Threat intelligence that never sleeps .

XHUNT-2067547872891990484·6/18/2026·1 min

Most $TAO holders know what dTAO is. Almost none of them understand what it is actually telling them. That gap is wher

Most $TAO holders know what dTAO is. Almost none of them understand what it is actually telling them. That gap is where the early positioning happens. Before dTAO, subnet emissions were allocated based on price. The subnets with the highest token prices captured the most https://t.co/ob6Tn4LcUu

XHUNT-2067501565418885414·6/18/2026·1 min

random discord guy in 2026: "we have discovered a critical vulnerability in your protocol" the vulnerability: "we can

random discord guy in 2026: "we have discovered a critical vulnerability in your protocol" the vulnerability: "we can DDoS your website"

XHUNT-2067586562997850298·6/18/2026·1 min

Deputy Prime Minister/Foreign Minister Senator Mohammad Ishaq Dar delivered a keynote address via recorded video message

Deputy Prime Minister/Foreign Minister Senator Mohammad Ishaq Dar delivered a keynote address via recorded video message at the seminar, “Transboundary Water Resources: A Weaponised Global Common,” organized by the Embassy of Pakistan in Brussels and the Centre for European

XHUNT-2067661168773128574·6/18/2026·1 min

🛡️ We added Splunk Enterprise missing authentication for critical function vulnerability CVE-2026-20253 to our KEV Cata

🛡️ We added Splunk Enterprise missing authentication for critical function vulnerability CVE-2026-20253 to our KEV Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/jhJnQuKp49

CVE-2026-12294·6/18/2026·1 min

CRITICAL: CVE-2026-12294 (CVSS 9.6) — mozilla firefox

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12295·6/18/2026·1 min

CRITICAL: CVE-2026-12295 (CVSS 9.6) — mozilla firefox

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12297·6/18/2026·1 min

CRITICAL: CVE-2026-12297 (CVSS 9.6) — mozilla firefox

Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12296·6/18/2026·1 min

CRITICAL: CVE-2026-12296 (CVSS 9.6) — mozilla firefox

Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

breach-bleepingcomputer-nintendo-confirms-data-stolen-in-webmd-s·6/18/2026·1 min

Nintendo confirms data stolen in WebMD subsidiary cyberattack

Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. [...]

CVE-2026-46883·6/18/2026·1 min

CRITICAL: CVE-2026-46883 (CVSS 9.8) — oracle jd edwards enterpriseone tools

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2026-46882·6/18/2026·1 min

CRITICAL: CVE-2026-46882 (CVSS 9.8) — oracle jd edwards enterpriseone tools

CVE-2026-46881·6/18/2026·1 min

CRITICAL: CVE-2026-46881 (CVSS 9.8) — oracle jd edwards enterpriseone tools

breach-databreaches-net-uk-more-than-one-year-later-hcrg-is-firs·6/18/2026·1 min

UK: More than one year later, HCRG is first notifying patients of ransomware attack

In February 2025, after the Medusa ransomware gang claimed responsibility for an attack on the UK healthcare provider HCRG Care Group, HCRG confirmed it had been breached but would only say it was investigating. While they remained silent, SuspectFile obtained and reported on dat

CVE-2026-46880·6/18/2026·1 min

CRITICAL: CVE-2026-46880 (CVSS 9.8) — oracle jd edwards enterpriseone tools

AI Threats1 sources

AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code sess

## Summary Two inbound-mail handlers act on a privileged effect without verifying that the sender is the operator, while a sibling handler in the same repo does. The higher-impact one: any external em

agent-threats-agenticmail-unauthenticated-inbound-mail-triggers-mqjrzb8j·6/18/2026·1 min

CVE-2026-46847·6/18/2026·1 min

CRITICAL: CVE-2026-46847 (CVSS 9.9) — oracle webcenter portal

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Runtime Tools). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Lyrie Originals5 sources

Pattern alert: 13 recent advisories converge on 0day

Lyrie Threat Intelligence identifies a thread connecting 13 recent advisories around 0day.

original-0day-mqjqwnmf·6/18/2026·1 min

breach-databreaches-net-data-analysis-of-the-global-schools-grou·6/18/2026·1 min

Data analysis of the Global Schools Group breach, Part 2

In Part 1, DataBreaches published some totals and aggregate data from the recent Global Schools Group data breach. All analyses and statistics were provided to this site by FulcrumSec, who had attacked Global Schools Group (GSG) and exfiltrated the data. Data from three of GSG’s

breach-databreaches-net-cybersecurity-breach-includes-crime-stop·6/18/2026·1 min

Cybersecurity breach includes Crime Stoppers of Hamilton data

The Navigate360 (“P3”) data breach seems to finally be getting some attention in Canada. Nicole O’Reilly reports: Hamilton police say they’ve been made aware that a cybersecurity incident earlier this year affecting a U.S.-based online platform includes a breach of Crime Stoppers

CVE-2026-46889·6/18/2026·1 min

CRITICAL: CVE-2026-46889 (CVSS 9.8) — multiple products

Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2026-46887·6/18/2026·1 min

CRITICAL: CVE-2026-46887 (CVSS 9.8) — multiple products

CVE-2026-46860·6/18/2026·1 min

CRITICAL: CVE-2026-46860 (CVSS 9.8) — multiple products

Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router. Successful attacks of this vulnerability can result in takeover of MySQL Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2026-46853·6/18/2026·1 min

CRITICAL: CVE-2026-46853 (CVSS 9.6) — oracle enterprise manager base platform

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

XHUNT-2067525116280422443·6/18/2026·1 min

⚠️CVE-2026-49975 (CVSS 7.5)⚠️ Critical HTTP/2 Bomb Denial-of-Service vulnerability in Apache HTTP Server mod_http2. Att

⚠️CVE-2026-49975 (CVSS 7.5)⚠️ Critical HTTP/2 Bomb Denial-of-Service vulnerability in Apache HTTP Server mod_http2. Attackers can send crafted malicious HTTP/2 requests to trigger excessive memory allocation in vulnerable servers. By abusing HTTP/2 header compression and https://t.co/6iAAKidiGg

XHUNT-2067584468274340137·6/18/2026·1 min

🛡️ F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks Source: https://t.co/bMEAomcnYk F5 has

🛡️ F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks Source: https://t.co/bMEAomcnYk F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and https://t.co/2D8WVI50V

CVE-2026-46802·6/18/2026·1 min

CRITICAL: CVE-2026-46802 (CVSS 9.9) — oracle webcenter portal

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVE Deep DivesCVSS 103 sources

CRITICAL: CVE-2026-46803 (CVSS 10) — oracle webcenter portal

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVE-2026-46803·6/18/2026·1 min

CVE-2026-46814·6/18/2026·1 min

CRITICAL: CVE-2026-46814 (CVSS 9.9) — oracle webcenter portal

CVE-2026-46838·6/18/2026·1 min

CRITICAL: CVE-2026-46838 (CVSS 9.9) — oracle webcenter portal

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).