// signal
[advisory]RESEARCH · When AI Agents Control Physical Systems, Identity Management Becomes a Safety Problem[advisory]STANDARDS · From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach[advisory]THREATS · Android Under Fire: Mirax RAT, EngageLab SDK Flaw, and SparkCat Variant Target Mobile Users and Crypto Wallets[advisory]THREATS · FBI Dismantles W3LL Phishing Empire as NEXUS Listener Campaign Harvests Credentials from 766 Hosts[advisory]RESEARCH · Anthropic's Mythos Preview: What the "Vulnpocalypse" Model Means for Defenders[advisory]THREATS · Iran and Russia Launch Parallel Campaigns Against Critical Infrastructure: PLCs and Routers Under Siege[advisory]RESEARCH · The Cloud Security Paradox: Enterprises Overestimate Data Protection as Misconfigurations Fuel Breaches[advisory]STANDARDS · Passkeys Hit 4 Billion, FIDO Pivots to Wallets, and a New Code of Conduct Targets Credential Overreach[advisory]RESEARCH · The AI Revolution in OSINT: New Frontiers, Fresh Vulnerabilities, and the Evolving Intelligence Landscape[advisory]RESEARCH · Mapping the Global Landscape of Active CVEs: Insights by Origin Country[advisory]RESEARCH · When AI Agents Control Physical Systems, Identity Management Becomes a Safety Problem[advisory]STANDARDS · From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach[advisory]THREATS · Android Under Fire: Mirax RAT, EngageLab SDK Flaw, and SparkCat Variant Target Mobile Users and Crypto Wallets[advisory]THREATS · FBI Dismantles W3LL Phishing Empire as NEXUS Listener Campaign Harvests Credentials from 766 Hosts[advisory]RESEARCH · Anthropic's Mythos Preview: What the "Vulnpocalypse" Model Means for Defenders[advisory]THREATS · Iran and Russia Launch Parallel Campaigns Against Critical Infrastructure: PLCs and Routers Under Siege[advisory]RESEARCH · The Cloud Security Paradox: Enterprises Overestimate Data Protection as Misconfigurations Fuel Breaches[advisory]STANDARDS · Passkeys Hit 4 Billion, FIDO Pivots to Wallets, and a New Code of Conduct Targets Credential Overreach[advisory]RESEARCH · The AI Revolution in OSINT: New Frontiers, Fresh Vulnerabilities, and the Evolving Intelligence Landscape[advisory]RESEARCH · Mapping the Global Landscape of Active CVEs: Insights by Origin Country
1895
CVEs tracked
39
Critical · 7d
44
Exploited in wild
24
PoCs public · 30d
252
Fixes shipped · 7d
14
Articles · 7d
Research
When AI Agents Control Physical Systems, Identity Management Becomes a Safety Problem
2026-04-15T09:58Z· RESEARCH· 4 min read
Critical now
top CVSS · 14dRecently disclosed vulnerabilities rated critical (CVSS ≥ 9.0) or confirmed exploited in the wild. Each card shows the affected product, a plain-English description, and whether a fix is available. Click through for our full write-up or the raw advisory.
CVE-2026-39399CVSS 9.6
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job's handling of .nuspec files within NuGet packages. An…
◉ CRITICALFIX STATUS UNKNOWN
added 13h ago→
CVE-2026-35031CVSS 9.9
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles),…
◉ CRITICALFIX STATUS UNKNOWN
added 13h ago→
CVE-2026-34457CVSS 9.1
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in…
◉ CRITICALFIX STATUS UNKNOWN
added 13h ago→
CVE-2026-27304CVSS 9.3
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the…
◉ CRITICAL✓ FIX AVAILABLE
added 14h ago→
CVE-2026-5752CVSS 9.3
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.
◉ CRITICALFIX STATUS UNKNOWN
added 18h ago→
CVE-2026-34615CVSS 9.3
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of…
◉ CRITICAL✓ FIX AVAILABLE
added 18h ago→
CVE-2026-27303CVSS 9.6
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of…
◉ CRITICAL✓ FIX AVAILABLE
added 18h ago→
CVE-2026-27246CVSS 9.3
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the…
◉ CRITICAL✓ FIX AVAILABLE
added 18h ago→
Editor's Desk
browse all articles →
From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach
OpenAI's arrival on the FIDO Alliance Board, Mastercard's open-source standard for AI agent transactions, and Meta's display-free passkey method for XR headsets signal a new phase: passwordless authentication is moving well beyond logins into agent commerce, immersive hardware, and national-scale identity systems.
Android Under Fire: Mirax RAT, EngageLab SDK Flaw, and SparkCat Variant Target Mobile Users and Crypto Wallets
Three distinct Android threats emerged this week: the Mirax RAT converting phones into proxy nodes via Meta ads, a patched EngageLab SDK vulnerability that exposed 50 million users, and a new SparkCat variant scanning photo galleries for crypto wallet seed phrases. Together, they illustrate a converging threat landscape around mobile devices and digital assets.
FBI Dismantles W3LL Phishing Empire as NEXUS Listener Campaign Harvests Credentials from 766 Hosts
Two developments highlight the persistent scale of credential theft: the FBI and Indonesian police arrested the developer behind the W3LL phishing kit linked to $20 million in fraud, while Cisco Talos disclosed a fully automated credential harvesting operation exploiting a critical Next.js vulnerability to compromise hundreds of servers in under 24 hours.
Anthropic's Mythos Preview: What the "Vulnpocalypse" Model Means for Defenders
Anthropic has unveiled Claude Mythos Preview, an AI model capable of autonomously discovering and exploiting zero-day vulnerabilities across every major OS and browser. Through the controlled Project Glasswing initiative, the company is channeling the model's capabilities toward defense - but the deployment gap downstream of the code may be the real challenge.
Iran and Russia Launch Parallel Campaigns Against Critical Infrastructure: PLCs and Routers Under Siege
U.S. federal agencies issued urgent advisories this week as Iranian hackers disrupted programmable logic controllers across energy and water systems, while Russia's APT28 hijacked 18,000 home routers worldwide to steal authentication credentials. Both campaigns target the weakest links in critical infrastructure - internet-exposed devices that defenders often overlook.
The Cloud Security Paradox: Enterprises Overestimate Data Protection as Misconfigurations Fuel Breaches
A new Cloud Security Alliance survey reveals that 75% of organizations are confident in their unstructured data security - while 68% leave significant portions unprotected. A parallel CSA analysis of an AWS credential exposure incident shows how quickly such blind spots translate into full account takeover.
trending vendors · 30d
From the frontline
analysis · deep-dives
Passkeys Hit 4 Billion, FIDO Pivots to Wallets, and a New Code of Conduct Targets Credential Overreach
Three parallel developments are reshaping digital identity: FIDO Alliance declares passkeys mainstream and shifts focus to digital wallet certification, the Better Identity Coalition drafts "rules of the road" for verifiable credentials, and HYPR's latest report finds AI-driven impersonation has overtaken stolen credentials as the top enterprise identity threat.
The AI Revolution in OSINT: New Frontiers, Fresh Vulnerabilities, and the Evolving Intelligence Landscape
How AI is reshaping OSINT: from agentic intelligence tools and deepfake threats to OPSEC exposure risks and defensive countermeasures for 2026 practitioners.
Mapping the Global Landscape of Active CVEs: Insights by Origin Country
Analysis of global CVE trends by country of origin, covering vendor distribution, CNA shifts, state-sponsored exploitation, and regulatory responses in 2025-2026.
The State of npm in 2026: Security Crisis and Ecosystem Response
The npm ecosystem faces its most turbulent period ever. Three major supply chain attacks in seven months - including the Axios compromise attributed to North Korea - have forced GitHub to overhaul npm security. This report analyzes the threats, the response, and what comes next for the world's largest package registry.
Three Critical Vulnerabilities in One Week: Adobe Reader Zero-Day, Fortinet EMS Bypass, and Marimo RCE
A high-severity Adobe Reader zero-day exploited since December 2025, an authentication bypass in Fortinet FortiClient EMS added to CISA's KEV catalog, and a Marimo RCE flaw weaponized within 10 hours of disclosure highlight the accelerating pace of vulnerability exploitation and the shrinking patch window defenders face.
AI Agents Are Outrunning Enterprise Security: New Research Exposes a Structural Identity Crisis
New findings from the Cloud Security Alliance reveal that 68% of organizations cannot distinguish AI agent activity from human actions, while 74% grant agents more access than needed. As real-world incidents demonstrate the consequences - from weaponized AI coding tools to factory shutdowns - industry efforts by Mastercard, Google, and others are racing to build trust frameworks before the gap widens further.
Supply Chain Attacks Escalate: From the Axios NPM Compromise to Emerging Defense Frameworks
The North Korea-linked compromise of the Axios NPM package - with nearly 100 million weekly downloads - underscores the growing severity of software supply chain attacks. As the industry grapples with the fallout, new standards from the FIDO Alliance and the Cloud Security Alliance are emerging to address the systemic trust gaps that make these attacks possible.