@TuringCyberObs profile picture
Cyber Threat Observatory | Alan Turing Institute @TuringCyberObs

The Alan Turing Institute Threat Observatory providing intelligence and best practices to secure National Digital Identity Systems and Digital Infrastructures.

Joined September 2024
  • Tweets 447
  • Following 91
  • Followers 51
Photos and videos
CVE-2026-35273 (Oracle PeopleSoft PeopleTools) is a critical unauthenticated RCE, enabling system takeover, data theft, and lateral movement. Patch and contain reachable instances immediately. See full analysis: github.com/alan-turing-insti… #CyberSecurity #Oracle #PeopleSoft #RCE

cyber-threat-observatory/reports/2026-06-11/TIER_1_CVE-2026-35273.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
4
8
935
CVE-2026-42647 (Beardev JoomSport). Attackers can target public WordPress sites to extract sensitive database content. Active exploitation is reported. Patch immediately. See full analysis: github.com/alan-turing-insti… #CyberSecurity #WordPress #SQLInjection #WebSecurity #DPI

cyber-threat-observatory/reports/2026-06-11/TIER_1_CVE-2026-42647.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
2
378
CVE-2026-7486 (Netcad E-İmar) is a critical SQL injection flaw. Attackers can inject SQL to read, modify, delete, or escalate access to municipal data. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #GovTech #SQLInjection #MunicipalServices

cyber-threat-observatory/reports/2026-06-09/TIER_2_CVE-2026-7486.md at main · alan-turing-institu...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
1
225
CVE-2026-44748 (SAP NetWeaver) is a critical XML signature-verification flaw affecting versions 702–919. Authenticated users may alter signed XML content and have it incorrectly accepted as authentic See full analysis: github.com/alan-turing-insti… #CyberSecurity #SAP #ApplicationS

cyber-threat-observatory/reports/2026-06-09/TIER_2_CVE-2026-44748.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
35
CVE-2026-26142 (Nuance PowerScribe) is a critical deserialization flaw Healthcare impact is high: system compromise, patient-data exposure, and lateral movement. See full analysis: github.com/alan-turing-insti… #CyberSecurity #HealthcareSecurity #DPI #MedicalDevices #RCE

cyber-threat-observatory/reports/2026-06-09/TIER_2_CVE-2026-26142.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
34
CVE-2024-58349 (WordPress Travelscape theme). If the vulnerable upload endpoint is reachable, unauthenticated attackers may upload dangerous files and potentially achieve RCE. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #WordPress #WebSecurity #RCE

cyber-threat-observatory/reports/2026-06-08/TIER_2_CVE-2024-58349.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
28
CVE-2026-11393 (AWS AgentCore CLI) is a critical code-injection flaw. Crafted agent collaboration metadata can execute Python during import or under an AWS agent role. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #AIsecurity #AWS #CloudSecurity

cyber-threat-observatory/reports/2026-06-08/TIER_2_CVE-2026-11393.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
45
CVE-2025-71317 (Riello UPS NetMan 204) is a critical hard-coded credentials flaw that can grant access to UPS controls and power infrastructure. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #CriticalInfrastructure #OperationalTechnology #AccessControl

cyber-threat-observatory/reports/2026-06-07/TIER_2_CVE-2025-71317.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
33
CVE-2026-11429 (Altium ES / Altium 365) is a critical path traversal flaw in the shared Git Service. Authenticated users may potentially enable RCE or project-data exposure. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #SupplyChainSecurity #DevSecOps

cyber-threat-observatory/reports/2026-06-06/TIER_2_CVE-2026-11429.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
2
87
CVE-2026-25550 (Seagull Software BarTender) is a critical unauthenticated RC. Attackers can abuse unsafe .NET Remoting to execute code with SYSTEM privileges. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #RCE #EnterpriseSecurity #NetworkSecurity

cyber-threat-observatory/reports/2026-06-04/TIER_2_CVE-2026-25550.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
46
CVE-2026-34906 (Wirtualna Uczelnia) is a critical server-side template injection flaw. Attackers may trigger server-side expression processing and achieve RCE. PoC available See full analysis github.com/alan-turing-insti… #CyberSecurity #DigitalIdentity #EducationTechnology #RCE

cyber-threat-observatory/reports/2026-06-02/TIER_2_CVE-2026-34906.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
2
200
CVE-2026-0611 (Spacelabs Healthcare Sentinel) is a critical unauthenticated RCE. Exposed .NET Remoting can lead to system compromise. PoC available See full analysis: github.com/alan-turing-insti… #CyberSecurity #HealthcareSecurity #DPI #MedicalDevices #RCE

cyber-threat-observatory/reports/2026-06-02/TIER_2_CVE-2026-0611.md at main · alan-turing-institu...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
69
CVE-2026-32625 (LibreChat) is a critical information-disclosure flaw. Authenticated users can abuse MCP server URL handling to exfiltrate server-side secrets. See full analysis: github.com/alan-turing-insti… #DPI #AIsecurity #SecretsManagement #CloudSecurity

cyber-threat-observatory/reports/2026-06-02/TIER_2_CVE-2026-32625.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
1
95
CVE-2026-8206 (Kirki WordPress plugin) is a critical privilege escalation flaw leading to password reset threat. Active exploitation is reported. Patch immediately. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #WordPress #AccountTakeover #WebSecurity

cyber-threat-observatory/reports/2026-06-02/TIER_1_CVE-2026-8206.md at main · alan-turing-institu...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
50
CVE-2026-44211 (Cline Kanban). A malicious site can interfere with AI agent sessions, and potentially hijack terminal input. PoC exists See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #AIsecurity #DeveloperSecurity #WebSockets

cyber-threat-observatory/reports/2026-06-01/TIER_2_CVE-2026-44211.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
57
CVE-2026-25879 (Langroid SQLChatAgent) is a critical prompt-injection flaw. In high-risk configurations, LLM-generated SQL could enable code execution on database hosts. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #AIsecurity #LLMSecurity #DatabaseSecurity

cyber-threat-observatory/reports/2026-06-01/TIER_2_CVE-2026-25879.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
40
CVE-2026-9058 (Szafir SDK) is a critical certificate-trust validation flaw where signer certificate trust cannot be established, enabling authentication bypass etc See full analysis: github.com/alan-turing-insti… #DigitalIdentity #DPI #ElectronicSignature #TrustServices

cyber-threat-observatory/reports/2026-05-25/TIER_2_CVE-2026-9058.md at main · alan-turing-institu...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
52
CVE-2026-2264 (Google Cloud Apigee-X) is a critical SSRF flaw in the SetIntegrationRequest policy. See full analysis: github.com/alan-turing-insti… #CyberSecurity #DPI #APIsecurity #CloudSecurity #GoogleCloud #VulnerabilityManagement

cyber-threat-observatory/reports/2026-05-26/TIER_2_CVE-2026-2264.md at main · alan-turing-institu...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
57
CVE-2026-9058 (Szafir SDK) is a critical electronic-signature verification flaw undermining document authenticity and identity assurance. See full analysis: github.com/alan-turing-insti… #DigitalIdentity #DPI #ElectronicSignature #TrustServices #VulnerabilityManagement

cyber-threat-observatory/reports/2026-05-25/TIER_2_CVE-2026-9058.md at main · alan-turing-institu...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
72
CVE-2026-48172 (LiteSpeed User-End cPanel Plugin) is a critical privilege escalation flaw. Successful abuse has reportedly been observed in the wild. See full analysis: github.com/alan-turing-insti… #cPanel #PrivilegeEscalation #HostingSecurity #DPI #VulnerabilityManagement

cyber-threat-observatory/reports/2026-05-21/TIER_2_CVE-2026-48172.md at main · alan-turing-instit...

The Turing's Trustworthy Digital Infrastructure team has established a dedicated Cyber Threat Observatory to monitor and analyse threats in a timely way to empower identity system owners to...

github.com
1
90
Load more