Skip to content
Signals
Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time
Dragons Community

Independent Intelligence Platform — Est. 2025

Signal Intelligence for AI, Tech, and Cybersecurity

Cut through the noise. Track what matters.

Signals
CVE-2026-1291 — Weaponized · CVSS 4.3CVE-2026-9062 — Weaponized · CVSS 3.4CVE-2026-9061 — Weaponized · CVSS 3.5CVE-2026-6676 — Weaponized · CVSS 7.8Ransomware — lynx lists sentrydynamics.comRansomware — lynx lists StonehengeRansomware — lynx lists cwwcontractors.comCVE-2026-1291 — Weaponized · CVSS 4.3CVE-2026-9062 — Weaponized · CVSS 3.4CVE-2026-9061 — Weaponized · CVSS 3.5CVE-2026-6676 — Weaponized · CVSS 7.8Ransomware — lynx lists sentrydynamics.comRansomware — lynx lists StonehengeRansomware — lynx lists cwwcontractors.com

Advertising

Reach security teams, developers and technology leaders through research-driven media placements.

Platform Intelligence

355,769

CVEs

25,065

Critical

1,619

CISA KEV

342,712

EPSS Scored

25,341

Victims

386

RS Groups

183

ATT&CK Groups

233

Techniques

Explore

CVE Database

355,769 vulnerabilities with CVSS, EPSS and KEV enrichment.

Threat Intelligence

183 APT groups, techniques, campaigns and actor tracking.

Ransomware

25,341 victim claims across 386 groups, with negotiations.

Vulnerabilities

Severity analytics, vendor exposure and patch prioritization.

MITRE ATT&CK

Enterprise matrix — 233 techniques mapped.

KEV Catalog

1,619 CISA known-exploited vulnerabilities with deadlines.

Actively Exploited

· KEV · EPSS · PoC
CVE-2026-1291MEDIUM 4.31 PoC

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode in all versi

CVE-2026-9062LOW 3.41 PoC

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from

CVE-2026-9061LOW 3.51 PoC

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allo

CVE-2026-6676HIGH 7.81 PoC

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine proce

CVE-2026-12068HIGH 7.41 PoC

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the paren

CVE-2025-9033HIGH 7.81 PoC

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This

CVE-2025-9032HIGH 7.81 PoC

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

CVE-2025-14098HIGH 7.81 PoC

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service

Research Library

· Guides

Threat Intelligence · Guide

Fancy Bear Hackers: A Research-Based Overview of APT28

15 min

Vulnerability Management · Guide

Getting Started with Vulnerability Management

15 min

Threat Intelligence · Guide

Building a Threat Intelligence Workflow

20 min

Latest CVEs

· NVD Live
CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

CVE-2026-8356

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.

CVE-2026-6047

LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.

Ransomware Activity

· Tracker Live

sentrydynamics.com

May 23

lynx · US · Technology

Stonehenge

May 23

lynx · TH · Construction

cwwcontractors.com

May 23

lynx · US · Construction

mcfirm.com

Mar 2

incransom · US · Legal Services

https://www.precisioncoating.com/

Mar 2

incransom · US · Healthcare

Martin, Cukjati & Tom, LLP

Mar 2

incransom · US · Legal Services

AI Intelligence

· 45 models · 67 apps & agents
Moonshot AI (Kimi) logo

Kimi K2.7 Code

Moonshot AI (Kimi) · 262K

OpenNVIDIA logo

Llama Nemotron Rerank VL 1B v2

NVIDIA · 10K

OpenAnthropic logo

Claude Fable 5

Anthropic · 1M

Vendor

Nex-N2-Pro

Nex AGI · 262K

OpenSourceful logo

Riverflow V2.5 Pro

Sourceful · 32K

VendorNVIDIA logo

Nemotron 3.5 Content Safety

NVIDIA · 128K

OpenNVIDIA logo

Nemotron 3 Ultra

NVIDIA · 1M

OpenMicrosoft logo

MAI-Voice-2

Microsoft

Vendor
Apps & Agents (67, 38 agents) →AI Hub →

Threat Actors

· ATT&CK

APT-C-23

G1028

aka Mantis, Arid Viper, Desert Falcon

APT-C-23 is a threat group that has been active since at least 2014.(Citation: symantec_mantis) APT-C-23 has primarily focused its operations on the M

APT-C-36

G0099

aka Blind Eagle, TAG-144, AguilaCiega

APT-C-36 is a suspected South American threat group that has engaged in espionage and financially motivated operations since at least 2018. APT-C-36 h

APT1

G0006

aka Comment Crew, Comment Group, Comment Panda

APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd D

APT12

G0005

aka IXESHE, DynCalc, Numbered Panda

APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, hig

APT16

G0023

APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS A

APT17

G0025

aka Deputy Dog

APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, informati

Membership

Intelligence Without Compromise

Free

$0

  • Public briefings
  • CVE feed — limited
  • Weekly digest

Pro· Popular

$29/mo

  • All briefings
  • Alert watchlists
  • CVE notifications
  • Threat feed access

Pro+

$79/mo

  • Restricted intelligence
  • Dark web reports
  • Data exports
  • API access

Enterprise

Custom

  • Full API
  • Team workflows
  • Integrations
  • Dedicated support

14-day free trial on Pro plans · No credit card required

Advertising

Reach security teams, developers and technology leaders through research-driven media placements.

Daily Brief

Intelligence Digest

CVEs, threat signals and analysis delivered each morning. No spam, unsubscribe anytime.

Preference center·Sign in