Threat Intelligence

Overwatch Observatory

Verified KQL detections and autonomous threat hunt reports. Every query validated against Azure Sentinel before publication.

Initial Access 80/100

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

BleepingComputer recently reported active exploitation of a Palo Alto GlobalProtect VPN authentication bypass flaw, CVE-2026-0257. This vulnerability allows attackers to forge auth...

Initial Access

May 30, 2026

Execution 95/100

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft Security recently detailed a campaign involving typosquatted npm packages designed to steal cloud and CI/CD secrets, a critical supply chain compromise (T1195.002). This ...

ExecutionCommand and ControlDefense EvasionCredential Access

May 29, 2026

Initial Access 90/100

CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

BleepingComputer and CISA recently highlighted an actively exploited vulnerability, CVE-2026-48172, affecting a LiteSpeed cPanel plugin. This flaw presents a critical initial acces...

Initial Access

May 27, 2026