In-depth breakdowns of the incidents that defined modern cyber security.
A trivially exploitable RCE in Apache Log4j put millions of Java applications at risk overnight — exploited within hours of disclosure.
Read analysisA nation-state actor trojanised SolarWinds Orion updates, silently breaching ~18,000 organisations including US federal agencies.
Read analysisA self-spreading worm using the leaked EternalBlue exploit hit 200,000+ machines across 150 countries in days, crippling the NHS.
Read analysisA missing bounds check in OpenSSL's heartbeat extension let attackers read 64KB of server memory at a time — keys, passwords and all.
Read analysisAn unpatched Apache Struts flaw led to one of history's most damaging breaches of personal and financial data on 147M people.
Read analysisA zero-day SQL injection in MOVEit Transfer let the Cl0p gang steal data from 2,700+ organisations and 90M+ individuals.
Read analysisA single compromised VPN password let DarkSide ransomware halt the largest US fuel pipeline, triggering panic-buying across the East Coast.
Read analysisA chain of zero-days in Microsoft Exchange let attackers take over mail servers worldwide, with tens of thousands compromised in a week.
Read analysisA patient multi-year social-engineering operation planted a stealthy SSH backdoor in a core Linux compression library — caught by luck.
Read analysisNo threats match that filter or search.
Independent threat intelligence for defenders, analysts and the security-curious.
ThreatWatch tracks the vulnerabilities, breaches and adversary campaigns that matter, translating raw advisories into clear, actionable analysis. Our coverage spans critical CVEs, large-scale data breaches, ransomware operations and software supply-chain attacks — so security teams can prioritise what to patch, hunt and defend first.