Threat intel

What's happening in cyber, in plain English

We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.

SeverityAll Critical High Medium Low Info

KindAll Alert Data breach Vulnerability Advisory Report

SourceAll CISA — Known Exploited Vulnerabilities (1579)NVD — high/critical CVEs (rolling 7d) (1116)Have I Been Pwned — public breach catalog (973)Microsoft MSRC — security update guide (99)Cisco PSIRT — security advisories (51)CISA — cybersecurity advisories (40)FCA — UK unauthorised firms & scam warnings (31)NCSC — news & alerts (15)NCSC — weekly threat report (0)ICO — UK data-breach trends (manual) (0)Action Fraud — UK fraud and cybercrime alerts (0)

MediumAlertNCSC — news & alerts· 23 Apr 2026· summary pending
Executive Summary: Defending against China-nexus covert networks of compromised devices
Organisations should map and baseline their edge device traffic, especially VPN and remote access connections, and adopt dynamic threat feed filtering that includes known covert network indicators.
MediumAlertNCSC — news & alerts· 23 Apr 2026· summary pending
Defending against China-nexus covert networks of compromised devices
Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it
MediumAlertNCSC — news & alerts· 23 Apr 2026· summary pending
NCSC: Leave passwords in the past - passkeys are the future
Passkeys are the more secure and user-friendly login method and should be the default authentication option for consumers.
MediumAlertNCSC — news & alerts· 23 Apr 2026· summary pending
International cyber agencies share fresh advice to defend against China-linked covert networks
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
MediumAlertNCSC — news & alerts· 22 Apr 2026· summary pending
World-first NCSC-engineered device secures vulnerable display links
SilentGlass, a plug-and-play device, actively blocks any unexpected or malicious HDMI and Display Port connections.
MediumAlertNCSC — news & alerts· 21 Apr 2026
Cyber chief: UK faces "perfect storm" for cyber security
AI offline placeholder summary for: Title: Cyber chief: UK faces "perfect storm" for cyber security Kind: Alert Seve.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-5958 Race Condition in GNU Sed
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-41988
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-41989
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Information published.
HighCVENVD — high/critical CVEs (rolling 7d)· 24 Apr 2026· summary pending
CVE-2026-5364 — The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulner…
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type
HighCVENVD — high/critical CVEs (rolling 7d)· 24 Apr 2026· summary pending
CVE-2026-6947 — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Byp…
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.
MediumBreachHave I Been Pwned — public breach catalog· 24 Apr 2026· summary pending
Carnival — 7.5M accounts
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, th
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41361 — OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fail…
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41359 — OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowin…
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write cred
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability i…
OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiti
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in th…
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41352 — OpenClaw before 2026.3.31 contains a remote code execution vulnerability where…
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system withou
HighCVENVD — high/critical CVEs (rolling 7d)· 23 Apr 2026· summary pending
CVE-2026-41349 — OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allo…
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations

Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.