ThreatVectr

Robert Brown

Vulnerabilities & exploit research

Robert spent a decade in offensive security before pivoting to journalism. He covers vulnerability disclosures, exploit chains, and the patch-management treadmill — translating CVE detail for working defenders without dumbing it down.

Recent stories

Six Bugs in AirDrop and Quick Share Let Anyone Within Range Knock Out File Sharing
Vulnerabilities
Six Bugs in AirDrop and Quick Share Let Anyone Within Range Knock Out File Sharing
Researchers chained wireless-range flaws to crash receiving devices and bypass Quick Share permission checks — no taps, no pairing, no prompts.
Jun 30
The Hidden Cost of Agentic AI in Security: Token Budgets Are Now a Defense Problem
AI Security
The Hidden Cost of Agentic AI in Security: Token Budgets Are Now a Defense Problem
Cybersecurity platforms are racing to embed agentic AI, but the economics of token consumption, AI credits, and deployment architecture may undercut the value before defenders see a return.
Jun 30
236,000 Sites Run Pig-Butchering Templates Built on DCloud Uni-App
Threat Intelligence
236,000 Sites Run Pig-Butchering Templates Built on DCloud Uni-App
Infoblox researchers tie a sprawling fake-exchange and wallet-drainer ecosystem to a legitimate Chinese cross-platform dev framework.
Jun 29
Supply-Chain Attackers Hide Python Stealer in npm and Go Packages, Sidestep Lifecycle Scripts
Threat Intelligence
Supply-Chain Attackers Hide Python Stealer in npm and Go Packages, Sidestep Lifecycle Scripts
JFrog flags two hijacked npm packages and a Go cluster that abuse VS Code tasks to drop a cross-platform infostealer — bypassing the script hooks defenders typically watch.
Jun 29
SSU, FBI Detail Russian Phishing Op Targeting Signal and Telegram Accounts
Threat Intelligence
SSU, FBI Detail Russian Phishing Op Targeting Signal and Telegram Accounts
Ukrainian counterintelligence says GRU and FSB-linked operators ran fake tech-support flows against officials' messengers across Ukraine, Europe, and the U.S.
Jun 27
SharkLoader Drops Cobalt Strike on Asian Government Targets in 'StrikeShark' Campaign
Threat Intelligence
SharkLoader Drops Cobalt Strike on Asian Government Targets in 'StrikeShark' Campaign
A previously undocumented loader is being used against a diplomatic office in Indonesia and government bodies in Taiwan, with operators staging Cobalt Strike Beacon as the final payload.
Jun 26
Week in Brief: Russia's Cellebrite Use, Five Eyes AI Warning, macOS Backdoor, Scattered Spider Pleas
Threat Intelligence
Week in Brief: Russia's Cellebrite Use, Five Eyes AI Warning, macOS Backdoor, Scattered Spider Pleas
Four stories that deserved more attention: state-backed mobile forensics against activists, an intelligence alliance's AI threat advisory, a new Mac implant, and a high-profile cybercrime case moving toward resolution.
Jun 26
Linux act_pedit OOB Write Poisons Page Cache, Hands Local Users Root
Vulnerabilities
Linux act_pedit OOB Write Poisons Page Cache, Hands Local Users Root
CVE-2026-46331 weaponizes a traffic-control bug to overwrite cached binaries. Working PoC dropped a day after disclosure.
Jun 26
DirtyClone: New DirtyFrag-Family Kernel Bug Hands Local Users Root
Vulnerabilities
DirtyClone: New DirtyFrag-Family Kernel Bug Hands Local Users Root
CVE-2026-43503 (CVSS 8.8) corrupts file-backed memory through a cloned skb. A working PoC is now public.
Jun 26
Guardian Agents and the Identity Layer That Doesn't Exist Yet
Identity & Access
Guardian Agents and the Identity Layer That Doesn't Exist Yet
Autonomous agents are inheriting human permissions at machine speed. The IAM stack wasn't built for this, and the governance gap is widening.
Jun 26
Turla's STOCKSTAY: A Fresh .NET Backdoor Aimed at Kyiv and Rome
Threat Intelligence
Turla's STOCKSTAY: A Fresh .NET Backdoor Aimed at Kyiv and Rome
Google's threat hunters tie the Russian FSB-linked crew to a previously undocumented Windows implant hitting Ukrainian military targets and Italy-focused diplomatic entities.
Jun 26
Why SOCs Still Can't Answer 'What Happened?' — The Case for Network Detection
Opinion
Why SOCs Still Can't Answer 'What Happened?' — The Case for Network Detection
Alert-driven triage keeps missing context. NDR proponents argue packet truth is the only ground truth left.
Jun 25
RSnake's Case for a CISO Code of Ethics
Opinion
RSnake's Case for a CISO Code of Ethics
Robert Hansen argues that kickbacks, no-show jobs, and shelfware deals aren't just embarrassing — they're a national security problem.
Jun 24
CISA Flags Active Exploitation of Lantronix EDS5000 Code Injection Bug
Vulnerabilities
CISA Flags Active Exploitation of Lantronix EDS5000 Code Injection Bug
CVE-2025-67038 carries a 9.8 CVSS. Federal agencies have until June 26, 2026 to patch — but if it's already being hit in the wild, that runway looks generous.
Jun 24
AI Agents Are Being Manipulated Through the Data They Trust
AI Security
AI Agents Are Being Manipulated Through the Data They Trust
Hidden content injections and context poisoning are turning autonomous AI pipelines into attack surfaces. Here's what defenders need to understand before deploying agents at scale.
Jun 24
© 2026 Threat Vectr