Daily Intel Brief — 2026-03-09 — Arc Security Research

In this brief

CISA KEV Catalog Adds Five Actively Exploited Vulnerabilities
Nuclei Templates v10.2.1/.2 Cover 57 CVEs, Including 10 KEVs
PortSwigger Research Releases New Techniques from Black Hat USA
Project Zero Maintains 90+30 Day Disclosure Policy
New Open-Source AI Security Automation Tool "Allama"

CISA KEV Catalog Adds Five Actively Exploited Vulnerabilities

WhatCISA urgently added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, spanning PHP tools, file transfer systems, network OSes, an email security appliance, and the sudo utility.

Sourcewindowsforum.com

Applies toGeneral

Why it mattersThese vulnerabilities have confirmed active exploitation, making them immediate patching priorities for all defenders.

Nuclei Templates v10.2.1/.2 Cover 57 CVEs, Including 10 KEVs

WhatThe latest ProjectDiscovery Nuclei template releases include 106 new templates covering 57 CVEs, 10 of which are on CISA's KEV list, plus new GCP and Alibaba Cloud audit checks.

Sourceprojectdiscovery.io

Applies toGeneral / Cloud Assessments

Why it mattersThis provides immediate, updated detection capability for widespread and actively exploited vulnerabilities.

PortSwigger Research Releases New Techniques from Black Hat USA

WhatPortSwigger Research has published a blog detailing practical applications of the techniques they recently shared at Black Hat USA.

Sourcex.com

Applies toGeneral / Web Application Testing

Why it mattersThis is a direct source of cutting-edge web attack techniques and research for testers.

Project Zero Maintains 90+30 Day Disclosure Policy

WhatGoogle's Project Zero team has confirmed it will retain its 90-day disclosure deadline with a 30-day grace period for patch adoption.

Sourcewww.schneier.com

Applies toGeneral / Vulnerability Management

Why it mattersThis sets the expected timeline for weaponization of publicly disclosed vulnerabilities from top-tier researchers.

New Open-Source AI Security Automation Tool "Allama"

WhatAllama is an open-source security automation platform that lets teams build visual workflows for threat detection and response.

Sourcewww.helpnetsecurity.com

Applies toGeneral / Security Operations

Why it mattersIt represents a new, accessible tool for automating detection logic, potentially applicable to novel attack patterns.

Sources reviewed

20 items filtered. Primary actionable intel came from CISA updates (15,16), tooling releases (12,18), and research channels (4,5,9). Results 1,2,3,10,11 provided generic trend context with lower immediate actionability. Results 13,14,17,20 had minimal technical substance.

Gaps identified

No search results directly addressed the core issue from the target context: AI model security, content scanning for uploaded files, or social engineering via high-trust system prompts. The external search lacked intelligence on AI-specific vulnerabilities or mitigation tools.

Is your WordPress site exposed to threats like these?

Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.

Scan your site free →

← All research