Secure Blink threat intelligence
Threat Feeds
A threat feed archive for breach coverage, exploitation alerts, and the operational signals security teams need to scan fast.
Secure Blink threat intelligence
A threat feed archive for breach coverage, exploitation alerts, and the operational signals security teams need to scan fast.
Secure Blink threat intelligence
Real-time cyber threat intelligence covering ransomware campaigns, active threat actors, exploited vulnerabilities, malware infrastructure, phishing operations, and emerging attack activity worldwide.
Access operational intelligence through searchable feeds and TAXII-compatible formats designed for security operations, threat hunting, and cyber defense teams.
2252+
Threat briefs
21
Topic clusters
2026
Latest cycle

Millions of driver's license records were exposed in a massive data breach, raising identity theft risks and highlighting critical data security failures.

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.

A single ClickFix infrastructure is pushing StealC, Amatera, Remus, NetSupport, CastleLoader and a new loader called ResiLoader through fake Google/Cloudflare checks.

DHS confirms a breach of its HSIN intelligence-sharing network during World Cup security operations; a senator warns of national security risk

Polymarket's hack losses climb to $3.1M across 11 wallets as the platform faces a federal probe into deceptive marketing, even after pledging full refunds.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been

Hackers exploited a four-year-old credential in Klue's systems to steal customer data, impacting LastPass and several cybersecurity firms in a supply chain breach

A ransomware gang called World Leaks walked out with over 200,000 files from one of Apple's most critical iPhone suppliers.

Texas Parks & Wildlife Department disclosed a breach of its license management vendor. What was taken driver's license numbers, passport numbers, and home addresses is the exact package needed to impersonate someone.

A publicly accessible registration portal, a misconfigured Entra tenant, and no server-side authorization checks. That was enough to reach the systems controlling live World Cup streams

iRhythm Holdings disclosed a material cybersecurity incident in an SEC 8-K filing, confirming the exfiltration of patient data through social engineering.

Splunk disclosed CVE-2026-20253, a critical pre-auth RCE flaw in Splunk Enterprise (CVSS 9.8) from insecure MongoDB defaults. Patches released; upgrade to 9.1.8, 9.2.5, or 9.3.2.
Threatspy helps teams detect exploitable vulnerabilities, reduce security noise, and build security directly into development workflows.