Docker is a tool tracked across 50 threat clusters and 165 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 16, 2026.
A critical remote code execution vulnerability (CVE-2025-68613) in the n8n workflow automation platform has been disclosed, potentially impacting over 100,000 servers, primarily in the United States. The flaw, which has…
A critical vulnerability in the nginx-ui web server management tool, tracked as CVE-2026-33032, has been actively exploited since March 2026. This flaw allows attackers to bypass authentication on the /mcp_message…
On July 1, 2026, security firm SlowMist identified a fake trading bot on GitHub designed to spread malware targeting Polymarket users and DeFi developers. The bot, named 'polymarket-arbitrage-bot', was promoted as a…
TeamPCP has launched a new cyber campaign deploying a destructive payload that targets Kubernetes clusters configured for Iran. This wiper malware, part of the ongoing CanisterWorm campaign, uses the same…
Flowise has disclosed a critical remote code execution vulnerability, tracked as CVE-2026-56274, affecting versions prior to 3.1.2 of its Custom MCP Server feature. The flaw allows attackers to exploit multiple OS…
CVE-2025-34291 is a critical vulnerability affecting Langflow, an open-source AI agent platform, allowing attackers to take over accounts and execute arbitrary code. Disclosed on December 5, 2025, this vulnerability has…
Fedora has released security updates for the Skopeo command line utility addressing critical vulnerabilities CVE-2025-58189 and CVE-2025-61725. The updates were made available for Fedora 42 and Fedora 43, with the…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
The TeamPCP threat group has expanded its supply chain attack campaign, compromising the Microsoft DurableTask Python client with versions v1.4.1, v1.4.2, and v1.4.3 found to contain a credential-stealing worm. This…
An anonymous researcher known as Bikini has released exploit code for over a dozen zero-day vulnerabilities affecting 15 popular open-source projects, including the Linux kernel and Libssh2. The exploits were disclosed…