Skip to content
Signals
Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time
Dragons Community

Independent Intelligence Platform — Est. 2025

Signal Intelligence for AI, Tech, and Cybersecurity

Cut through the noise. Track what matters.

Signals
CVE-2026-1291 — Weaponized · CVSS 4.3CVE-2026-9062 — Weaponized · CVSS 3.4CVE-2026-9061 — Weaponized · CVSS 3.5CVE-2026-6676 — Weaponized · CVSS 7.8Ransomware — lynx lists sentrydynamics.comRansomware — lynx lists StonehengeRansomware — lynx lists cwwcontractors.comCVE-2026-1291 — Weaponized · CVSS 4.3CVE-2026-9062 — Weaponized · CVSS 3.4CVE-2026-9061 — Weaponized · CVSS 3.5CVE-2026-6676 — Weaponized · CVSS 7.8Ransomware — lynx lists sentrydynamics.comRansomware — lynx lists StonehengeRansomware — lynx lists cwwcontractors.com

Advertising

Reach security teams, developers and technology leaders through research-driven media placements.

Platform Intelligence

355,769

CVEs

25,065

Critical

1,619

CISA KEV

342,712

EPSS Scored

25,341

Victims

386

RS Groups

183

ATT&CK Groups

233

Techniques

Explore

CVE Database

355,769 vulnerabilities with CVSS, EPSS and KEV enrichment.

Threat Intelligence

183 APT groups, techniques, campaigns and actor tracking.

Ransomware

25,341 victim claims across 386 groups, with negotiations.

Vulnerabilities

Severity analytics, vendor exposure and patch prioritization.

MITRE ATT&CK

Enterprise matrix — 233 techniques mapped.

KEV Catalog

1,619 CISA known-exploited vulnerabilities with deadlines.

Actively Exploited

· KEV · EPSS · PoC
CVE-2026-1291MEDIUM 4.31 PoC

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode in all versi

CVE-2026-9062LOW 3.41 PoC

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from

CVE-2026-9061LOW 3.51 PoC

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allo

CVE-2026-6676HIGH 7.81 PoC

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine proce

CVE-2026-12068HIGH 7.41 PoC

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the paren

CVE-2025-9033HIGH 7.81 PoC

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This

CVE-2025-9032HIGH 7.81 PoC

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

CVE-2025-14098HIGH 7.81 PoC

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service

Briefings

· Latest

Cybersecurity

FBI and Google Dismantle China-Based 'Outsider Enterprise' Phishing Network

The FBI, Google and Black Lotus Labs disrupted a China-based phishing-as-a-service operation tied to roughly 9,000 fake sites and over a million malicious URLs, linked to an estimated $1.9 billion in losses.

Dragons Research Desk5 days ago · 5m

Cybersecurity

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

The scam economy around the 2026 FIFA World Cup is already live — fake ticket sites, malicious “free streaming” apps, and credential phishing. Here is how the lures work and how to stay safe.

AI Teams15 days ago

AI

GPT-5's New Capabilities Raise Alarms Among Security Researchers

OpenAI's latest model GPT-5 produces stronger outcomes in cyberattack simulation scenarios, prompting researchers to revisit misuse controls and operational safeguards.

Deniz Kara27 days ago

Threat Intel

Lazarus Group's New APT Campaign Targets Fintech Sector

The North Korea-linked threat actor is targeting fintech firms across the Asia-Pacific region using spear-phishing lures and custom remote access tooling.

Selin Arslan27 days ago

Cybersecurity

$2.1 Billion Stolen from DeFi Protocols So Far This Year

Attacks on DeFi protocols accelerated in Q1 2026 as smart contract flaws, bridge weaknesses and governance abuse remained primary intrusion paths.

Mert Yıldız28 days ago

Technology

Quantum-Encrypted Communication Infrastructure Now Open for Commercial Use

Commercial QKD pilots are moving from research networks into regulated infrastructure as post-quantum migration planning accelerates.

Deniz Kara28 days ago

Vulnerabilities

Microsoft's May Patch Tuesday Closes 78 Security Vulnerabilities

This month's security update includes actively exploited zero-days and a critical remote code execution flaw with broad enterprise exposure.

Ayşe Demir29 days ago

Technology

NVIDIA Blackwell Ultra: A New Standard for AI Training

NVIDIA's B300 Ultra chip increases training throughput while renewing the debate over power, supply constraints and data center risk.

Mert Yıldızabout 1 month ago

Research Library

· Guides

Threat Intelligence · Guide

Fancy Bear Hackers: A Research-Based Overview of APT28

15 min

Vulnerability Management · Guide

Getting Started with Vulnerability Management

15 min

Threat Intelligence · Guide

Building a Threat Intelligence Workflow

20 min

Latest CVEs

· NVD Live
CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

CVE-2026-8356

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.

CVE-2026-6047

LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.

Ransomware Activity

· Tracker Live

sentrydynamics.com

May 23

lynx · US · Technology

Stonehenge

May 23

lynx · TH · Construction

cwwcontractors.com

May 23

lynx · US · Construction

mcfirm.com

Mar 2

incransom · US · Legal Services

https://www.precisioncoating.com/

Mar 2

incransom · US · Healthcare

Martin, Cukjati & Tom, LLP

Mar 2

incransom · US · Legal Services

AI Intelligence

· 45 models · 67 apps & agents
Moonshot AI (Kimi) logo

Kimi K2.7 Code

Moonshot AI (Kimi) · 262K

OpenNVIDIA logo

Llama Nemotron Rerank VL 1B v2

NVIDIA · 10K

OpenAnthropic logo

Claude Fable 5

Anthropic · 1M

Vendor

Nex-N2-Pro

Nex AGI · 262K

OpenSourceful logo

Riverflow V2.5 Pro

Sourceful · 32K

VendorNVIDIA logo

Nemotron 3.5 Content Safety

NVIDIA · 128K

OpenNVIDIA logo

Nemotron 3 Ultra

NVIDIA · 1M

OpenMicrosoft logo

MAI-Voice-2

Microsoft

Vendor
Apps & Agents (67, 38 agents) →AI Hub →

Threat Actors

· ATT&CK

APT-C-23

G1028

aka Mantis, Arid Viper, Desert Falcon

APT-C-23 is a threat group that has been active since at least 2014.(Citation: symantec_mantis) APT-C-23 has primarily focused its operations on the M

APT-C-36

G0099

aka Blind Eagle, TAG-144, AguilaCiega

APT-C-36 is a suspected South American threat group that has engaged in espionage and financially motivated operations since at least 2018. APT-C-36 h

APT1

G0006

aka Comment Crew, Comment Group, Comment Panda

APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd D

APT12

G0005

aka IXESHE, DynCalc, Numbered Panda

APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, hig

APT16

G0023

APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS A

APT17

G0025

aka Deputy Dog

APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, informati

Membership

Intelligence Without Compromise

Free

$0

  • Public briefings
  • CVE feed — limited
  • Weekly digest

Pro· Popular

$29/mo

  • All briefings
  • Alert watchlists
  • CVE notifications
  • Threat feed access

Pro+

$79/mo

  • Restricted intelligence
  • Dark web reports
  • Data exports
  • API access

Enterprise

Custom

  • Full API
  • Team workflows
  • Integrations
  • Dedicated support

14-day free trial on Pro plans · No credit card required

Advertising

Reach security teams, developers and technology leaders through research-driven media placements.

Daily Brief

Intelligence Digest

CVEs, threat signals and analysis delivered each morning. No spam, unsubscribe anytime.

Preference center·Sign in
Dragons Community — Cybersecurity & AI Intelligence