Threat Intelligence Center
Real-time Threat Intelligence Dashboard
Critical
245
Active Threats
High
373
Active Threats
Medium
161
Active Threats
Low
75
Active Threats
⚡ Active Threats (854)
| Severity | Threat Type | Target Sector | Region | Description | Source | Detected |
|---|---|---|---|---|---|---|
| Critical | Vulnerability | Government and Critical Infrastructure | Global | CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines CISA added eight newly exploited vulnerabilit... | The Hacker News | 1h ago |
| Critical | Advanced Persistent Threat | Cryptocurrency and Blockchain | Global | KelpDAO suffers $290 million heist tied to Lazarus hackers North Korean state-sponsored Lazarus Group hackers conducted... | BleepingComputer | 9h ago |
| Critical | Malware | Financial Services / Cryptocurrency | Global | China's Apple App Store infiltrated by crypto-stealing wallet apps 26 malicious applications on Apple's China App... | BleepingComputer | 10h ago |
| High | Insider Threat | Cloud Computing and SaaS | Global | Vercel Employee's AI Tool Access Led to Data Breach A Vercel employee's compromised access to AI tools resulted in... | Dark Reading | 11h ago |
| Critical | Vulnerability | Industrial Control Systems / Operational Technology | Global | Serial-to-IP Devices Hide Thousands of Old and New Bugs Serial-to-IP converter devices used in operational technology e... | Dark Reading | 11h ago |
| Critical | Ransomware | Corporate/Enterprise | Global | The Gentlemen ransomware now uses SystemBC for bot-powered attacks A botnet comprising over 1,570 SystemBC proxy malwar... | BleepingComputer | 12h ago |
| High | Ransomware | Retail/E-commerce | Global | Seiko USA website defaced as hacker claims customer data theft The Seiko USA website was defaced by attackers who claim... | BleepingComputer | 13h ago |
| Critical | Vulnerability | Software Development and AI/ML Services | Global | SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files A critical vulnerability (CVE-2026-5760) in... | The Hacker News | 15h ago |
| Critical | Vulnerability | Healthcare, Operational Technology, Industrial Control Systems | Global | Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking Forescout researchers discovered 20 new vulner... | SecurityWeek | 16h ago |
| High | Phishing | Enterprise/Information Technology | Global | Microsoft: Teams increasingly abused in helpdesk impersonation attacks Microsoft warns that threat actors are increasin... | BleepingComputer | 17h ago |
⚠ Disclaimer: Threat intelligence data is for informational purposes only. Please validate independently before taking action.
📋 Recent CVEs
Sourced from NVD| CVE ID | Description | CVSS | Exploit | Patch | Published |
|---|---|---|---|---|---|
| CVE-2026-6674 Medium |
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and in | 6.5 | — | ❌ | Apr 21 |
| CVE-2026-41300 Medium |
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers ca | 6.5 | — | ❌ | Apr 21 |
| CVE-2026-40045 Medium |
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. | 5.7 | — | ❌ | Apr 21 |
| CVE-2026-41298 Medium |
OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped cal | 5.4 | — | ❌ | Apr 21 |
| CVE-2026-41301 Medium |
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing ch | 5.3 | — | ❌ | Apr 21 |
| CVE-2026-41331 Medium |
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group sende | 5.3 | — | ❌ | Apr 21 |
| CVE-2026-6675 Medium |
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up t | 5.3 | — | ❌ | Apr 21 |
| CVE-2025-32975 Critical |
🤖 Quest KACE SMA contains a critical authentication bypass vulnerability (CVSS 9.8) allowing attackers to impersonate legitimate users without credentia | 9.8 | — | ❌ | Apr 20 |
| CVE-2025-48700 Critical |
🤖 CVE-2025-48700 is a critical cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite with a CVSS score of 9.8. The vulnerabilit | 9.8 | — | ❌ | Apr 20 |
| CVE-2025-2749 Critical |
🤖 Kentico Xperience contains a critical path traversal vulnerability (CVSS 9.8) allowing authenticated users to upload arbitrary data to unintended loca | 9.8 | — | ❌ | Apr 20 |