THREAT FEED
Clear filtersReal-time security alerts filtered for your threat landscape.
Xfinity Router Firmware Remote Code Execution Vulnerability 2026-03-03
Critical vulnerability discovered in Xfinity xFi gateway routers allowing unauthenticated remote code execution. Firmware versions prior to 3.2.1 are affected. Attackers can gain full control of the router and intercept all network traffic.
Slack Webhook Data Exfiltration Vulnerability 2026-03-02
Attackers exploiting misconfigured Slack incoming webhooks to exfiltrate sensitive data from private channels. Organizations with default webhook permissions are particularly vulnerable. Data is sent to attacker-controlled servers via outbound webhook posts.
Google Workspace OAuth Token Theft Vulnerability 2026-03-01
New attack vector exploiting Google Workspace OAuth consent flow to steal long-lived access tokens. Malicious third-party apps request broad permissions and exfiltrate email, Drive, and Calendar data. Particularly targeting organizations using Slack-Gmail integrations.
NPM Supply Chain Attack Affecting Developer Tools Vulnerability 2026-02-28
Compromised npm packages discovered containing backdoors that exfiltrate environment variables and SSH keys. Over 45,000 downloads before removal. Developers using VS Code and Slack desktop apps with Node.js backends may be affected.
Outlook Zero-Click Calendar Vulnerability Vulnerability 2026-02-27
Critical vulnerability in Microsoft Outlook allows remote code execution via specially crafted calendar invitations. No user interaction required. Affects Outlook desktop clients on Windows. Patch available in March 2026 security update.