Daily Intel Brief — 2026-03-12 — Arc Security Research

In this brief

Nuclei Templates Now Detect 10 Actively Exploited KEVs
Hands-On Testing Playground for Vulnerability Detection
Open-Source Tool for Python Code Security Scanning
CISA KEV Catalog is the Authority for Exploited Vulnerabilities
Practical Bug Bounty Recon Methodology for 2026

Nuclei Templates Now Detect 10 Actively Exploited KEVs

WhatProjectDiscovery's Nuclei Templates v10.2.1/2.2 releases added 106 new templates covering 57 CVEs, including 10 vulnerabilities listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

Sourceprojectdiscovery.io

Applies toGeneral

Why it mattersThis enables immediate, automated detection of vulnerabilities that are confirmed to be under active attack.

Hands-On Testing Playground for Vulnerability Detection

WhatNuclei Templates Labs provides vulnerable environments bundled with ready-to-use Nuclei templates for safe, hands-on security testing and exploitation practice.

Sourceprojectdiscovery.io

Applies toGeneral

Why it mattersTeams can build and validate detection logic for novel attack patterns (like malicious file uploads) in a controlled lab.

Open-Source Tool for Python Code Security Scanning

WhatBandit is an open-source tool specifically designed to find common security issues in Python source code.

Sourcewww.helpnetsecurity.com

Applies toGeneral (Python-based applications)

Why it mattersIt can be integrated into CI/CD to catch code-level vulnerabilities before deployment.

CISA KEV Catalog is the Authority for Exploited Vulnerabilities

WhatCISA's Known Exploited Vulnerabilities catalog is the authoritative source for vulnerabilities with active exploitation, and federal agencies must remediate them on mandated timelines.

Sourcewww.cisa.gov

Applies toGeneral

Why it mattersThis catalog defines the highest-priority patches for any organization to reduce real-world risk.

Practical Bug Bounty Recon Methodology for 2026

WhatA beginner's roadmap emphasizes effective recon using targeted Google dorking (`site:target.com ext:log`) and tools like Netlas, avoiding blind scanning.

Sourcenetlas.io

Applies toGeneral

Why it mattersIt outlines a focused, repeatable process for uncovering attack surfaces that scanners miss.

Sources reviewed

20 results. Most were generic trends, product announcements, or non-technical blog posts with no direct, actionable exploit or technique detailed.

Gaps identified

Today's search results contained **zero** coverage of AI/LLM-specific vulnerabilities, prompt injection, or file upload security bypasses—the core of the provided Anthropic report. This represents a significant intelligence gap for this emerging attack vector. [Internal: research/ai-llm-security.md] should be updated with this external case study.

Is your WordPress site exposed to threats like these?

Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.

Scan your site free →

← All research