🔴 Breaking
wp2shell CVE-2026-63030 — unauthenticated WordPress core RCE, no login, no plugins, 500M sites, patch to 7.0.2 / 6.9.5 now, verify auto-update landed  •  GPT-5.5 92.4% offensive cyber tasks, all benchmarks saturated, AI capability doubles every 6 months  •  UEFI Secure Boot bypass — 11 Microsoft-signed shims, bootkits before EDR  •  CitrixBleed 2 — 7 steps to DragonForce in under an hour  •  JADEPUFFER — first AI agent ransomware, recovery impossible   wp2shell CVE-2026-63030 — unauthenticated WordPress core RCE, no login, no plugins, 500M sites, patch to 7.0.2 / 6.9.5 now, verify auto-update landed  •  GPT-5.5 92.4% offensive cyber tasks, all benchmarks saturated, AI capability doubles every 6 months  •  UEFI Secure Boot bypass — 11 Microsoft-signed shims, bootkits before EDR  •  CitrixBleed 2 — 7 steps to DragonForce in under an hour  •  JADEPUFFER — first AI agent ransomware, recovery impossible   
Threat Briefs
44
Active Threats
14
CISA KEV Listed
11
No Patch Yet
2
Latest

Threats & Attacks

Web Security · WordPress Core · Critical RCE
wp2shell: Unauthenticated WordPress Core RCE — No Login, No Plugins, 500M Sites, Patch to 7.0.2 Now

REST API batch endpoint. Single anonymous HTTP request. No preconditions. 6.9.0–7.0.1. 500M+ sites. Forced auto-update pushed — verify it landed. Sites with disabled auto-updates remain exposed. Investigate for prior compromise if you were running affected version.

July 17, 2026
AI Security · Offensive Benchmark · Doubles Every 6 Months
GPT-5.5 Solved 92.4% of Offensive Cyber Tasks and Broke the Benchmark — AI Doubles Every 6 Months

292/316 tasks. All 7 benchmarks saturated. Evaluation system declared broken. 32-point gap from token budget alone. UK AISI confirmed. GPT-5.6 government-gated.

July 16, 2026
Firmware Security · No Exploit Needed
UEFI Secure Boot Bypass: 11 Microsoft-Signed Shims, No Exploit Needed, Bootkits Load Before EDR

Just a file copy. 11 shims trusted by every UEFI computer. BlackLotus, Bootkitty enabled. Runs before OS, before EDR, survives OS reinstall. Apply June dbx update.

July 15, 2026
Network Security · MFA Bypassed · Under 1 Hour
CitrixBleed 2: Seven Steps From NetScaler Memory Leak to DragonForce Ransomware in Under an Hour

5,937 login failures = leaked heap memory. MFA bypassed. SYSTEM in minutes. Same playbook across 6 victims. Stolen tokens survive patching — kill all sessions.

July 13, 2026
AI Security · First AI Agent Ransomware
JADEPUFFER: First Confirmed AI Agent Ransomware — 600 Payloads, Recovery Impossible, Cost Near Zero

Autonomous LLM: initial access to encryption to ransom demand. No human at keyboard. Key never stored. Ran on victim’s own stolen API keys. Old CVEs, unpatched servers.

July 9, 2026
Linux Kernel · Android · AI Missed It
Bad Epoll (CVE-2026-46242): The Linux Root Exploit Mythos Missed — 99% Reliable, Reaches Android

Six-instruction race window. Root 99%. Reaches Android from Chrome’s renderer sandbox. Third LPE in two weeks. No workaround — patch and reboot.

July 5, 2026
Analysis

Intelligence & Deep Dive

The DataWater Intelligence Brief

Weekly CISO-level threat analysis — breaking vulnerabilities, technical depth, zero noise.