Threat intelligence dashboard

Today's CVEs, attack reports, and CISA KEV — CVSS, EPSS, and MITRE context at a glance.

Attack reports – last 7 days · through Tuesday 30 June 2026 (29)

New customs charges for online orders outside the …

AlienVault Confidence 100 2 MITREs 3 IOCs 3 Observables

customs email eu fraud impersonating payment
Phishing Campaign PasasteSinTAG - New domain rotation identified …

AlienVault Confidence 100 16 MITREs 108 IOCs 108 Observables

brand impersonation chile credential harvesting domain rotation infrastructure pasastesintag
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages

AlienVault Confidence 100 1 Malware 45 IOCs

backstage plugins ci/cd compromise credential theft developer infrastructure github actions immobiliarelabs
Understanding Langflow CVE-2026-55255, and why higher CVSS vulnerabilities …

AlienVault Confidence 100 2 CVEs 20 MITREs 2 IOCs 2 Observables

ai pipeline exploitation botnet deployment credential theft cve-2026-33017 cve-2026-55255 cvss paradox
Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. …

AlienVault Confidence 100 26 MITREs 1 Malware 29 IOCs 12 Observables 1 APT

china-nexus dcrat fileless execution income tax impersonation india targeting operation dragonreturn

1–5 of 29

All attack reports Platform statistics

Vulnerabilities today (21)

Sorted by CVSS severity (highest first)

CVE-2026-10647

5.3 Medium

The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit callback cdc_ncm_send(). When the enqueue fails, …

Attack vector: ADJACENT_NETWORK
Complexity: HIGH
Published: 30/06/2026

CVE-2026-56809

5.1 Medium

Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script …

Published: 30/06/2026

CVE-2026-57997

4.8 Medium

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside …

Attack vector: NETWORK
Complexity: HIGH
Published: 30/06/2026

CVE-2026-12560

4.4 Medium

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field …

Attack vector: NETWORK
Complexity: HIGH
Published: 30/06/2026

CVE-2026-12114

4.4 Medium

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in …

Attack vector: NETWORK
Complexity: HIGH
Published: 30/06/2026

CVE-2026-8944

4.3 Medium

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and …

Attack vector: NETWORK
Complexity: LOW
Published: 30/06/2026

16–21 of 21

All vulnerabilities