Kubernetes is a technology platform tracked across 50 threat clusters and 188 intelligence report mentions on ThreatCluster. First observed November 5, 2025; most recent activity July 13, 2026.
SonicWall has released a patch for the actively exploited zero-day vulnerability CVE-2025-40602, which affects the Appliance Management Console (AMC) of their devices. This vulnerability allows for deserialization of…
On June 17, 2026, F5 released emergency patches for two critical vulnerabilities in NGINX, CVE-2026-42530 and CVE-2026-42055. These vulnerabilities affect NGINX Open Source, NGINX Plus, and related products, allowing…
A critical vulnerability, CVE-2026-42945, has been discovered in the NGINX web server's ngx_http_rewrite_module, allowing unauthenticated attackers to execute remote code or crash servers. This heap-based buffer…
TeamPCP has launched a new cyber campaign deploying a destructive payload that targets Kubernetes clusters configured for Iran. This wiper malware, part of the ongoing CanisterWorm campaign, uses the same…
A China-linked threat actor known as Red Menshen has been conducting a long-term espionage campaign targeting global telecommunications networks using a stealthy Linux kernel backdoor called BPFdoor. This malware…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
The TeamPCP threat group has expanded its supply chain attack campaign, compromising the Microsoft DurableTask Python client with versions v1.4.1, v1.4.2, and v1.4.3 found to contain a credential-stealing worm. This…
Docker has addressed a critical vulnerability, tracked as CVE-2026-34040, that allows attackers to bypass authorization checks and create containers with excessive privileges. The flaw arises from middleware issues in…
On March 24, 2026, two versions of the LiteLLM Python package (1.82.7 and 1.82.8) were compromised on PyPI, embedding credential-stealing payloads. The attack, linked to the TeamPCP threat actor, exploited a…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a two-year-old vulnerability in Oracle WebLogic Server, tracked as CVE-2024-21182. This flaw,…