Ongoing Iran Conflict: What You Need to Know
Recorded Future's Insikt Group® is actively monitoring the rapidly evolving situation following coordinated US-Israeli strikes against Iran and the death of Supreme Leader...
CVE-2026-28417 Vim has OS Command Injection in netrw
Information published. - Read more
OpenClaw 0-Click Vulnerability Allows Malicious Websites to Hijack Developer AI Agents
A critical zero-interaction vulnerability in OpenClaw, one of the fastest-growing open-source AI agent frameworks in history, has been discovered by Oasis Security researchers, allowing...
CVE-2025-71147 KEYS: trusted: Fix a memory leak in tpm2_load_cmd
Information published. - Read more
Security hole could let hackers take over Juniper Networks PTX core routers
Network admins with Juniper PTX series routers in their environments are being warned to patch immediately, because a newly-discovered critical...
‘Silent’ Google API key change exposed Gemini AI data
Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped...
Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features
For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain, and watching the network go dark. Law enforcement used...
5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign
Hackers exploited a critical Cisco SD-WAN flaw, prompting a rare joint warning from the US, UK, Australia, Canada, and New Zealand.
The post 5 Nations...
CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Download links fixed - Read more
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group - Read more
Latest article
Looking at the SmarterMail API Vulnerability CVE-2026-24423
Sensor Intel Series: February 2026 CVE Trends - Read more
Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk
A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in.
The...
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
A major cyberattack on US medical supplies giant Stryker has resulted in thousands of devices being remotely wiped, after a...
This one’s for you, Mom
Welcome to this week’s edition of the Threat Source newsletter. I am the product of a single parent, my mom, who along with my grandparents...
