🔴 Breaking
CISA ADVISORY: Nx Console / GitHub supply chain compromise — CVE-2026-48027 on KEV, Megalodon campaign confirmed, federal deadline June 10  •  Verizon DBIR 2026: exploitation now #1 breach vector, 44% of breaches include ransomware  •  CVE-2026-34926 Trend Micro Apex One — zero-day lets attackers push malware to every endpoint, CISA KEV deadline June 4  •  MiniPlasma — Windows SYSTEM zero-day, no patch until June 10  •  CVE-2026-42897 Exchange OWA — CISA deadline May 29  •  Fragnesia CVE-2026-46300 — 3rd Linux root exploit in 2 weeks    CISA ADVISORY: Nx Console / GitHub supply chain compromise — CVE-2026-48027 on KEV, Megalodon campaign confirmed, federal deadline June 10  •  Verizon DBIR 2026: exploitation now #1 breach vector, 44% of breaches include ransomware  •  CVE-2026-34926 Trend Micro Apex One — zero-day lets attackers push malware to every endpoint, CISA KEV deadline June 4  •  MiniPlasma — Windows SYSTEM zero-day, no patch until June 10  •  CVE-2026-42897 Exchange OWA — CISA deadline May 29  •  Fragnesia CVE-2026-46300 — 3rd Linux root exploit in 2 weeks   
Threat Briefs
18
Active Threats
9
CISA KEV Listed
8
No Patch Yet
2
Latest

Threats & Attacks

🚨 CISA Advisory
CISA Warning: Nx Console / GitHub Supply Chain — Two CVEs on KEV, Megalodon Confirmed, June 10 Deadline

CISA formally documented both the Nx Console breach and the parallel Megalodon GitHub Actions campaign. TeamPCP open-sourced its framework. Copycat groups already active. Full forensic checklist inside.

May 29, 2026
 Intelligence Report
Verizon DBIR 2026: Exploitation Is the #1 Breach Vector — Only 26% of CISA KEV Flaws Were Patched

22,052 incidents. 12,195 confirmed breaches. Exploitation beats credentials for the first time. Ransomware in 44% of breaches. Supply chain attacks doubled. Median patch time: 43 days.

May 26, 2026
 Endpoint Security
CVE-2026-34926: Trend Micro Apex One Zero-Day — Attackers Push Malware to Every Endpoint You Manage

Directory traversal in Apex One on-premise server. Attacker injects malicious code that auto-deploys to every managed endpoint. CISA KEV. Federal deadline June 4, 2026.

May 26, 2026
 Supply Chain
TanStack → GitHub: One VS Code Extension Breaches GitHub, OpenAI & Mistral AI in 18 Minutes

Poisoned Nx Console auto-delivered to 2.2M installs. GitHub, OpenAI, Mistral AI, Grafana Labs all breached. 3,800 internal repos exfiltrated. TeamPCP at SolarWinds scale.

May 21, 2026
 Email Security
CVE-2026-42897: Exchange OWA Zero-Day — One Email, No Patch, Active Exploitation

A crafted email triggers JavaScript inside an authenticated OWA session. No permanent patch. CISA KEV. Federal deadline May 29. Exchange Online is not affected.

May 19, 2026
 Windows Zero-Day
MiniPlasma: SYSTEM Shell on Every Fully Patched Windows PC — No Patch Until June 10

Standard user in, SYSTEM shell out. Public PoC on GitHub. 6th zero-day in 6 weeks. First 3 confirmed used in real attacks.

May 19, 2026
Analysis

Intelligence & Deep Dive

01
Application Security
ASPM Is the Cybersecurity Blind Spot Behind Today’s Biggest Enterprise Breaches
Jan 23, 2026  ·  Analysis
02
Supply Chain Risk
Third-Party & Supply-Chain Cyber Risk: The Enterprise Blind Spot Behind “Surprise” Breaches
Jan 7, 2026  ·  Intelligence
03
AI Risk
AI Model Poisoning & LLM Data Leakage: The Silent Threat Reshaping Enterprise Security
Dec 11, 2025  ·  Investigation
04
APT Strategy
From Perimeter Defense to Continuous Trust: Enterprise Strategies for Managing APT Risk
Feb 25, 2026  ·  Deep Dive
More

Further Coverage

Linux Kernel
Fragnesia (CVE-2026-46300): The Linux LPE the Dirty Frag Patch Accidentally Created

No race condition. Public PoC. Container escape. Dirty Frag kernel patch does NOT protect you. Third Linux root exploit in two weeks.

May 18, 2026
 Network Infrastructure
CVE-2026-20182: CVSS 10.0 Cisco SD-WAN Auth Bypass — 11 Threat Clusters Exploiting Now

Four DTLS packets. No credentials. Full admin access to the enterprise SD-WAN fabric. Nation-state-linked UAT-8616. CISA Emergency Directive 26-03.

May 16, 2026
 Web Server
NGINX Rift (CVE-2026-42945): 18-Year Heap Overflow — Actively Exploited in the Wild

VulnCheck confirms real-world attacks. CVSS 9.2. ~34% of all internet web servers exposed. Patch to NGINX 1.30.1 now.

May 14, 2026
 Critical RCE
Dead.Letter (CVE-2026-45185): Exim CVSS 9.8 — AI-Built Exploit, No Config Workaround

One SMTP sequence. Heap corrupted. Shell opened. Autonomous AI built the full exploit in 7 days. Patch to Exim 4.99.3.

May 13, 2026
 Linux Kernel
Copy Fail (CVE-2026-31431): 9-Year Linux LPE — Root in Seconds, CISA KEV Listed

732 bytes of Python. Root on every major distro since 2017. No race condition. No disk trace. Container escape primitive.

May 7, 2026
 Supply Chain
PyTorch Lightning: Mini Shai-Hulud Campaign’s First Strike — The Origin of the GitHub Breach

The same TeamPCP campaign that breached GitHub started here on April 30. Malicious PyPI packages, credential-stealing worm, IDE persistence hooks.

Apr 30, 2026

The DataWater Intelligence Brief

Weekly CISO-level threat analysis — breaking vulnerabilities, technical depth, zero noise. Trusted by enterprise and government security leaders.