, CVE-2026-20160), North Korea drains $285M from Drift Protocol in 12 minutes, reasoning models achieve 97% automated jailbreak rate, Axios npm supply chain RAT hits 100M weekly downloads, Citrix NetScaler actively exploited (CVE-2026-3055).

ctivulnerabilitiesransomwareai-securityagentic-aithreat-actorssupply-chain
April 5, 20268 min read
TLP:CLEAR
CTI-2026-0405

Daily Threat Intelligence Brief - April 5, 2026

FortiClient EMS zero-day exploitation expands (CVE-2026-35616), Dgraph scores CVSS 10.0 (CVE-2026-33976), OpenClaw CVSS 9.9 with 135K exposed instances, RSAC 2026 confirms agentic AI as top attack surface, Q1 ransomware hits 2,165 victims.

ctivulnerabilitieszero-dayransomwareai-securityagentic-airsac-2026
April 4, 20269 min read
TLP:CLEAR
CTI-2026-0404

Daily Threat Intelligence Brief - April 4, 2026

FortiClient EMS zero-day actively exploited (CVE-2026-35616), PraisonAI sandbox bypass scores CVSS 10.0, EU Commission 340GB breach via Trivy supply chain, DarkSword iOS exploit kit hits 4 countries, attacker breakout times collapse to 22 seconds.

ctivulnerabilitieszero-dayransomwareai-securitysupply-chainagentic-ai
April 3, 202610 min read
TLP:CLEAR
CTI-2026-0403

Daily Threat Intelligence Brief - April 3, 2026

Chrome zero-day added to CISA KEV, Azure AKS & AI Foundry score CVSS 10.0, LiteLLM supply chain attack hits AI ecosystem, VoidLink becomes first AI-built malware framework, Apple DarkSword emergency patch, and 97% of enterprises expect major AI agent security incident.

ctivulnerabilitiesransomwareai-securityagentic-aisupply-chainzero-day