T1552.001 - Credentials In Files is a mitre_attack tracked across 22 threat clusters and 30 intelligence report mentions on ThreatCluster. First observed February 6, 2026; most recent activity July 12, 2026.
Active exploitation of two critical vulnerabilities has been reported: CVE-2026-20230 in Cisco Unified CM and CVE-2026-20971 in Samsung KNOX. The Cisco flaw, a server-side request forgery (SSRF), poses an immediate…
A critical vulnerability in the nginx-ui web server management tool, tracked as CVE-2026-33032, has been actively exploited since March 2026. This flaw allows attackers to bypass authentication on the /mcp_message…
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo, an open-source Python notebook platform, was disclosed on April 8, 2026, and exploited within 9 hours and 41 minutes. The vulnerability,…
The Harvester APT group has launched a Linux variant of its GoGra backdoor, utilizing the Microsoft Graph API and Outlook mailboxes for covert command-and-control operations. This malware is designed to evade…
On July 11, 2026, multiple malicious versions of the jscrambler npm package were published, exploiting a compromised npm publishing credential. The affected versions (8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0) included…
The TeamPCP threat group has expanded its supply chain attack campaign, compromising the Microsoft DurableTask Python client with versions v1.4.1, v1.4.2, and v1.4.3 found to contain a credential-stealing worm. This…
A critical vulnerability in Langflow, tracked as CVE-2026-33017, allows unauthenticated remote code execution (RCE) via the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. This flaw was exploited within 20 hours…
A security researcher discovered critical vulnerabilities in baby monitors and security cameras using Meari Technology's platform, affecting up to 1.1 million devices globally. The flaws allow unauthorized users to…
On May 10, 2026, threat actors exploited CVE-2026-39987, a remote code execution vulnerability in the marimo notebook environment, to gain unauthorized access to internal databases. The attackers utilized a large…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…