ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME21:38:56 UTC
The Atlas Intelligence Brief

Daily briefs from across the threat surface.

Curated from twenty intelligence-grade sources. Rewritten in the Atlas voice. One brief published every morning at 06:00 UTC.

AllCyberGeopoliticsPolicyInfrastructureFinancialHealthcare
Today's Lead Brief
HIGHCyber14h ago

Ransomware attack executed entirely by AI agent, researchers report

JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.

Source · BleepingComputerRead →
Recent Briefs
HIGHCyber1d ago

Agentic AI Executes Multi-Stage Ransomware Attack via Langflow

Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.

Source · SecurityWeekRead →
CRITICALCyber2d ago

FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships

Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.

Source · Dark ReadingRead →
CRITICALCyber3d ago

DHS confirms breach of classified information-sharing network

Hackers compromised the Homeland Security Information Network, a platform used by federal, state, and private partners to share sensitive intelligence.

Source · BleepingComputerRead →
HIGHGeopolitics4d ago

CIA director calls AI capabilities digital nuclear weapons

John Ratcliffe frames artificial intelligence as a strategic threat on par with atomic arsenals, signaling major operational shifts at Langley.

Source · The RecordRead →
HIGHCyber5d ago

Nissan employee data exposed in Oracle zero-day breach

Automaker warns current and former staff after attackers exploited PeopleSoft flaw previously linked to ShinyHunters extortion group.

Source · BleepingComputerRead →
HIGHCyber6d ago

KDDI breach exposes 14.2 million email credentials across six Japanese ISPs

Threat actors compromised shared email infrastructure serving multiple internet providers, affecting millions of subscribers in coordinated attack on telecommunications operator.

Source · BleepingComputerRead →
MODERATEGeopoliticsJun 28

Sanctioned Kinahan Cartel Lieutenant Surfaces at Dubai Padel Club

Open-source investigation locates senior organized crime figure at recreational facility despite international financial sanctions and Interpol notices.

Source · BellingcatRead →
CRITICALCyberJun 27

CISA orders federal agencies to patch exploited Cisco flaw by Sunday

Active exploitation of a Cisco Unified Communications Manager vulnerability prompts emergency directive with three-day compliance window for civilian agencies.

Source · BleepingComputerRead →
CRITICALGeopoliticsJun 26

Columbia-Class Submarines Depend on China-Refined Rare Earths

The Navy's next-generation ballistic missile fleet relies on rare earth elements refined almost exclusively in China, creating a critical supply chain vulnerability.

Source · War on the RocksRead →
HIGHCyberJun 25

Cisco SD-WAN Zero-Day Exploited Two Months Before Disclosure

Mandiant reports unknown threat actor gained root access via CVE-2026-20245, exploiting the flaw as a zero-day before Cisco's public advisory.

Source · The Hacker NewsRead →
HIGHCyberJun 24

LastPass breached via stolen OAuth tokens in Klue supply chain attack

Hackers accessed customer data from LastPass's Salesforce environment after compromising OAuth credentials through third-party vendor Klue earlier this month.

Source · BleepingComputerRead →
HIGHGeopoliticsJun 23

U.S. Extended Deterrence Model Faces Structural Breakdown

Foreign Affairs analysis warns that America's nuclear umbrella over allies is losing credibility as geopolitical and technological realities shift.

Source · Foreign AffairsRead →
HIGHGeopoliticsJun 22

Trump Ambiguity on Taiwan Invites Chinese Coercion Short of War

Foreign Affairs warns that presidential equivocation undermines deterrence, opening pathways for Beijing to claim Taiwan through economic and political pressure.

Source · Foreign AffairsRead →
HIGHCyberJun 21

North Korea compromised 140 npm packages in Mastra AI attack

Microsoft attributes supply chain breach to Sapphire Sleet, marking escalation in state-sponsored targeting of developer infrastructure.

Source · BleepingComputerRead →
HIGHCyberJun 20

Texas vendor breach exposes 3 million driver's licenses

Texas Parks and Wildlife Department reports third-party licensing system compromise affecting personal data of over three million individuals.

Source · BleepingComputerRead →
HIGHCyberJun 19

ShapedPlugin supply chain breach delivers malware via trusted updates

Attackers compromised the WordPress vendor's distribution infrastructure, pushing infected plugin versions to paying customers through official channels.

Source · BleepingComputerRead →
HIGHGeopoliticsJun 18

India Faces Espionage Risk From Decade of Chinese Camera Deployment

The Ghaziabad CCTV case exposes how unregulated Chinese surveillance hardware has penetrated India's most sensitive sites over ten years.

Source · The DiplomatRead →
CRITICALCyberJun 16

Cisco Patches Exploited SD-WAN Zero-Day Under Active Attack

CVE-2026-20262 allows arbitrary file write on Catalyst SD-WAN Manager. Cisco confirms active exploitation in the wild.

Source · SecurityWeekRead →
HIGHCyberJun 15

FBI shuts down Chinese phishing platform serving one million URLs

Outsider Enterprise, an AI-powered phishing-as-a-service operation, was dismantled in a coordinated takedown involving FBI, Google, and Black Lotus Labs.

Source · BleepingComputerRead →
CRITICALCyberJun 14

Splunk Enterprise flaw permits unauthenticated remote code execution

Critical vulnerability in widely deployed enterprise logging platform allows attackers to execute code without credentials. Patches available for affected versions.

Source · The Hacker NewsRead →
HIGHPolicyJun 13

South Korea fines Coupang $409 million for data breach

The penalty against the e-commerce platform is the largest ever issued by Seoul's privacy commission, nearly five times the previous record.

Source · The RecordRead →
CRITICALCyberJun 12

ShinyHunters Exploited Oracle Zero-Day Before Patch Disclosure

Extortion group breached universities via unpatched PeopleSoft flaw, stealing data for ransom during two-week window before Oracle's advisory.

Source · The Hacker NewsRead →
CRITICALCyberJun 11

Ivanti Sentry flaw under active exploit with root access

Attackers are exploiting a maximum-severity vulnerability in Ivanti Sentry gateways, gaining root-level code execution on Internet-facing systems.

Source · BleepingComputerRead →
CRITICALCyberJun 10

Microsoft Defender Zero-Day Grants Attackers SYSTEM-Level Access

Public exploit code for RoguePlanet vulnerability enables privilege escalation on fully patched Windows systems via race condition in Defender.

Source · The Hacker NewsRead →
CRITICALCyberJun 9

Check Point VPN Zero-Day Exploited for Month Before Disclosure

Critical vulnerability in Check Point VPN gateways has been under active exploitation since early May, with Qilin ransomware affiliate linked to attacks.

Source · Dark ReadingRead →
HIGHCyberJun 8

Meta AI support system exploited to hijack 20,000 Instagram accounts

Attackers weaponized Meta's automated customer service AI to reset passwords and seize control of user accounts in a novel social engineering attack.

Source · BleepingComputerRead →
HIGHCyberJun 7

Miasma Worm Compromises 73 Microsoft GitHub Repositories

Self-replicating supply chain attack hits Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations; GitHub disables affected repositories.

Source · The Hacker NewsRead →
HIGHGeopoliticsJun 6

Pentagon's AI advantage erodes as adversaries copy public models

Rivals can replicate U.S. military AI capabilities by distilling logic from openly released frontier models that underpin Defense systems.

Source · War on the RocksRead →
HIGHCyberJun 5

Cisco warns of active zero-day in SD-WAN Manager

Unpatched vulnerability allows attackers to escalate to root privileges on Catalyst SD-WAN Manager; no fix yet available.

Source · BleepingComputerRead →
HIGHInfrastructureJun 4

US agencies warn hackers targeting fuel tank monitoring systems

CISA and interagency partners alert that internet-exposed automatic tank gauges across critical infrastructure are under active cyberattack.

Source · BleepingComputerRead →
HIGHCyberJun 3

Threat actor deploys AI-built ransomware toolkit with automated evasion

New attack framework automates Active Directory reconnaissance and endpoint detection bypass, lowering technical barriers for ransomware operators.

Source · BleepingComputerRead →
HIGHGeopoliticsJun 2

Tehran shifts to protracted conflict doctrine

Iran's leadership has adopted a long-term attrition strategy, signaling sustained regional confrontation rather than near-term escalation or diplomacy.

Source · Foreign AffairsRead →
HIGHCyberJun 1

Dutch Police Dismantle Botnet Controlling 17 Million Devices

Takedown targeted command infrastructure in the Netherlands that coordinated attacks from infected computers, phones, tablets, and IoT hardware worldwide.

Source · The Hacker NewsRead →
CRITICALCyberMay 31

Palo Alto VPN flaw now under active exploitation

Authentication bypass vulnerability in GlobalProtect allows attackers to penetrate corporate networks without credentials, company confirms.

Source · BleepingComputerRead →
HIGHCyberMay 30

Microsoft condemns researcher's public zero-day releases with exploit code

A security researcher published multiple Microsoft zero-days with working proof-of-concept code on GitHub, prompting the company to call the practice unjustifiable.

Source · The RecordRead →
HIGHGeopoliticsMay 29

GCHQ reports daily Russian attacks across UK infrastructure and cyberspace

Britain's signals intelligence chief says Russia is targeting subsea cables, energy pipelines, and conducting sabotage operations, prompting expanded defensive measures.

Source · The RecordRead →
HIGHCyberMay 28

Extortion Gang Poses as Clients to Breach Law Firms

FBI warns Silent Ransom Group is conducting in-person social engineering to gain physical access to law firm servers and client databases.

Source · Dark ReadingRead →
HIGHGeopoliticsMay 27

Russian cluster munitions documented in Mali after airstrikes

Bellingcat and Jeune Afrique confirm banned submunitions in northern Mali village, despite country's treaty obligations prohibiting cluster weapons.

Source · BellingcatRead →
HIGHCyberMay 26

Japanese LMS Zero-Day Delivered Godzilla Shell, Cobalt Strike

KnowledgeDeliver learning platform exploited via hard-coded cryptographic keys before vendor patched critical flaw affecting Japanese enterprise customers.

Source · The Hacker NewsRead →
CRITICALCyberMay 25

Ghost CMS SQL flaw exploited in ClickFix malware campaign

Critical vulnerability in popular publishing platform allows attackers to inject malicious JavaScript, triggering social engineering attacks at scale.

Source · BleepingComputerRead →
HIGHCyberMay 24

Laravel Lang packages compromised in GitHub tag abuse attack

Attackers hijacked popular PHP localization libraries via malicious Composer releases, deploying credential-stealing malware to developer environments worldwide.

Source · BleepingComputerRead →
HIGHCyberMay 23

Dutch authorities seize 800 servers enabling cyberattacks and disinformation

Financial crime investigators arrested two suspects and dismantled infrastructure used for offensive cyber operations and influence campaigns across multiple jurisdictions.

Source · BleepingComputerRead →
HIGHCyberMay 22

Microsoft disrupts Fox Tempest malware-signing service targeting hospitals

Cybercrime platform sold code-signing credentials to ransomware operators, enabling attacks on healthcare and critical infrastructure organizations.

Source · Industrial CyberRead →
HIGHCyberMay 21

GitHub repositories breached via poisoned VS Code extension

Supply chain attack on developer tooling compromised employee device, granting access to internal GitHub repositories through malicious Nx Console extension.

Source · The Hacker NewsRead →
HIGHCyberMay 20

Huawei zero-day caused Luxembourg's nationwide telecom collapse

A previously undisclosed vulnerability in Huawei equipment brought down an entire country's network. The flaw remains unpatched and unacknowledged.

Source · The RecordRead →
HIGHCyberMay 19

GitHub Actions workflow compromised to steal CI/CD credentials

Attackers rewrote repository tags in actions-cool/issues-helper to redirect users to malicious commits harvesting secrets from automated pipelines.

Source · The Hacker NewsRead →
CRITICALCyberMay 18

Windows zero-day grants SYSTEM access on patched machines

Researcher releases working exploit for privilege escalation flaw affecting current Windows versions; Microsoft has not yet issued a patch.

Source · BleepingComputerRead →
CRITICALCyberMay 17

WordPress Plugin Flaw Exploited to Skim WooCommerce Checkout Data

Attackers are actively exploiting a critical vulnerability in Funnel Builder to inject payment-stealing JavaScript into WordPress e-commerce sites.

Source · The Hacker NewsRead →
HIGHCyberMay 16

Microsoft Exchange zero-day exploited in active attacks

High-severity vulnerability enables arbitrary code execution through cross-site scripting targeting Outlook on the web users. Mitigations released Thursday.

Source · BleepingComputerRead →
CRITICALCyberMay 15

Cisco SD-WAN flaw exploited as zero-day, grants admin access

Critical authentication bypass in Catalyst SD-WAN Controller allowed attackers to seize administrative control before patch release, Cisco confirms.

Source · BleepingComputerRead →
CRITICALCyberMay 14

BitLocker bypass and privilege escalation exploits now public

Proof-of-concept code for two unpatched Windows vulnerabilities—YellowKey and GreenPlasma—enables attackers to access encrypted drives and escalate privileges.

Source · BleepingComputerRead →
HIGHCyberMay 13

West Pharmaceutical discloses ransomware breach, operations disrupted

Medical device supplier filed SEC notice after May 4 intrusion that encrypted systems and exfiltrated data, affecting pharmaceutical supply chains.

Source · The RecordRead →
HIGHGeopoliticsMay 12

Four Landslides Kill Hundreds at Congo Coltan Mines Under M23 Control

Bellingcat verifies deadly mining accidents in DRC's Rubaya region, now held by Rwandan-backed armed group, raising supply chain questions for tech firms.

Source · BellingcatRead →
HIGHCyberMay 11

Multi-Year Phishing Campaign Compromises Over 500 Organizations

A sustained phishing operation has breached more than 500 entities across aviation, energy, logistics, and critical infrastructure over several years.

Source · SecurityWeekRead →
HIGHCyberMay 10

JDownloader site compromised to distribute Python RAT malware

Popular download manager's official website served malicious Windows and Linux installers this week, deploying remote access trojan to unsuspecting users.

Source · BleepingComputerRead →
CRITICALCyberMay 9

Linux zero-day grants root access across major distributions

Dirty Frag exploit enables local privilege escalation with a single command, affecting most enterprise Linux deployments currently in production.

Source · BleepingComputerRead →
HIGHCyberMay 8

Iranian intelligence operatives disguise espionage as ransomware attack

MuddyWater APT group deployed Chaos ransomware to mask intrusion tied to Iran's Ministry of Intelligence and Security, incident responders report.

Source · The RecordRead →
HIGHCyberMay 7

DAEMON Tools trojanized in supply chain breach, patched version released

Disc Soft confirms malware was inserted into its popular disc imaging software; users urged to update immediately to clean build.

Source · BleepingComputerRead →
CRITICALCyberMay 6

Palo Alto Networks Confirms Zero-Day Exploit in Firewall Software

CVE-2026-0300 targets the Captive Portal service in PAN-OS, affecting PA and VM series firewalls currently deployed in enterprise networks.

Source · SecurityWeekRead →