The News.
Daily intel.
Daily breach reporting, CVE disclosures, malware analyses, and threat campaigns. Yesterday's incidents, this morning's coverage — written by practitioners for the analysts and defenders who need it first.
CVE-2024-36401: GeoServer RCE Exploited at US Federal Agency — CISA IR Lessons
CISA advisory AA25-266A details how CVE-2024-36401, a CVSS 9.8 GeoServer RCE, was exploited at a US federal agency for three weeks before detection. Three critical lessons for defenders.
Amazon SES Increasingly Abused in Phishing Attacks That Bypass Security Filters
Attackers are stealing exposed AWS IAM keys to send convincing phishing emails via Amazon SES, bypassing reputation-based filters and SPF/DKIM checks.
Cisco Acquires Astrix Security to Secure AI Agents and Non-Human Identities
Cisco announced intent to acquire Astrix Security for up to $400M, adding non-human identity (NHI) discovery and management for AI agents, API keys, and OAuth tokens.
CVE-2026-42354: Sentry SAML SSO Flaw Enables Full Account Takeover — PoC Available
CVE-2026-42354 lets attackers impersonate any Sentry user via forged SAML assertions. Self-hosted 21.12.0–26.1.0 affected. PoC public. Patch to 26.4.1.
Four Critical Apache Polaris Vulnerabilities (CVSS 9.9) Allow Cloud Storage Credential Hijacking
CVE-2026-42809, 42810, 42811, 42812 in Apache Polaris allow credential hijacking on S3 and GCS. Upgrade to 1.4.1 immediately.
CVE-2026-22679: Weaver E-cology RCE Exploited Since March — Patch Now
CVE-2026-22679 is a CVSS 9.8 unauthenticated RCE in Weaver E-cology 10.0. Active exploitation since mid-March 2026. Public PoC available. Patch to build 20260312 immediately.
Pentagon Deploys AI on Classified IL6/IL7 Networks: AWS, Google, Microsoft, OpenAI, NVIDIA, SpaceX, Reflection, Oracle
The US Department of Defense has signed agreements with eight AI companies to deploy their models on classified IL6 and IL7 networks. Anthropic was excluded after disputes over autonomous weapons guardrails.
Fraudsters Target Credit Unions With Structured Loan Fraud, Bypassing KBA Using Dark Web Data
Flare research reveals how fraudsters exploit credit union loan workflows using stolen identities and KBA bypass—no hacking required, just stolen data and process knowledge.
OpenAI Launches Advanced Account Security for ChatGPT: Passkeys, Shorter Sessions, No Passwords
OpenAI's new Advanced Account Security for ChatGPT requires passkeys or hardware keys, disables email/SMS recovery, and shortens login sessions. Mandatory for Trusted Access users by June 1, 2026.