CVE-2026-24306 Azure Front Door Elevation of Privilege Vulnerability
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. - Read more
CVE-2026-24304 Azure Resource Manager Elevation of Privilege Vulnerability
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. - Read more
CVE-2026-21520 Copilot Studio Information Disclosure Vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector - Read more
How financial services companies are building contextual intelligence at scale
Leading financial companies are turning data ubiquity into competitive advantage. See how Elastic powers contextual search, real-time decisioning, and AI agents across fraud, compliance, and customer experience. - Read more
Rapid7 MDR Integrates Microsoft Defender Signals to Create Tangible Security Outcomes
Organizations increasingly rely on Microsoft as their foundational productivity and security technology provider. As these environments grow in scale and complexity, security leaders are responsible for operationalizing the vast signals traversing their Microsoft stack in order to anticipate and preempt threats. At the same time, those efforts must deliver measurable security outcomes and clear return on investment.If you’re reading...
Under Armour – 72,742,892 breached accounts
In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates...
Distributed and AI-powered search for OODA loop
Move from manual search to real-time answers through secure distributed search and AI for defence. - Read more
PurpleBravo’s Targeting of the IT Software Supply Chain
Executive Summary PurpleBravo is a North Korean state-sponsored threat group that overlaps with the “Contagious Interview” campaign first documented in November 2023. It targets software developers, especially in the software development and cryptocurrency verticals, via fake recruiter outreach, interview coding tests, and ClickFix prompts. Activity throughout 2025 has linked multiple fraudulent LinkedIn personas to PurpleBravo through malicious GitHub...
Blind SSRF/DoS in Java TLS x509 AIA Extension
Blind SSRF/DoS in Java TLS x509 AIA Extension A Blind Server-Side Request Forgery (SSRF) vulnerability exists in Oracle Java 21. The vulnerability, which leads to Denial of Service (DoS), is present in the x509 certificate path validation mechanism when the non-default system property com.sun.security.enableAIAcaIssuers is set to true.When enabled, the application attempts to retrieve the issuing CA certificate using...
Latest article
2025 FINMA ISAE 3000 Type II attestation report available with 183 services in scope
Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report...
Vulnerability monitoring service secures public-sector websites faster
An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing...
Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely
A high-severity security vulnerability has been discovered in Google Chrome’s integrated Gemini AI assistant, exposing users to unauthorized camera and microphone access, local file...
2nd March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Wynn Resorts, a...
