Threat Digest

CISA Leak: GovCloud Credentials Exposed on GitHub [Analysis]

A contractor's public GitHub repository exposed highly privileged AWS GovCloud credentials and internal CISA system details. This egregious leak offers a disturbing look into government software deployment.

Threat Digest 5 min read an hour ago

Latest Stories

Explainers 📊 Objective

Daily Briefing: May 11, 2026

Your AI morning briefing for May 11, 2026 — the top stories you need to know.

2 min read 1 week, 6 days ago

Abstract network diagram with glowing nodes representing servers and connections, highlighting a central point with 'vCenter' labeled.

Ransomware & Malware ⚠️ Warning

BRICKSTORM Hits vSphere: Under the Hood of Virtualization's New Threat

Forget the endpoint. The new battlefield for advanced attackers is the virtualization layer itself. BRICKSTORM malware is demonstrating a chillingly effective strategy: sidestepping guest OS defenses by targeting VMware vSphere directly.

5 min read 1 week, 6 days ago

Network diagram showing a tunnel bypassing a sandbox boundary, with DNS query packets flowing through.

Cloud Security ⚠️ Warning

[AWS AgentCore] Sandbox Escaped Via DNS Tunneling

The digital fortress designed to contain AI agents just sprang a leak. Researchers have found a way to sneak data out of AWS Bedrock AgentCore's supposedly isolated sandbox.

5 min read 1 week, 6 days ago

Abstract representation of artificial intelligence algorithms and binary code with a digital padlock symbolizing security.

Nation-State Threats ⚠️ Warning

AI Unleashed: Hacking's New Frontier

The future of cybercrime is here, and it's intelligent. AI-powered attacks are breaching government systems, creating new, terrifying vulnerabilities.

7 min read 1 week, 6 days ago

Diagram showing a network firewall with an 'X' indicating a security breach.

Vulnerabilities & CVEs ⚠️ Warning

PAN-OS Zero-Day Exploited: RCE Against Firewalls

A critical zero-day vulnerability in Palo Alto Networks' PAN-OS firewalls is seeing limited, targeted exploitation. The flaw allows unauthenticated attackers to gain root-level control.

7 min read 1 week, 6 days ago

Abstract representation of AI code analysis and threat detection

Vulnerabilities & CVEs ⚠️ Warning

AI Finds Exploits. Are You Ready?

The game has changed. AI isn't just a tool for defenders; it's also the ultimate exploit finder for attackers. Enterprise security needs a radical, AI-speed upgrade.

6 min read 1 week, 6 days ago

🎯

Threat Intelligence ⚠️ Warning

Operation HookedWing: 500+ Orgs Breached in 4-Year Phishing Assault

A stealthy, multi-year phishing operation has compromised over 500 organizations. Operation HookedWing, documented since 2022 but active longer, continues to adapt and ensnare victims.

6 min read 1 week, 6 days ago

Abstract representation of AI and cybersecurity converging, with glowing circuits and data streams.

Threat Intelligence 📊 Objective

AI's Leap: From Sandbox to Security Superhero?

The lines between AI assistant and security sentinel are blurring faster than a deleted file. This past week offered a peek into that electrifying future.

5 min read 1 week, 6 days ago

Screenshot showing a Claude.ai shared chat interface with highlighted malicious instructions.

Cloud Security ⚠️ Warning

Claude.ai Chats & Google Ads Weaponized for Mac Malware

A sophisticated malvertising campaign is turning trusted platforms into vectors for Mac malware. Google Ads and Anthropic's Claude.ai are being abused, demonstrating a new frontier in attack sophistication.

5 min read 1 week, 6 days ago

Screenshot of a fake iCloud storage full warning email with a link to pay.

Threat Intelligence ⚠️ Warning

Fake iCloud Alerts Exploit Urgency, Demand Payment

A persistent phishing scam, masquerading as a critical iCloud storage alert, is back with a dangerous twist: it's now demanding payment to prevent data loss.

4 min read 1 week, 6 days ago

A smartphone screen showing a distorted notification feed with a red alert symbol overlay.

Ransomware & Malware ⚠️ Warning

AI Scam Feed: Pushpaganda Hijacks Notifications

Forget the slick AI art and generated prose; the real AI-powered threat is turning your phone's notification tray into a digital scam feed. Meet Pushpaganda.

6 min read 1 week, 6 days ago

Illustration of a hand holding a smartphone, with icons representing contacts and location dots emanating from the screen, signifying privacy controls.

Compliance & Policy 📊 Objective

Android 17's Contact Picker: A Privacy Leap

Say goodbye to apps slurping your entire contact list. Android 17 is finally giving users control, a move long overdue.

6 min read 1 week, 6 days ago

🔴 This Week in Threat Intel

Ransomware & Malware

Cybersecurity News, Analysis & Insights — Threat Digest

CISA Leak: GovCloud Credentials Exposed on GitHub [Analysis]

Latest Stories

Daily Briefing: May 11, 2026

BRICKSTORM Hits vSphere: Under the Hood of Virtualization's New Threat

[AWS AgentCore] Sandbox Escaped Via DNS Tunneling

AI Unleashed: Hacking's New Frontier

PAN-OS Zero-Day Exploited: RCE Against Firewalls

AI Finds Exploits. Are You Ready?

Operation HookedWing: 500+ Orgs Breached in 4-Year Phishing Assault

AI's Leap: From Sandbox to Security Superhero?

Claude.ai Chats & Google Ads Weaponized for Mac Malware

Fake iCloud Alerts Exploit Urgency, Demand Payment

AI Scam Feed: Pushpaganda Hijacks Notifications

Android 17's Contact Picker: A Privacy Leap

🔴 This Week in Threat Intel

Kimwolf Botnet Master Busted [Criminal Charges Filed]

Microsoft Security's AI Gambit: More Visibility or More Blind Spots?

Tycoon2FA Hijacks Microsoft Accounts via Device-Code Phishing

Drupal Emergency Update Issued for High-Risk Exploit Bug

Gentlemen RaaS Leak: 9 Accounts Exposed, 332 Victims in 5 Months [Analysis]