Daily Intel Brief — 2026-03-15 — Arc Security Research

In this brief

[Actively Exploited n8n Vulnerability Added to CISA KEV]
[Supply-Chain Attack via Notepad++ Update Channel]
[Open-Source Secure File Upload Scanner (Pompelmi)]
[Nuclei Templates for Actively Exploited CVEs]
[Advanced Web Security Research from PortSwigger]

[Actively Exploited n8n Vulnerability Added to CISA KEV]

WhatCVE-2025-68613 in n8n workflow automation tool is under active exploitation due to improper control of dynamically-managed code resources.

Source[External: www.reddit.com]

Applies toGeneral (Organizations using n8n)

Why it mattersThis is a confirmed attack vector requiring immediate patching to prevent initial access.

[Supply-Chain Attack via Notepad++ Update Channel]

WhatThreat actor Lotus Blossom exploited CVE-2025-15556 to hijack Notepad++'s update mechanism and deploy Cobalt Strike Beacon and Chrysalis backdoor.

Source[External: www.recordedfuture.com]

Applies toGeneral (Software supply chain)

Why it mattersDemonstrates a trusted software update channel as a high-impact compromise vector for establishing footholds.

[Open-Source Secure File Upload Scanner (Pompelmi)]

WhatPompelmi is a new open-source tool for Node.js that provides security scanning for file uploads, a direct control for the root cause in the Anthropic report.

Source[External: www.helpnetsecurity.com]

Applies toGeneral (Applications with file upload features)

Why it mattersOffers a potential immediate mitigation for the lack of content scanning identified in the target VDP report.

[Nuclei Templates for Actively Exploited CVEs]

WhatProjectDiscovery maintains reliable Nuclei templates for detection of KEV-listed vulnerabilities like CVE-2025-64446 (FortiWeb auth bypass) and CVE-2025-61884 (Oracle EBS SSRF).

Source[External: projectdiscovery.io]

Applies toGeneral (Attack surface validation)

Why it mattersProvides ready-to-use, validated detection logic for known exploited vulnerabilities in external-facing systems.

[Advanced Web Security Research from PortSwigger]

WhatPortSwigger Research released new practical exploitation techniques from Black Hat USA 2026, though specific details require accessing their blog.

Source[External: x.com]

Applies toGeneral (Web application security)

Why it mattersTheir research typically reveals novel attack chains and bypasses relevant to modern web platforms.

Sources reviewed

21 results filtered. Discarded general trend articles (#1, #3, #10, #11, #12), promotional content (#4, #5, #6, #13, #14, #15, #20), and blog overviews (#7, #8, #9) lacking specific, actionable technical details.

Gaps identified

Today's results contained no intelligence specific to AI platform security, social engineering countermeasures, or content security policy bypasses—all relevant to the target context. Research on AI trust boundary vulnerabilities (like the Anthropic finding) appears absent from the general threat feed.

Is your WordPress site exposed to threats like these?

Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.

Scan your site free →

← All research