🔴 Breaking
CitrixBleed 2 CVE-2025-5777 — 7-step playbook, MFA bypassed via session token theft, DragonForce ransomware in under an hour, patch AND terminate all sessions now  •  JADEPUFFER — first AI agent ransomware, 600 payloads, recovery impossible  •  Bad Epoll CVE-2026-46242 — Linux root exploit Mythos missed, 99% reliable, reaches Android  •  DuneSlide CVSS 9.8 — Cursor IDE zero-click sandbox escape  •  Claude Code reverse shell — clean GitHub repo, DNS TXT payload   CitrixBleed 2 CVE-2025-5777 — 7-step playbook, MFA bypassed via session token theft, DragonForce ransomware in under an hour, patch AND terminate all sessions now  •  JADEPUFFER — first AI agent ransomware, 600 payloads, recovery impossible  •  Bad Epoll CVE-2026-46242 — Linux root exploit Mythos missed, 99% reliable, reaches Android  •  DuneSlide CVSS 9.8 — Cursor IDE zero-click sandbox escape  •  Claude Code reverse shell — clean GitHub repo, DNS TXT payload   
Threat Briefs
41
Active Threats
14
CISA KEV Listed
11
No Patch Yet
3
Latest

Threats & Attacks

Network Security · Ransomware · MFA Bypassed · Under 1 Hour
CitrixBleed 2: Seven Steps From NetScaler Memory Leak to DragonForce Ransomware in Under an Hour

5,937 login failures = leaked heap memory, not wrong passwords. Session token stolen. MFA bypassed. SYSTEM in minutes. Same playbook across 6 unrelated victims. Stolen tokens survive patching — terminate all sessions now.

July 13, 2026
AI Security · First AI Agent Ransomware
JADEPUFFER: First Confirmed AI Agent Ransomware — 600 Payloads, 1,342 Records Gone, Recovery Impossible

Autonomous LLM: initial access to database encryption to ransom demand. No human at keyboard. Key displayed once, never stored. Ran on victim’s own stolen API keys. Cost near zero.

July 9, 2026
Linux Kernel · Android · 99% Reliable
Bad Epoll (CVE-2026-46242): The Linux Root Exploit Mythos Missed — 99% Reliable, Reaches Android

Six-instruction race window. Root 99% of the time. Reaches Android from Chrome’s renderer sandbox. Third LPE in two weeks. Patch and reboot now.

July 5, 2026
AI Security · CVSS 9.8 · Fortune 500
DuneSlide: Zero-Click Prompt Injection Escapes Cursor IDE Sandbox on Fortune 500 Machines

Normal prompt. MCP response. Sandbox binary overwritten. No click. Full machine. 50%+ Fortune 500. Update to Cursor 3.0 now.

July 2, 2026
AI Security · Prompt Injection · Reverse Shell
Claude Code Reverse Shell — Mozilla 0DIN: Clean GitHub Repo, Zero Malicious Code, No Scanner Catches It

Payload in DNS TXT record — never in repo. Static analysis, AI agent, human review: all blind. “Claude Code never decided to open a shell. It decided to fix an error.”

July 1, 2026
Identity Security · 37x Spike
Device Code Phishing: 37x Spike, MFA Bypass That Survives Password Resets — Now Criminal Commodity

Bypasses TOTP, push, SMS. Token survives password resets. Helix now targeting SharePoint with same technique + vishing. Conditional Access doesn’t block by default.

June 29, 2026
Analysis

Intelligence & Deep Dive

The DataWater Intelligence Brief

Weekly CISO-level threat analysis — breaking vulnerabilities, technical depth, zero noise.