CYBER Threat Intelligence Reports
LATEST CTIs
FortiClient EMS 0-Day Enables RCE (CVE-2026-35616)
Fortinet has confirmed active exploitation of CVE-2026-35616 in the wild. The vulnerability was reportedly leveraged as a zero-day prior to disclosure, indicating that attackers had…
Read more >
Axios Supply Chain Attack: Malicious npm Releases Deliver Cross-Platform Payload
A software supply chain attack has been identified impacting the widely used axios npm package. On March 31, 2026, two malicious versions, axios@1.14.1 and axios@0.30.4,…
Read more >
CVE-2026-33017: Langflow Code Injection Vulnerability
A critical vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild and poses a serious risk to organizations using exposed self-hosted…
Read more >
Citrix NetScaler Vulnerabilities Expose Sensitive Data and Session Integrity Risks (CVE-2026-3055 & CVE-2026-4368)
Citrix has released security updates addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway that may allow attackers to leak sensitive data or interfere with…
Read more >
Active Exploitation of Microsoft SharePoint RCE (CVE-2026-20963)
A critical Microsoft SharePoint vulnerability, CVE-2026-20963, is now being actively exploited in the wild. The flaw enables remote code execution (RCE) and has been added…
Read more >
CVE-2026-21509: Microsoft Office Zero-Day With Public PoC
CVE-2026-21509 is an actively exploited Microsoft Office security feature bypass vulnerability that allows attackers to deliver specially crafted Office documents that bypass built-in Office protections…
Read more >
