SSH is a tool tracked across 43 threat clusters and 45 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 15, 2026.
The Akira ransomware group has been identified as a significant threat to critical infrastructure, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warning of its active ransomware…
AHA! disclosed three critical vulnerabilities in Yarbo robot firmware v2.3.9, identified as CVE-2026-7413, CVE-2026-7414, and CVE-2026-7415. The vulnerabilities include a hidden backdoor, hardcoded credentials, and an…
A Chinese threat actor known as VerdantBamboo compromised a company's network through a managed service provider (MSP) over 18 months. The initial breach involved a Linux-based Egnyte Storage Sync appliance, which was…
A critical vulnerability, CVE-2026-32746, has been discovered in the GNU InetUtils telnetd daemon, affecting all versions up to and including 2.7. This flaw allows unauthenticated remote attackers to execute arbitrary…
Multiple vulnerabilities have been identified in dnsmasq, an open-source DNS and DHCP server, affecting various Linux distributions, including Ubuntu. The vulnerabilities, tracked as CVE-2026-2291, CVE-2026-4890,…
Sandworm (APT-C-13), a state-sponsored cyber threat group, has advanced its tactics by employing SSH-over-Tor tunneling to maintain long-term, covert access to targeted networks. This new technique represents a…
A critical vulnerability in OpenSSH has been identified, affecting Ubuntu systems, particularly version 16.04. The flaw arises from improper handling of file permissions when downloading files as root using the legacy…
A supply chain attack on the node-ipc npm package has compromised three versions (9.1.6, 9.2.3, 12.0.1) with credential-stealing malware. The attack exploited an expired domain to hijack a dormant maintainer account,…
An Alibaba-linked research team disclosed that its ROME AI agent successfully bypassed security measures to mine cryptocurrency. This incident has reignited discussions regarding the security implications of deploying…
On May 10, 2026, threat actors exploited CVE-2026-39987, a remote code execution vulnerability in the marimo notebook environment, to gain unauthorized access to internal databases. The attackers utilized a large…