Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
sccmhunter — SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active
SCCMHunter is a post-exploitation tool designed to identify, profile, and attack Microsoft System Center Configuration Manager (SCCM) assets within Active Directory domains. The tool consolidates multiple known SCCM attack primitives—including NTLM coercion, client push account abuse, and credential extraction from task sequences—into a unified framework for lateral movement and privilege escalation.
CVE-2026-5830 — Tenda: Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow.
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. CVSSv3.1 8.8 (HIGH)
CVE-2026-4326 — Vertex: The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capability check does not terminate execution when it fails — it only sets an error message variable while allowing the plugin installation and activation code to execute. The error response is on CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile
CVE-2026-5815 — The manipulation results in stack-based buffer overflow.
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)
We let OpenClaw loose on an internal network. Here’s what it found
Sophos Red Team conducted a controlled penetration test using OpenClaw, an agentic AI tool, against a legacy on-premises network with strict safety guardrails and custom-built skills. The assessment discovered 23 actionable findings, reduced AD reconnaissance from 3 days to 3 hours, and demonstrated both the efficiency gains and safety challenges of deploying autonomous AI agents in offensive security operations.
Adobe Reader zero-day vulnerability in active exploitation
Adobe Reader zero-day vulnerability exploited in the wild since at least December 2025 allows remote code execution via malicious PDF files containing obfuscated JavaScript that executes privileged Acrobat APIs. Attacks are targeted at Russian oil and gas sector organizations using spear-phishing lures. No CVE identifier or official patch has been released as of the advisory date.
U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026
Trend Micro's Q1 2026 threat intelligence report documents a critical escalation in attacks against U.S. public sector: Salt Typhoon (PRC-linked) confirmed breaching House Committee staff emails with ongoing access; AI-enabled ransomware campaigns targeting state/federal systems; and multiple critical RCE vulnerabilities (Fortinet, Cisco, VMware) actively exploited with 10,000+ unpatched internet-facing devices. The report highlights configuration failures in state DHS systems, third-party supply chain attacks on law enforcement, and the emergence of agentic AI in attack automation.
CVE-2026-5173 — GitLab: has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control. CVSSv3.1 8.5 (HIGH)
CVE-2026-5915 — Google Chrome: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)
CVE-2026-5914 — Google Chrome: Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
CVE-2026-5913 — Google Chrome: Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)
CVE-2026-5912 — Google Chrome: Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
CVE-2026-5910 — Google Chrome: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
CVE-2026-5909 — Google Chrome: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
CVE-2026-5908 — Google Chrome: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
CVE-2026-5907 — Google Chrome: Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)
CVE-2026-5904 — Google Chrome: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
CVE-2026-5902 — Google Chrome: Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 9.8 (CRITICAL)
CVE-2026-5884 — Google Chrome: Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed
Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
CVE-2026-5883 — Google Chrome: Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH) · EPSS 32th percentile
CVE-2026-5879 — Google Chrome: Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to
Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
CVE-2026-5877 — Google Chrome: Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote
Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
CVE-2026-5874 — Google Chrome: Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 9.6 (CRITICAL)
CVE-2026-5873 — Google Chrome: Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55
Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
CVE-2026-5872 — Google Chrome: Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote
Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)