OSINT & geopolitical
60 alerts in this category.
Open-source intelligence on threats outside the CVE ecosystem — geopolitical events, cyber-physical incidents, sanctions, and infrastructure attacks. Curated for security teams that need situational awareness alongside their patch queue.
USN-8525-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive inform
UbuntuCVE-2024-11053USN-8524-1: Python vulnerability
It was discovered that Python did not use sufficient entropy for Expat hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree modules. An attacker could use this to cause a denial
USN-8520-1: Expat vulnerability
It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, le
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several
MicrosoftUSN-8492-4: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
BroadcomCVE-2025-40005Long Term Support Channel Update for ChromeOS
Google Chrome Releases published an advisory on "Long Term Support Channel Update for ChromeOS". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked und
GoogleCVE-2026-12467Stable Channel Update for Desktop
Google Chrome Releases published an advisory on "Stable Channel Update for Desktop". Topic areas: google, chrome, browser, patch. Published July 8, 2026. See the original source linked under Reference
GoogleCVE-2026-15112CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability (Severity: LOW)". Topic areas: paloalto, firewall, vulnerab
CVE-2026-0276Cisco Advance Notification for Publication of July 15, 2026, Security Advisories
On July 15, 2026, the Cisco Product Security Incident Response Team (PSIRT) will publish advisories to disclose security vulnerability information along with fixed software releases for the following
CiscoFelons, Fraudsters Flog Offensive Cybersecurity Startup
Krebs on Security published an research on "Felons, Fraudsters Flog Offensive Cybersecurity Startup". Topic areas: news, breach, investigation, zero-day. Published July 8, 2026. See the original sourc
AWSDev Channel Update for ChromeOS / ChromeOS Flex
Google Chrome Releases published an advisory on "Dev Channel Update for ChromeOS / ChromeOS Flex". Topic areas: google, chrome, browser, patch. Published July 7, 2026. See the original source linked u
GoogleCVE-2026-14904 - Improper Link Resolution in Auth.GetUserPrivateKey in AWS Research and Engineering Studio
Bulletin ID: 2026-053-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/07/2026 09:45 AM PDT Description: AWS Research and Engineering Studio (RES) is an open-source sol
AWSCVE-2026-14904Stable Channel Update for ChromeOS / ChromeOS Flex
Google Chrome Releases published an advisory on "Stable Channel Update for ChromeOS / ChromeOS Flex". Topic areas: google, chrome, browser, patch. Published July 6, 2026. See the original source linke
GoogleVU#213560: Tenda firmware (multiple versions) contains hidden authentication backdoor
Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vul
CVE-2026-11405CVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry
Bulletin ID: 2026-052-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/06/2026 13:45 PM PDT Description: Amazon mcp-gateway-registry is an open-source gateway and regis
AWSCVE-2026-14471VU#828543: HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability
Overview HP Printers in the Deskjet 2800 Series running firmware version CVE-2026-13753. This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi crede
CVE-2026-13753USN-8514-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled file permissions when downloading files as root using the legacy scp protocol without the preserve-mode option. An attacker could use this to install
SANS Internet Storm Center Advisory — Jul 6, 2026
Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition t
GoogleUSN-8509-1: Python vulnerabilities
It was discovered that Python incorrectly normalized paths in the tarfile module. An attacker could possibly use this issue to bypass path restrictions. This issue only affected Ubuntu 22.04 LTS and U
UbuntuCVE-2025-13462USN-8506-1: Request Tracker vulnerabilities
Aleksander Iwicki discovered that Request Tracker did not properly sanitize the search "Page" URL parameter. A remote attacker could possibly use this issue to conduct a reflected cross-site scripting
CVE-2026-6841USN-8507-1: Linux kernel (NVIDIA) vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information.
MicrosoftCVE-2025-54505USN-8492-3: Linux kernel (Raspberry Pi Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
BroadcomCVE-2025-40005Chromium: CVE-2026-13891 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13891Chromium: CVE-2026-13774 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13774Chromium: CVE-2026-14142 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14142CVE-2026-50521 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Added Edge software to the Security Updates table. Customers that are running supported version of Edge are encouraged to update to the indicated version to be protected from this vulnerability.
MicrosoftCVE-2026-50521Chromium: CVE-2026-13948 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13948CVE-2026-58597 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
MicrosoftCVE-2026-58597Chromium: CVE-2026-14003 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14003Chromium: CVE-2026-14047 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14047Chromium: CVE-2026-13945 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13945Chromium: CVE-2026-13957 Incorrect security UI in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13957Chromium: CVE-2026-13824 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13824Chromium: CVE-2026-13888 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13888Chromium: CVE-2026-13999 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13999Chromium: CVE-2026-13919 Insufficient data validation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13919Chromium: CVE-2026-14053 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14053Talos Intelligence Advisory — Jul 2, 2026
Talos Intelligence published an research on "Talos Intelligence Advisory — Jul 2, 2026". Topic areas: cisco, talos, malware, threat-intel. Published July 2, 2026. See the original source linked under
MicrosoftCVE-2026-48558FBI Seizes NetNut Proxy Platform, Popa Botnet
Krebs on Security published an research on "FBI Seizes NetNut Proxy Platform, Popa Botnet". Topic areas: news, breach, investigation, rce. Published July 2, 2026. See the original source linked under
GoogleUSN-8488-2: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information.
MicrosoftCVE-2025-54505USN-8499-1: Linux kernel (Xilinx) vulnerabilities
It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privil
VMwareCVE-2026-31431USN-8492-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
BroadcomCVE-2025-40005USN-8498-1: Linux kernel (NVIDIA Tegra) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
BroadcomCVE-2025-40005USN-8497-1: Linux kernel (Low Latency) vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP sub
BroadcomCVE-2026-43284VU#639124: Multiple local privilege escalation vulnerabilities in Little Orbits GameFirst Anti-Cheat
Overview The GamersFirst Anti-Cheat (GFAC) driver GFAC.sys contains multiple local privilege escalations and denial-of-service vulnerabilities stemming from insecure handling of user-controlled input
AWSCVE-2026-12166CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability
CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability
MicrosoftCVE-2026-45659CVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin
Bulletin ID: 2026-051-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/01/2026 12:45 PM PDT Description: The AWS Advanced JDBC Wrapper is an open-source JDBC driver wra
AWSCVE-2026-14265CVE-2026-13769 – Insecure file permissions in AWS CLI
Bulletin ID: 2026-049-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/01/2026 11:45 AM PDT Description: The AWS Command Line Interface (AWS CLI) is a unified tool for
AWSCVE-2026-13769CVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib
Bulletin ID: 2026-050-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/01/2026 12:15 PM PDT Description: AWS CDK (aws-cdk-lib) is an open-source framework for defining
AWSCVE-2026-13760Talos Intelligence Advisory — Jul 1, 2026
Talos Intelligence published an research on "Talos Intelligence Advisory — Jul 1, 2026". Topic areas: cisco, talos, malware, threat-intel. Published July 1, 2026. See the original source linked under
Talos Intelligence Advisory — Jul 1, 2026
Talos Intelligence published an research on "Talos Intelligence Advisory — Jul 1, 2026". Topic areas: cisco, talos, malware, threat-intel. Published July 1, 2026. See the original source linked under
MicrosoftUSN-8492-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
BroadcomCVE-2025-40005Cisco Catalyst Center Arbitrary File Read Vulnerability
A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of us
CiscoCVE-2026-20191ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations. For more information about these vulnerabilities, see t
CiscoCVE-2026-20213USN-8488-1: Linux kernel vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information.
MicrosoftCVE-2025-54505USN-8489-1: Linux kernel (OEM) vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP sub
MicrosoftCVE-2026-43284CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions
Microsoft Security Response Center published an advisory on "CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions". Topic areas: microsoft, windows, azure, patch. Published July 1, 2026.
CVE-2026-6450CVE-2026-55961 wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer
Microsoft Security Response Center published an advisory on "CVE-2026-55961 wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer". Topic areas: microsoft, windows,
CVE-2026-55961CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
Microsoft Security Response Center published an advisory on "CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip". Topic areas: mic
CVE-2026-13318SANS Internet Storm Center Advisory — Jul 1, 2026
This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan