Executive Summary The week of April 27, 2026 presents the highest supply chain threat density recorded in recent SCC pipeline history, with four concurrent developer toolchain compromises targeting npm, PyPI, Docker Hub, and VS Code extensions simultaneously. The TeamPCP threat group — now linked to DPRK-affiliated infrastructure — executed a coordinated campaign against Checkmarx KICS, […]
Executive Summary The week of April 20, 2026 presents an exceptionally active threat landscape dominated by a converging supply chain crisis, nation-state escalation, and critical infrastructure targeting. The SCC pipeline processed 58 intelligence items this week, including 7 items on the CISA Known Exploited Vulnerabilities catalog, multiple critical-rated CVEs with active exploitation confirmed, and 4 […]
Executive Summary The week of April 20, 2026 presents an elevated and unusually broad risk posture driven by converging nation-state activity, a catastrophic software supply chain attack, and multiple actively exploited vulnerabilities across widely deployed enterprise products. The SCC pipeline tracked 57 intelligence items this week, including 8 CISA KEV additions, 6 critical CVEs (CVSS […]
Executive Summary The week of April 13, 2026 presents one of the most operationally demanding threat landscapes of the year, with simultaneous pressure across critical infrastructure, the software supply chain, cloud identity systems, and developer tooling. The SCC pipeline processed 62 intelligence items this week, tracking 6 critical CVEs, 4 CISA KEV additions with imminent […]
Executive Summary The week of April 6, 2026 presents an exceptionally high-density threat landscape dominated by a coordinated software supply chain campaign (TeamPCP) that compromised multiple widely-deployed security and developer tools, including Aqua Security Trivy, LiteLLM, Checkmarx KICS, and the Axios npm package, resulting in confirmed breaches of European Commission AWS accounts and exposure of […]
Executive Summary The week of March 30, 2026 presents an elevated threat posture across cloud infrastructure, mobile platforms, critical infrastructure OT/ICS systems, and the software supply chain. The SCC pipeline processed 60+ intelligence items this week, identifying multiple concurrent critical-priority threats demanding immediate security team attention. The most urgent items include an active AI-augmented OAuth […]
Executive Summary The week of March 23, 2026 presents a high-density threat environment characterized by converging supply chain attacks, AI-enabled malware evolution, and sustained ransomware pressure against public-sector and critical infrastructure targets. The SCC pipeline processed over 60 intelligence items this week, identifying three actively exploited CVEs with CISA KEV designations (CVE-2026-3909 in Google Skia, […]
“`html Executive Summary The week of March 16, 2026 marks one of the most operationally dense threat periods observed this quarter. Security teams face simultaneous pressure across four critical fronts: a newly patched zero-click Microsoft Excel vulnerability (EchoLeak, CVSS 8.6) enabling AI-assisted data exfiltration via Copilot, nine Linux AppArmor flaws (CrackArmor, CVSS 9.5) exposing 12.6 […]
“`html Executive Summary The week of March 9, 2026 marks one of the highest-pressure threat weeks observed this quarter. Security teams face simultaneous pressure across four fronts: actively exploited infrastructure vulnerabilities, a Patch Tuesday releasing fixes for 77-84 vulnerabilities including two confirmed zero-days, escalating nation-state activity from Russian and Iranian actors, and an accelerating supply […]
“`html Executive Summary The week of March 2-12, 2026 produced a high-density threat environment demanding immediate attention across network infrastructure, mobile platforms, enterprise software, and the supply chain. The most urgent items are two Cisco Secure Firewall Management Center vulnerabilities carrying a perfect CVSS 10.0 score with no available workaround, and a VMware Aria Operations […]
- 1
- 2