Research
Security intelligence briefs, vulnerability research, and in-depth analysis from Arc Security Research. New briefs published daily.
The OpenClaw Security Assessment
The most comprehensive security analysis of the AI agent skill ecosystem. 908+ ClawHub skills audited across 87 rounds. 5,411+ findings documented (806 critical, 1,377 high). 115 attack patterns across 25 attack classes, mapped to the OWASP Agentic AI Top 10.
Read the full assessment →Claude Mythos Preview: Anthropic Announces AI That Finds and Exploits Zero-Days Autonomously
Anthropic's new Claude Mythos Preview model can identify and exploit zero-day vulnerabilities in every major operating system and every major web browser. The oldest bug it surfaced was a…
Read full brief →Daily Intel Brief — 2026-04-13
CISA added one new vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to remediate it under BOD 22-01.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-12
PortSwigger Research presented new social engineering techniques at Black Hat USA 2026, with a focus on AI-augmented attacks that bypass traditional safety training. [External:…
Read full brief → Daily IntelDaily Intel Brief — 2026-04-11
CVE-2026-1731 (CVSS 9.8) is a critical vulnerability added to CISA's KEV catalog and is being actively exploited in ransomware campaigns.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-10
CVE-2026-20127 in Cisco Catalyst SD-WAN is under active exploitation against critical infrastructure; CVE-2026-1731 (CVSS 9.8) is on CISA's KEV list and linked to ransomware.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-09
PortSwigger Research has released new techniques and practical uses for HTTP request smuggling, shared at Black Hat USA, indicating ongoing evolution of this web attack vector.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-08
New, practical web exploitation techniques shared at Black Hat USA 2026 are now available for testing.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-07
New technique exploiting Windows UI Access to bypass administrator protection mechanisms, enabling privilege escalation from user to system-level access.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-06
Open-source tool Allama enables visual workflows for AI threat detection and response, while ProjectDiscovery's Neo acts as an AI copilot for vulnerability discovery in code.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-05
The YesWeHack 2026 report details how AI is shaping bug bounty hunter tactics and platform evolution, including how hunters choose scopes and use AI tools to optimize their process.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-04
AI-authored code introduces new vulnerabilities while supply chain attacks are occurring twice as often, with bad actors weaponizing exploits rapidly after disclosure.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-03
CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities catalog. The flaw in the n8n workflow automation tool stems from improper control of dynamically-managed code resources.
Read full brief → Daily IntelDaily Intel Brief — 2026-04-02
Claude Projects lack content scanning for uploaded files, allowing malicious .md files with buried instructions to exploit emotional bonding and redirect users to attacker-controlled sites. Models…
Read full brief → Daily IntelDaily Intel Brief — 2026-04-01
The 2026 YesWeHack report details how AI is shaping bug bounty hunting and SecOps workflows, highlighting new attack surfaces and hunter methodologies in the AI age.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-31
Attackers steal Open VSX Personal Access Tokens (OVSX_PAT) to poison VS Code extensions at scale, leveraging BreachForums XSS to gather telemetry on threat actors for targeting.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-30
Unauthenticated RCE in n8n via improper webhook handling. Attackers change `Content-Type` from `multipart/form-data` to `application/json` to read arbitrary files like `/home/node/.n8n/config.json`.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-29
Attackers use stolen Open VSX Personal Access Tokens (OVSX_PAT) to poison VS Code extensions at scale, turning a developer tool supply chain attack into a mass telemetry collection operation.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-28
The median time from vulnerability publication to inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog has dropped from 8.5 to 5.0 days, indicating faster weaponization.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-27
AI-generated code is introducing new classes of security vulnerabilities in applications, as the models may produce insecure patterns or dependencies.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-26
The median time between vulnerability publication and inclusion in the CISA KEV catalog has dropped from 8.5 to 5.0 days, with zero-days attacked within hours.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-25
ProjectDiscovery's Nuclei engine uses auditable templates to safely confirm exploitability at scale, with a rigorous validation process for community-submitted templates. [External:…
Read full brief → Daily IntelDaily Intel Brief — 2026-03-24
AI-authored code is increasing application security vulnerabilities, and AI/ML systems are targeted via data poisoning and adversarial attacks. [External:…
Read full brief → Daily IntelDaily Intel Brief — 2026-03-23
AI-generated code introduces new vulnerability classes; ML systems are targeted via data poisoning and adversarial attacks.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-22
Pompelmi is a Node.js tool for scanning file uploads for malicious content, addressing the exact "no content scanning" root cause cited in the Anthropic report.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-21
AI-authored code introduces new vulnerabilities, and machine learning systems are specifically targeted via data poisoning and adversarial attacks.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-20
UAT-8616 exploited CVE-2026-20127, chaining it with CVE-2022-20775 to achieve root-level access on Cisco Catalyst SD-WAN systems. Activity dates back to at least 2023.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-19
APT28 (Russian state-sponsored) exploited CVE-2026-21513 using malicious Windows Shortcut (.lnk) files containing embedded HTML for multi-stage payload delivery.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-18
YesWeHack's 2026 report details how AI is shaping bug bounty hunter workflows, target selection, and skill development, based on a survey of hunters.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-17
Pompelmi is an open-source tool for Node.js that performs security scanning on file uploads, checking for malicious content. [External:…
Read full brief → Daily IntelDaily Intel Brief — 2026-03-16
Vulnerability exploits are now the primary method for cyber intrusion, with attackers like those behind Oracle EBS and React2Shell exploiting flaws within hours of disclosure. [External:…
Read full brief → Daily IntelDaily Intel Brief — 2026-03-15
CVE-2025-68613 in n8n workflow automation tool is under active exploitation due to improper control of dynamically-managed code resources.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-14
CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities catalog. This n8n vulnerability involves improper control of dynamically-managed code resources and is confirmed as actively exploited.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-13
87% of organizations identify AI-related vulnerabilities as the fastest-growing cyber risk; 65% of initial access comes from identity-based techniques.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-12
ProjectDiscovery's Nuclei Templates v10.2.1/2.2 releases added 106 new templates covering 57 CVEs, including 10 vulnerabilities listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-11
Pompelmi is an open-source Node.js tool for scanning file uploads, directly addressing the "no content scanning" root cause in the Anthropic report.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-10
Pompelmi is an open-source Node.js tool for scanning file uploads, designed to detect malicious content—directly addressing the root cause (lack of content scanning) in the Anthropic report.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-09
CISA urgently added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, spanning PHP tools, file transfer systems, network OSes, an email security appliance, and the sudo…
Read full brief → Daily IntelDaily Intel Brief — 2026-03-08
Pompelmi is an open-source secure file upload scanning tool for Node.js environments, designed to inspect file content before processing.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-07
Pompelmi is an open-source Node.js library for scanning file uploads, addressing the exact root cause (lack of content scanning) identified in the Anthropic report.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-06
Open-source tool specifically for scanning file uploads in Node.js applications, addressing the exact vulnerability class in the Anthropic report.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-05
Open-source tools Pompelmi (secure file upload scanning for Node.js) and Allama (AI security automation platform) can address gaps in content scanning and threat detection workflows.
Read full brief → Daily IntelDaily Intel Brief — 2026-03-03
Attackers target vulnerabilities in machine learning systems, including poisoning training data and adversarial attacks against deployed models.
Read full brief →