NeoShield Security logo NeoShield Security Quantum X

// THREAT INTELLIGENCE CENTER

Turn threat signals into defensive action.

Live cyber update intelligence, KEV-style prioritization, mitigation guidance, and SOC-ready action cards.

18

Tracked items

0

Critical CVEs

11

High risks

Live

Feed status

Intel feed

low

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research

Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
low

Vietnam arrests suspects behind HiAnime anime piracy service

​Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. [...]

Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
high

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit

Mitigation: Patch affected packages, review exposed services, restrict access, and watch logs for exploitation attempts.
high

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated

Mitigation: Confirm exposure, apply vendor patches, add temporary WAF/IPS rules, and run post-patch vulnerability validation.
low

Software Is Now Written at the Speed of Thought. Security Isn't.

Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have traditionally taken place. [...]

Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
high

RCS and DNS: The NAPTR Record, (Mon, Jul 6th)

Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted and digitally signed. Unlike SMS, which was "bolted on" to existing voice-focused phone standards. The SMS s

Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
high

Max severity Adobe ColdFusion flaw now exploited in attacks

Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]

Mitigation: Triage affected assets, validate exposure, apply available mitigations, increase logging, and document evidence for incident review.
high

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust

Mitigation: Verify immutable backups, block known IOCs, isolate affected hosts, and review EDR detections for lateral movement.

Open full cyber update stream →