✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Security/Investigations
Breach intelligence, attack campaigns, and threat reports targeting the Security/Investigations sector.
Explore Other Sectors
Security/Investigations Threat Reports
Critical Security Flaws Discovered in Brickcom Cameras
In June 2026, critical vulnerabilities were identified in Brickcom cameras, specifically models Cube, Dome, Bullet, and Box version 3.2.3.5.6. These flaws, cataloged as CVE-2026-50245 and CVE-2026-50005, allow unauthenticated remote attackers to access live video feeds and still images via the /ONVIF endpoint without requiring authentication. Additionally, the use of default credentials enables silent access to camera feeds, compromising sensitive visual information and potentially granting administrative control over the devices. The exploitation of these vulnerabilities poses significant risks to sectors such as Commercial Facilities, Critical Manufacturing, Financial Services, and Healthcare, where surveillance systems are integral to security operations. The absence of authentication mechanisms in these cameras underscores the critical need for robust access controls and regular security assessments to prevent unauthorized access and data breaches.
1 week ago
Kill Chain
Critical Vulnerability in KMW CCTV Security Cameras (CVE-2026-5386)
In May 2026, a critical vulnerability (CVE-2026-5386) was identified in KMW CCTV Security Cameras, specifically models KM-IP521 and KM-IP421. This flaw allows unauthenticated attackers to remotely reset the administrator password to a known value, granting full access to camera feeds and settings. The vulnerability poses significant risks to critical infrastructure sectors, including commercial facilities, government services, and financial services. KMW has released firmware updates to address this issue and recommends users apply these updates promptly. ([windowsforum.com](https://windowsforum.com/threads/cisa-icsa-26-148-06-kmw-cctv-critical-password-reset-flaw.420548/?utm_source=openai)) This incident underscores the growing security challenges associated with IoT devices in critical infrastructure. The ease of exploitation and potential impact highlight the necessity for robust security measures, including regular firmware updates and network segmentation, to protect against unauthorized access and potential breaches.
3 weeks ago
Kill Chain
Critical XSS Vulnerability in CP Plus NVRs: CVE-2026-6824
In May 2026, a critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-6824, was discovered in CP Plus 8 Channel Network Video Recorders (NVRs). This flaw allows attackers to inject malicious scripts into the device's web interface, which execute in the browsers of authenticated users or administrators upon access. Exploitation can lead to session hijacking, unauthorized actions, data exposure, and compromise of system integrity. The affected versions include CP-UNR-108F1 Hardware V1.0, Web V3.2.7.128806, and System V4.001.00AT009.0.R. ([socdefenders.ai](https://www.socdefenders.ai/item/a70ca9af-a0bb-4b2f-9cf8-a89beb76b2b9?utm_source=openai)) This incident underscores the persistent threat posed by web-based vulnerabilities in critical infrastructure devices. As attackers increasingly target such systems, organizations must prioritize regular security assessments, timely patching, and adherence to best practices to mitigate risks associated with similar vulnerabilities.
3 weeks ago
Kill Chain
Critical Vulnerability in ZKTeco CCTV Cameras: CVE-2026-8598
In May 2026, a critical vulnerability (CVE-2026-8598) was identified in ZKTeco CCTV cameras, specifically affecting the SSC335-GC2063-Face-0b77 model with firmware versions prior to V5.0.1.2.20260421. This flaw involved an undocumented configuration export port that lacked authentication, potentially exposing sensitive information such as camera account credentials and open services. Exploitation of this vulnerability could lead to unauthorized access and control over the affected devices. This incident underscores the importance of securing physical security devices, as they can serve as entry points for broader network compromises. Organizations are urged to promptly update their firmware to the latest version and implement robust network segmentation to mitigate such risks.
1 month ago
Kill Chain
ADT Data Breach 2026: Lessons in SSO Security
In April 2026, home security company ADT experienced a data breach orchestrated by the ShinyHunters extortion group. The attackers gained unauthorized access to ADT's systems through a voice phishing (vishing) attack, compromising an employee's Okta single sign-on (SSO) account. This access allowed them to infiltrate ADT's Salesforce instance and exfiltrate personal information, including names, phone numbers, addresses, and, in some cases, dates of birth and partial Social Security numbers. Notably, no payment information or customer security systems were affected. ADT promptly terminated the intrusion, launched an investigation, and notified all affected individuals. This incident underscores the escalating threat posed by sophisticated social engineering attacks targeting SSO credentials. Organizations must enhance their security awareness training and implement robust multi-factor authentication protocols to mitigate such risks.
2 months ago
Kill Chain
Critical Vulnerability in Xiongmai XM530 IP Cameras: CVE-2025-65856
In December 2025, a critical authentication bypass vulnerability, identified as CVE-2025-65856, was discovered in Xiongmai XM530 IP cameras running Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. This flaw allows unauthenticated remote attackers to access sensitive device information and live video streams by exploiting the ONVIF implementation, which fails to enforce authentication on 31 critical endpoints. The vulnerability poses significant privacy and security risks to organizations and individuals relying on these surveillance devices. The public release of proof-of-concept exploit code in April 2026 has heightened the urgency for remediation. Despite the severity of the issue, the manufacturer has yet to provide a patch, leaving thousands of devices worldwide vulnerable to potential exploitation.
2 months ago
Kill Chain
ADT Data Breach 2026: Lessons in Cloud Security and Social Engineering
In April 2026, home security giant ADT experienced a significant data breach orchestrated by the cyber extortion group ShinyHunters. The attackers gained unauthorized access to ADT's cloud-based environments by compromising an employee's Okta single sign-on (SSO) account through a voice phishing (vishing) attack. This breach led to the exfiltration of personal information belonging to approximately 5.5 million individuals, including names, phone numbers, physical addresses, dates of birth, and partial Social Security numbers or Tax IDs. Notably, no payment information or customer security systems were compromised. This incident underscores the escalating threat posed by sophisticated social engineering tactics targeting SSO credentials. Organizations must bolster their defenses against such attacks, as the reliance on cloud-based services and centralized authentication systems continues to grow, making them attractive targets for cybercriminals.
1 month ago
Kill Chain
Nexcorium Botnet's Exploitation of CVE-2024-3721 in TBK DVRs
In April 2026, cybersecurity researchers identified a new variant of the Mirai botnet, named Nexcorium, actively exploiting CVE-2024-3721—a command injection vulnerability in TBK DVR-4104 and DVR-4216 devices. By sending specially crafted HTTP POST requests to the vulnerable endpoint, attackers gained remote control over these devices, integrating them into a botnet used for large-scale Distributed Denial-of-Service (DDoS) attacks. The campaign, attributed to a group known as 'Nexus Team,' highlights the persistent threat posed by unpatched IoT devices in critical environments. ([fortinet.com](https://www.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium-a-vulnerability-driven-iot-botnet-campaign?utm_source=openai)) This incident underscores the ongoing risks associated with IoT vulnerabilities, particularly in devices that are often overlooked in security protocols. The exploitation of CVE-2024-3721 by Nexcorium serves as a stark reminder of the importance of timely patching and robust security measures to protect against evolving botnet threats.
2 months ago
Kill Chain
Dahua DVRs Compromised: A 2026 Cybersecurity Wake-Up Call
In April 2026, a significant cybersecurity incident was identified involving Dahua Digital Video Recorders (DVRs). Attackers exploited default credentials and unpatched vulnerabilities to gain unauthorized access to these devices. Once compromised, the DVRs were co-opted into botnets, facilitating further malicious activities such as distributed denial-of-service (DDoS) attacks and unauthorized surveillance. This breach underscores the critical need for device owners to change default passwords and regularly update firmware to mitigate such risks. This incident highlights a broader trend of cybercriminals targeting Internet of Things (IoT) devices with default settings and outdated software. As IoT adoption continues to rise, ensuring robust security practices for these devices becomes increasingly vital to prevent their exploitation in large-scale cyberattacks.
2 months ago
Kill Chain
Critical Security Flaws in Apeman Cameras: A 2025 Analysis
In late 2025, multiple critical vulnerabilities were identified in Apeman ID71 cameras, including hard-coded credentials (CVE-2025-11126), cross-site scripting (CVE-2025-11851), and missing authentication for critical functions (CVE-2025-11852). These flaws could allow remote attackers to gain unauthorized access, manipulate device settings, or intercept camera feeds. Despite early notifications, Apeman did not respond to these disclosures, leaving devices exposed to potential exploitation. The prevalence of IoT devices with unpatched vulnerabilities underscores the urgent need for manufacturers to implement robust security measures and for users to apply timely updates. This incident highlights the critical importance of proactive vulnerability management in safeguarding connected devices against emerging threats.
3 months ago
Kill Chain
Critical Vulnerabilities in Hikvision and Rockwell Automation Devices Added to CISA KEV Catalog
In March 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2017-7921 affecting Hikvision products and CVE-2021-22681 impacting Rockwell Automation devices. CVE-2017-7921 is an improper authentication flaw that allows attackers to escalate privileges and access sensitive information in Hikvision cameras. CVE-2021-22681 involves insufficiently protected credentials in Rockwell Automation's Studio 5000 Logix Designer and related controllers, enabling unauthorized users to bypass verification mechanisms and alter device configurations. Both vulnerabilities have a CVSS score of 9.8, indicating their severity and the potential risk to critical infrastructure. The inclusion of these vulnerabilities in the KEV catalog underscores the ongoing threat posed by unpatched security flaws in widely used industrial and surveillance equipment. Organizations are urged to prioritize remediation efforts to mitigate the risk of exploitation, especially given the active targeting of such vulnerabilities by malicious actors.
3 months ago
Kill Chain
CISA Adds Five Known Exploited Vulnerabilities to Catalog
On March 5, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. The vulnerabilities include: CVE-2017-7921 (Hikvision Multiple Products Improper Authentication), CVE-2021-22681 (Rockwell Multiple Products Insufficient Protected Credentials), CVE-2021-30952 (Apple Multiple Products Integer Overflow or Wraparound), CVE-2023-41974 (Apple iOS and iPadOS Use-After-Free), and CVE-2023-43000 (Apple Multiple Products Use-After-Free). These vulnerabilities are commonly targeted by malicious actors and pose significant risks to federal enterprises. The inclusion of these vulnerabilities underscores the persistent threat landscape and the importance of timely remediation. Organizations are urged to prioritize addressing these vulnerabilities to mitigate potential cyberattacks and protect their networks against active threats.
3 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports