Daily Intelligence — Live

Daily Threat & Vulnerability Intelligence Dashboard

Phishing · LotL Abuse · CVEs · Social Engineering — actionable intelligence for IT managers, MSPs, and security teams. Published by 9 AM Eastern every day.

🎣 Phishing & LotL 🛡 Vulnerability CVEs 🎭 Social Engineering ⚡ IOCs Included
Coverage Period Loading...
Curated Intelligence
🎣 THREAT INTELLIGENCE — TODAY
0
Critical
0
High
0
🎣 Phishing
0
🔧 LotL
15
IOCs Today
1
Actors
0
New Findings
1
Archive
🛡 VULNERABILITY REPORT — TODAY
Critical
High
Medium
Exploited
CVEs
Products
Top CVSS
0
Archive
// Today's Threat Findings
View full archive →
// Latest YouTube Shorts
View channel @deepfalcon1313 →
0:58
Storm-2949 drained Azure Key Vaults — zero malware deployed
2.1K views · 4h ago
0:54
CVE-2026-3854 — GitHub RCE via single git push — patch now
1.8K views · 5h ago
0:47
Block OAuth device code flow in Entra ID right now
1.2K views · 7h ago
Live Threat Feed
Storm-2949 abuses ScreenConnect + Azure CLI for cloud-wide exfiltration
06:59
CriticalLotLStorm-2949
Tycoon2FA PhaaS pivots to OAuth Device Code post-takedown
08:14
HighPhaaSAiTM
CloudZ RAT abuses Phone Link to intercept SMS OTPs
May 21
HighLotL
Microsoft details AiTM "code of conduct" campaign — 35K users
May 19
CriticalPhishing
Today at a glance — Threats
Top platformM365 / Entra ID
Top lure typeOAuth Device Code
Top LotL toolScreenConnect
Sectors at riskTech · Finance · HC
IOCs releasedYes — 2 sets
Latest IOCs
SHA2561a4afce34918bdc74ae3f31edaffffa0ee...
Domainfulcio[.]sigstore[.]dev
ASNAS45102 — Alibaba Cloud infra
UAnode/undici axios/1.13.x
⚠ Defanged — refang before use
🛡 VULNERABILITY REPORT — TODAY
// Today's CVE Findings — 7 Vulnerabilities Identified
Critical 🔴 Actively Exploited CVE-2026-3854 GitHub Enterprise
CVE-2026-3854 — GitHub Enterprise Server Remote Code Execution via Single Git Push (CVSS 9.8)
CVSS Score
9.8 Critical
Affected Product
GitHub Enterprise Server
Exploit Status
In-the-Wild PoC
Attack Vector
Network / Unauth
Patch Available
Yes — v3.15.1
First Disclosed
May 22, 2026
▶ Recommended Action
1. Update GitHub Enterprise Server to v3.15.1 immediately.
2. Restrict git push to authenticated users — enforce SSH key or token auth.
3. Review audit logs for anomalous push events from unexpected IPs.
GitLab · GIT NVD · GitHub Security
View CVE Card →
Critical 🔴 Actively Exploited CVE-2026-6973 Ivanti EPMM
CVE-2026-6973 — Ivanti Endpoint Manager Mobile Authentication Bypass Leads to RCE (CVSS 9.4) — CISA KEV Added
CVSS Score
9.4 Critical
Affected Product
Ivanti EPMM
Exploit Status
CISA KEV
Attack Vector
Network / No Auth
Patch Available
Yes — May Advisory
Inventory Match
AirWatch / MDM
▶ Recommended Action
1. Apply Ivanti May 2026 patches immediately — CISA KEV listed.
2. Restrict EPMM admin portal to trusted IPs if patching delayed.
3. Review MDM enrollment logs for unauthorized devices since May 1.
AirWatch · MDM CISA KEV · NVD
View CVE Card →
High CVE-2026-3902 Cisco IOS-XE Patch Available
CVE-2026-3902 — Cisco IOS-XE Web UI Privilege Escalation — Unauthenticated Admin Access (CVSS 8.8)
CVSS Score
8.8 High
Affected Product
Cisco IOS-XE Web UI
Exploit Status
PoC Published
Inventory Match
Cisco networking
Patch Available
Yes — Cisco PSIRT
Priority
Patch within 72h
▶ Recommended Action
1. Disable HTTP/HTTPS server on affected IOS-XE devices if not operationally required.
2. Apply Cisco PSIRT patch — restrict Web UI to management VLANs only.
Cisco IOS-XE · Catalyst Cisco PSIRT · NVD
View CVE Card →
+ 4 more CVEs in today's full vulnerability report →
 CVE Quick View — Today
Critical & High
CVE-2026-3854GitHub Enterprise9.8
CVE-2026-6973Ivanti EPMM9.4
CVE-2026-3902Cisco IOS-XE8.8
CVE-2026-4411VMware vCenter8.2
CVE-2026-2951Windows Server7.8
Vuln Summary — Today
Top vendorGitHub / Cisco
CISA KEV adds1 new today
Actively exploited4 of 7 CVEs
Patches available7 of 7
Top CVSS9.8 Critical
🛡 Executive Summary
Today's report identifies 7 new CVEs. Two critical vulnerabilities in GitHub Enterprise and Ivanti EPMM are actively exploited. Cisco IOS-XE and VMware vCenter require patches within 72 hours.
Read Full Vuln Report →
// Subscription Plans & SE Presentations
Three tiers from $49/month — including Social Engineering Training Decks for Tier 3 MSP subscribers
Daily threat reports · Vulnerability CVEs · IOC database · White-label SE presentation library
312 subscribers
● Free until 500
View Plans & Subscribe → Subscribe & Choose your Plan →
Tracked Threat Actors
S9
Storm-2949
Cloud identity abuse · No malware
3 reports
T2
Tycoon2FA Operators
PhaaS · AiTM · Device Code
5 reports
FT
Fox Tempest
MSaaS · Malware Signing
2 reports
TA
TA4903
BEC · Credential theft
2 reports
MITRE ATT&CK Frequency — 30d
High → Low → None
T1566.002Spearphishing Link×14
T1078.004Valid Cloud Accounts×11
T1111MFA Interception×9
T1190Exploit Public-Facing App×8
Get the Daily Briefing
Both daily reports — threat intelligence AND vulnerability CVEs — in your inbox every morning. IOCs, MITRE TTPs, CVE summaries, and defensive actions. Free until 500 subscribers.
Subscribe & Choose your Plan
Free until we reach 500 subscribers. No vendor content. Unsubscribe any time.
312Subscribers
1Threat Rpts
0Vuln Rpts
15IOCs