Defense Intelligence

Threats targeting defense contractors, military systems, and national security infrastructure.

15
Total Reports
5
Critical Threats
6
High Threats
CRITICALZero DayExploited

Critical Zero-Day in Palo Alto PAN-OS Firewalls Under Active Mass Exploitation

A critical unauthenticated RCE in PAN-OS GlobalProtect is being mass exploited. Over 25,000 devices vulnerable. CISA issues emergency directive.

CVE-2026-0015PAN-OS 11.1
Palo Alto Networks PSIRT
CRITICALZero DayExploited

UNC3886 Deploys Firmware Rootkit on Juniper MX Routers via Zero-Day

UNC3886 exploits Juniper Junos zero-day to deploy firmware-level rootkits on MX-series routers. Implant survives software upgrades and factory resets.

CVE-2026-29001Juniper MX Series
Mandiant
CRITICALAptExploited

Salt Typhoon Compromises Three Additional US Telecom Providers

CISA and FBI confirm Salt Typhoon has compromised three additional US telecom providers, totaling twelve. Lawful intercept systems accessed.

Cisco IOS XR
CISA / FBI Joint Advisory
HIGHAptExploited

APT29 OAuth Consent Phishing Campaign Targets 14 NATO Governments

APT29 compromises 500+ government accounts across NATO via malicious Azure app registrations requesting mail and file access.

Microsoft 365
Microsoft Threat Intelligence
CRITICALVulnerabilityExploited

Critical Fortinet FortiManager Flaw Enables Managed Firewall Takeover

CVE-2026-48788 allows registration of rogue FortiGate devices to FortiManager, enabling config push to entire managed firewall estate.

CVE-2026-48788FortiManager 7.4
Fortinet PSIRT / Mandiant
LOWVulnerability

CISA Releases Updated Zero Trust Maturity Model v3.0

CISA publishes Zero Trust Maturity Model v3.0 with updated guidance for identity, devices, networks, applications, and data pillars.

N/A
CISA
CRITICALZero DayExploited

Ivanti Connect Secure New Zero-Day Under Active Exploitation

Another zero-day in Ivanti Connect Secure VPN appliances. Stack buffer overflow enables unauthenticated RCE. Third major Ivanti VPN zero-day in two years.

CVE-2026-18321Ivanti Connect Secure
Mandiant / Ivanti
HIGHAptExploited

UNC3886 Linked to VMware vCenter Exploitation Campaign Targeting Defense Sector

UNC3886 exploits known VMware vCenter vulnerabilities to deploy VirtualPita and VirtualPie backdoors across defense contractor virtualization infrastructure.

CVE-2025-22224CVE-2025-22225VMware vCenter Server
Mandiant / Microsoft
HIGHAptExploited

APT28 Compromises European Defense Contractor via Outlook Zero-Day

APT28 exploits Outlook NTLM relay zero-day to compromise a major European defense contractor. Classified project data at risk.

CVE-2026-15899Microsoft Outlook
ANSSI / Microsoft Threat Intelligence
MEDIUMApt

OpenAI Discloses State-Sponsored Misuse of ChatGPT for Cyber Operations

OpenAI reports disrupting five state-sponsored groups using ChatGPT for reconnaissance, phishing content generation, and malware debugging.

ChatGPT
OpenAI Threat Intelligence
HIGHAptExploited

APT28 Exploits Cisco Router Vulnerabilities for Long-Term Espionage

UK NCSC warns APT28 exploiting Cisco router vulnerabilities to establish persistent espionage infrastructure across European government networks.

CVE-2026-20145Cisco IOS
UK NCSC / NSA
HIGHMalware

Sandworm Uses Compromised Ubiquiti Routers as C2 Infrastructure

FBI warns Sandworm is using a botnet of compromised Ubiquiti EdgeRouters as proxy C2 infrastructure for espionage operations against NATO targets.

Ubiquiti EdgeRouter
FBI / NSA Joint Advisory
MEDIUMInsider Threat

North Korean IT Workers Infiltrate Fortune 500 Companies via Remote Positions

DOJ charges 14 North Korean nationals operating as remote IT workers at Fortune 500 companies. $88M in wages funneled to DPRK regime.

Remote Work Platforms
DOJ / FBI
MEDIUMVulnerability

CISA Adds 12 Vulnerabilities to Known Exploited Vulnerabilities Catalog in One Week

CISA adds 12 vulnerabilities to KEV catalog in a single week — the highest since the catalog launch. Reflects accelerating exploitation pace.

Multiple Vendors
CISA
HIGHAptExploited

Iranian APT Targets US Defense Industrial Base with New MalwareLoader

Iranian threat actor Peach Sandstorm deploys novel loader in campaign against US defense industrial base. Targets include drone and satellite manufacturers.

Azure AD
Microsoft Threat Intelligence