Priority Intel
Critical Now — top 6 by score
CVE-2026-30861
47
WeKnora is an LLM-powered framework designed for deep document understanding ...
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an …
- Immediately upgrade WeKnora to version 0.2.10 or later.
- If upgrade is not possible, disable user registration by setting the `allow_registration` configuration parameter to `false` in the WeKnora configuration file.
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US …
Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication April …
- Immediately audit and remove internet-facing Rockwell Automation/Allen-Bradley PLCs (e.g., ControlLogix, CompactLogix). Place them behind firewalls with strict access control lists (ACLs) allowing only trusted IPs.
- Update all Rockwell Automation FactoryTalk software and firmware to the latest versions, and review advisories for related CVEs (e.g., CVE-2024-21924, CVE-2023-3595).
What 2026 DBIR Confirms: Attacks Are Living in the Browser
Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals …
- Deploy a browser security solution (e.g., Talon, Island) or configure Microsoft Defender Application Guard for Isolation to contain browser-based threats.
- Implement a Chrome Enterprise policy (e.g., `ExtensionInstallBlocklist: *` and `ExtensionInstallAllowlist`) to strictly control browser extension installation.
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell …
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information …
- Scan all Microsoft IIS servers for anomalous web files (e.g., .aspx, .ashx, .asmx) in web directories using tools like Microsoft Safety Scanner or webshell scanners (e.g., NeoPI). Focus on files with recent timestamps.
- Harden IIS by disabling unnecessary HTTP modules (e.g., WebDAV) and request filtering, and implement strict IP restrictions in `web.config` files for administrative paths.
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the …
Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of …
- Review vendor advisory and assess exposure
Updating the taxonomy of failure modes in agentic AI systems: What a year of red …
A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven …
- For deployed AI agents, implement strict input/output validation and sanitization, and configure runtime sandboxing (e.g., using gVisor, Firecracker) to limit system access.
- Apply the principle of least privilege to AI agent service accounts and API keys, and use tools like Azure AI Content Safety or OpenAI Moderation API to filter prompts and completions.