AI Security Digest
Aggregated ecosystem risk analysis
Vendor Watchlist
Tracking 0 critical integrations
Threat Stream Feed
Real-time security logs and system alerts
Twilio - SMS Delivery Delays from Twilio Phone Numbers to Surf Telecom Brazil
Jun 19, 09:25 PDT Identified - Twilio customers may be experiencing SMS delivery delays from Twilio Phone Numbers to Surf Telecom network subscribers in Brazil. Our team has identified the cause, and is working to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available. Jun 19, 09:24 PDT Update - Twilio customers may be experiencing SMS delivery delays from Twilio Phone Numbers to Surf Telecom network subscribers in Brazil. Our team is acti...
Twilio - SMS Delivery Delays from Twilio Phone Numbers to Telia Norway
Jun 19, 07:19 PDT Identified - Twilio customers may be experiencing SMS delivery delays from Twilio Phone Numbers to Telia network subscribers in Norway. Our team has identified the cause, and is working to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available. Jun 19, 07:01 PDT Investigating - Twilio customers may be experiencing SMS delivery delays from Twilio Phone Numbers to Telia network subscribers in Norway. Our team is actively in...
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at
Twilio - Voice Call Failures from Network Subscribers to Twilio Singapore Phone Numbers
Jun 19, 06:45 PDT Investigating - Twilio customers may be experiencing voice call failures from network subscribers to Twilio Singapore Phone Numbers. Our team is actively investigating this issue. We will provide another update in 1 hour or as soon as more information becomes available.
Twilio - SMS Delivery Delays from Romania to a Subset of Twilio Romania Phone Numbers
Jun 19, 05:44 PDT Identified - Twilio customers may be experiencing SMS delivery delays from Romania to a subset of Twilio Romania Phone Numbers. Our team has identified the cause, and is working to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available. Jun 19, 05:32 PDT Investigating - Twilio customers may be experiencing SMS delivery delays and failures from network subscribers to Twilio Romania Phone Numbers. Our team is actively inves...
Twilio - SMS Delivery Delays from Denmark to a Subset of Twilio Denmark Phone Numbers
Jun 19, 04:12 PDT Identified - Twilio customers may be experiencing SMS delivery delays from network subscribers in Denmark to a subset of Twilio Denmark Phone Numbers. Our team has identified the cause, and is working to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available. Jun 19, 04:06 PDT Investigating - Twilio customers may be experiencing SMS delivery delays from Denmark to a subset of Twilio Denmark Phone Numbers. Our team is acti...
Anthropic’s Fable and the State of AI
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone. The government’s actions won’t help. The problem isn’...
CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. [...]
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert published this week. "Salesforce took
Twilio - SMS Delivery Delays from Twilio Phone Numbers to Airtel Kenya
Jun 19, 00:58 PDT Investigating - Twilio customers may be experiencing SMS delivery delays from Twilio Phone Numbers to Airtel network subscribers in Kenya. Our team is actively investigating this issue. We will provide another update in 1 hour or as soon as more information becomes available.
CISA warns Fortinet users to secure devices after FortiBleed leak
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed "FortiBleed." [...]
Twilio - Belgium SMS Carrier Maintenance - BASE and Telenet Mobile
Jun 18, 19:00 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 16, 23:21 PDT Scheduled - The BASE and Telenet Mobile networks in Belgium are conducting a planned maintenance from 18 June 2026 at 19:00 PDT until 19 June 2026 at 03:00 PDT. During the maintenance window, there could be intermittent delays delivering SMS to and from BASE and Telenet Mobile Belgium handsets.
Twilio - V3 Transcription API experiencing service issues
Jun 18, 18:07 PDT Resolved - Service interruption with the V3 Transcriptions API has been resolved and [product][service] is operating normally at this time. Jun 18, 12:46 PDT Update - We are investigating a service interruption with the V3 Transcriptions API. At this time, all batch transcription requests using the Google TTS chirp_2 (en-US) model are failing with PERMISSION_DENIED errors, resulting in a complete service outage for V3 transcription workflows. The root cause is a vendor-side ...
Twilio - Czech Republic Voice Carrier Partner Maintenance
Jun 18, 18:00 PDT Completed - The scheduled maintenance has been completed. Jun 18, 12:00 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 16, 07:58 PDT Scheduled - Our Voice carrier partner in the Czech Republic is conducting a planned maintenance from 18 June 2026 at 12:00 PDT until 18 June 2026 at 18:00 PDT. During the maintenance window, there could be intermittent call disconnects or call failures from and to Twilio Czech Repub...
Figma - Figma Make disruption - Gemini 3.1 Pro
Jun 18, 23:46 UTC Investigating - We are investigating an issue some users are experiencing when using Gemini 3.1 Pro in the Figma Make model picker. As a workaround, users can switch to the default model.
Twilio - Kazakhstan SMS Carrier Maintenance - Beeline
Jun 18, 16:00 PDT Completed - The scheduled maintenance has been completed. Jun 18, 12:01 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 18, 08:24 PDT Scheduled - The Beeline network in Kazakhstan is conducting a planned maintenance from 18 June 2026 at 12:00 PDT until 18 June 2026 at 16:00 PDT. During the maintenance window, there could be intermittent delays delivering SMS to Beeline Kazakhstan handsets.We are aware of the short...
DocuSign - Users downloading archived document ZIP files may see missing official Docusign platform seals (Incident 5139)
Jun 18, 22:43 UTC Identified - An issue has been identified where documents downloaded via archived ZIP files with "masked fields" enabled are missing their Docusign platform seals. A fix is underway.Target Fix Date: June 23, 2026Temporary Workaround: Download documents individually rather than as an archived ZIP file to ensure platform seals are successfully applied.
Twilio - United Kingdom Account Security Carrier Partner Maintenance - Vodafone
Jun 18, 15:15 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 18, 05:40 PDT Scheduled - Our carrier partner Vodafone United Kingdom is conducting a planned maintenance from 18 June 2026 at 15:15 PDT until 18 June 2026 at 19:45 PDT. During the maintenance window, there could be intermittent API request failures for Vodafone United Kingdom customers.Impacted Products: Verify Silent Network Auth, Lookup Identity Match, Legacy Identity M...
Twilio - Errors Attempting to Add US HostedSMS Numbers to Messaging Services Via Console
Jun 18, 14:48 PDT Update - Customers are experiencing errors when attempting to add US HostedSMS numbers to Messaging Services via the Console. US A2P registration process can not be triggered and customers can not use the numbers to send messages to other numbers in the US. We will provide an update in 60 minutes or when we have additional information. Jun 18, 14:35 PDT Investigating - Customers are experiencing errors when attempting to add US HostedSMS numbers to Messaging Services via the...
Twilio - United Kingdom Account Security Carrier Partner Maintenance - EE
Jun 18, 14:30 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 9, 02:49 PDT Scheduled - Our carrier partner EE United Kingdom is conducting a planned maintenance from 18 June 2026 at 14:30 PDT until 18 June 2026 at 21:00 PDT. During the maintenance window, there could be intermittent API request failures for EE United Kingdom customers.Impacted Products: Lookup Identity Match, Lookup SIM Swap, Legacy Identity MatchAndAttributes, Ver...
Datadog - Delayed Events
Jun 18, 12:33 EDT Resolved - This incident has been resolved. Jun 18, 12:22 EDT Monitoring - A fix has been implemented and we are monitoring the results. Jun 18, 12:13 EDT Investigating - We are investigating increased latency processing Events.As a result of this issue, some users may see delays or gaps in the event stream or for event queries on dashboardsTo prevent false monitor alerts due to delayed data, monitors affected by the delay will not notify and will automatically resume once...
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. [...]
5 reasons Microsoft 365 backup isn’t enough for business data protection
Microsoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft 365 data protection. [...]
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. [...]
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20253 Splunk Enterprise Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) ...
CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways. ...
Supabase - DNS record creation failures impacting project creation, restore, pause
Jun 18, 10:17 UTC Resolved - This issue has been resolved and all previous held project updates resumed. Jun 18, 08:05 UTC Monitoring - We have deployed a fix and are monitoring for full recovery. Project creation, pause and unpause are gradually restored within the next minutes. Jun 18, 07:37 UTC Identified - We have identified a fix and working on recovering the impacted system. Project creation, pause and unpause functions will be restored on confirmed service recovery. Jun 18, 07:09 U...
Leak confirms OpenAI is testing a ChatGPT for Science subscription
OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background. [...]
Dropbox - Scheduled maintenance
Jun 18, 01:00 UTC Completed - The scheduled maintenance has been completed. Jun 18, 00:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 17, 00:00 UTC Scheduled - Dropbox will be performing routine maintenance on June 17, 2026 starting at 5:00 PM (Pacific). You may not be able to access Dropbox for a short period of time, but we’ll have things back up and running as soon as possible to minimize disruption to you.
[CISA KEV] CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability
Product: Enterprise by Splunk Description: Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
DocuSign - Salesforce for Gen customers may be unable to generate documents (Incident 5132)
Jun 17, 23:26 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 17, 22:58 UTC Update - We continue to monitor the environment to ensure stability. Jun 17, 20:41 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jun 17, 19:28 UTC Investigating - We are actively investigating this issue.
Box - [Medium] Issue with Multiple Box Services
Jun 17, 13:28 PDT Resolved - After further monitoring, this incident is now considered resolved. Box Webapp services have been restored to full functionality. Please contact Box Support at https://support.box.com/ if you continue to experience any issues. Jun 17, 12:44 PDT Monitoring - Our team has taken steps to remediate this issue and is seeing improvement for Box Webapp service. We are continuing to monitor for any additional impact. Jun 17, 12:34 PDT Investigating - Our team is investi...
GitHub - Disruption with Copilot next edit suggestions
Jun 17, 19:28 UTC Resolved - This incident has been resolved. Thank you for your patience and understanding as we addressed this issue. A detailed root cause analysis will be shared as soon as it is available. Jun 17, 19:14 UTC Monitoring - The degradation has been mitigated. We are monitoring to ensure stability. Jun 17, 19:09 UTC Update - We have applied mitigation and are seeing recovery Jun 17, 18:40 UTC Update - We have identified a likely cause and are applying a mitigation Jun 17...
GitHub - Incident With Webhooks
Jun 17, 19:00 UTC Resolved - On June 17, 2026, between 11:35 UTC and 19:20 UTC, the Webhooks service was degraded and delivered webhook payloads with missing installation information. On average, 11.3% of webhook deliveries were impacted. Customers relying on the installation field for authentication or routing were unable to process affected webhooks. A smaller subset of deliveries for the security_advisory event (0.04%) were delivered successfully but were not recorded for redelivery. This wa...
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted by fake accounts, a YouTube channel, and a
Supabase - Hardware failure in us-east
Jun 17, 17:02 UTC Resolved - We have now recovered all Projects affected by the outage in us-east-2. Jun 17, 16:13 UTC Monitoring - All the identified affected projects in us-east-2 are now healthy. If your project is in us-east and not responsive, please open a ticket to let us know. Jun 17, 15:44 UTC Identified - We have identified projects specifically impacted by this issue and are recovering affected projects. Jun 17, 15:12 UTC Investigating - Some projects in US-East-2 are impacted ...
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim's machine, building a way back in that did not run through the C2 at all. When the Havoc server went offline the next
Supabase - Degraded Management API performance affecting payments and Supabase Studio
Jun 17, 14:10 UTC Resolved - All regions continue to report healthy Management API performance and platform stability. Jun 17, 13:15 UTC Monitoring - We have resolved the degraded performance affecting our Management API in the impacted regions. All systems are now fully operational. All payment features have been re-enabled. Customers should no longer experience failed payments or failed project creations.We are continuing to monitor the system closely and will provide a final update once we...
GitHub - Incident with Copilot Availability
Jun 17, 04:44 UTC Resolved - This incident has been resolved. Thank you for your patience and understanding as we addressed this issue. A detailed root cause analysis will be shared as soon as it is available. Jun 17, 04:44 UTC Monitoring - Copilot is operating normally. Jun 17, 04:26 UTC Update - We've applied a mitigation to unblock Copilot functionality. Users may start to see signs of recovery. Relaunching your client should accelerate signs of recovery. We will continue to monitor the ...
DocuSign - Salesforce for Gen customers are unable to generate documents (Incident-5122)
Jun 16, 23:30 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 16, 22:01 UTC Update - We are continuing to work on a fix for this issue. Jun 16, 22:00 UTC Identified - We have identified the issue and a fix is being implemented. Jun 16, 20:46 UTC Update - We continue to investigate the issue and additional resources have been engaged. Jun 16, 18:28 UTC Update - We continue to inve...
Box - [Minor] Issues with Downloads
Jun 16, 16:00 PDT Resolved - From approximately 3:40PM and 3:50 PM PDT, we observed an issue impacting downloads. Our systems automatically detected and corrected the underlying issue. There is no current impact and no further updates will be provided here. If you continue to experience any issues, please contact Box Support at https://support.box.com.
Figma - Figma Make and Agent Service Disruption
Jun 16, 19:41 UTC Resolved - We've identified an issue leading to errors while prompting Figma Make and and Agent using Anthropic models. This has been resolved. Jun 16, 17:58 UTC Monitoring - We've identified an issue leading to errors while prompting Figma Make and and Agent using Anthropic models. A fix has been implemented and this should now be operational. We are continuing to monitor.
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty program, calls the technique "Pickle in the Middle" and said it saw no exploitation in the wild.
GitHub - Disruption with some GitHub services
Jun 16, 18:15 UTC Resolved - This incident has been resolved. Thank you for your patience and understanding as we addressed this issue. A detailed root cause analysis will be shared as soon as it is available. Jun 16, 18:14 UTC Update - The issues with our upstream model provider have been resolved, and Opus 4.8 is once again available in Copilot products and IDE surfaces.We will continue monitoring to ensure stability, but mitigation is complete. Jun 16, 18:00 UTC Monitoring - The degradat...
DocuSign - Customers may experience intermittent latency (Incident 5118)
Jun 16, 17:18 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 16, 15:20 UTC Update - We continue to investigate the issue. Performance has improved but the issue is still under investigation. Jun 16, 10:34 UTC Update - We are continuing to investigate this issue. Jun 16, 08:37 UTC Investigating - We are actively investigating this issue.
Supabase - Project usage analytics API endpoints breakage
Jun 16, 17:01 UTC Resolved - All analytics responses have returned to normal. Jun 16, 16:27 UTC Monitoring - The mitigation has been successful and analytics endpoints are all responsive. We will continue to monitor for stability. Jun 16, 16:22 UTC Identified - The component at issue has been identified and we are implementing mitigations. Analytics responsiveness on the impacted endpoint is begining to recover. Jun 16, 16:18 UTC Update - We are investigating the components involved in an...
Vercel - Partial disruption of Observability, Analytics, Firewall, and Usage in dashboard
Jun 16, 15:39 UTC Resolved - The incident has been resolved. Jun 16, 15:26 UTC Monitoring - The team has deployed a fix for timeouts and failed requests related to Observability, Web Analytics, Speed Analytics, Firewall, and Usage in dashboard. We are continuing to monitor. Jun 16, 15:16 UTC Identified - The team has identified the source of the issue and is preparing a fix for timeouts and failed requests related to Observability, Web Analytics, Speed Analytics, Firewall, and Usage in dash...
Supabase - Degraded Log Explorer in the dashboard
Jun 16, 15:08 UTC Resolved - We have rolled out additional performance improvements to reporting API endpoints. Jun 16, 13:30 UTC Monitoring - We are seeing things have stabilized across the fleet after further optimization work, and we are monitoring to ensure no further issues arise. Jun 16, 13:01 UTC Identified - The mitigations rolled out have resulted in a great reduction in errors and most users should now see fully-functional logging and usage charts; however, some users may still se...
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could
Supabase - DNS Resolution Failures for TLD .co users
Jun 16, 08:16 UTC Resolved - The top-level domain provider has fixed the underlying problem that was causing this issue. Name resolution has returned to normal. Jun 15, 16:52 UTC Update - The top-level domain provider has fixed the underlying problem that was causing this issue. Name resolution has returned to normal. We will monitor this for continued functionality. Jun 12, 11:09 UTC Update - Our upstream TLD provider is continuing to make changes to its network routing policies to address...
Supabase - Access Issues From Some Providers in Brazil
Jun 16, 08:15 UTC Resolved - The top-level domain provider has fixed the underlying problem that was causing this issue. Name resolution has returned to normal. Jun 15, 16:52 UTC Update - The top-level domain provider has fixed the underlying problem that was causing this issue. Name resolution has returned to normal. We will monitor this for continued functionality. Jun 12, 14:42 UTC Monitoring - We continue to work with the relevant provider and have seen improvements. We are monitoring ...
Empty-ciphertext panic in aws-encryption-provider (CVD with AWS)
While fuzzing the Kubernetes AWS KMS provider, researchers at Syntetisk found a denial-of-service issue in aws-encryption-provider where an empty ciphertext field could trigger an unrecovered Go panic and crash the plugin process. The writeup includes root-cause analysis, crash path details, reproducer examples, impact discussion, and disclosure timeline   submitted by   /u/Sandwich_1337...
GitHub - Multiple services have elevated errors and endpoint failures when checking feature flags
Jun 15, 19:10 UTC Resolved - Between 17:38 UTC and 18:22 UTC on June 15, 2026, approximately 83% of requests to the analytics endpoint serving the /chronicle feature failed. The cause was an internal feature-flag service that encountered a transient error and failed to recover, causing feature flag checks to fail. The analytics endpoint was gated behind one of these flags, resulting in requests being rejected. We restored service health by removing the feature flag gating the analytics endpoin...
DocuSign - Users may experience performance latency when utilizing the doc2pdf service (Incident 5085)
Jun 15, 18:29 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 15, 17:24 UTC Identified - We are have identified the root cause and we are implementing a fix.
GitHub - Increased latency with webhooks
Jun 15, 17:37 UTC Resolved - This incident has been resolved. Thank you for your patience and understanding as we addressed this issue. A detailed root cause analysis will be shared as soon as it is available. Jun 15, 16:39 UTC Monitoring - The degradation affecting Webhooks has been mitigated. We are monitoring to ensure stability. Jun 15, 16:39 UTC Update - Webhooks delivery latency has returned to normal levels. The backlog that built up during the incident has been cleared at approximat...
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider key it holds, the secrets that
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were
DocuSign - Email notifications sent from custom domains may not be delivered (Incident 5106)
Jun 15, 14:51 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 15, 14:00 UTC Investigating - We are actively investigating the issue.
Netlify - AI Gateway: Claude Fable 5 unavailable
Jun 15, 09:44 UTC Resolved - This incident has been resolved. Jun 13, 08:25 UTC Monitoring - We are aware that requests to claude-fable-5 through Netlify AI Gateway are failing. Anthropic has suspended access to Claude Fable 5, and the model is currently unavailable. https://www.anthropic.com/news/fable-mythos-access
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad
Netlify - Connectivity issues affecting Bolt-powered sites
Jun 15, 01:45 UTC Resolved - This incident has been resolved. Jun 14, 20:23 UTC Update - While recovery is in progress, enabling and disabling sites may take longer than usual. Customers using Bolt may continue to experience delays or intermittent errors when accessing, creating, or updating Bolt-powered sites Jun 14, 19:55 UTC Identified - We are currently investigating a connectivity issue affecting customers using Bolt. Some customers may be experiencing errors or degraded performance wh...
Vercel - Elevated latency and errors in FRA1 Vercel Region (Frankfurt, Germany)
Jun 15, 01:24 UTC Resolved - This incident has been resolved. Jun 15, 00:25 UTC Monitoring - All traffic has been restored to the FRA1 Vercel Region. Jun 14, 23:15 UTC Update - The issue has been fixed. We are starting to re-route traffic from the CDG1 Vercel Region back to the FRA1 Vercel Region. We will provide another status update after this has finished. Jun 14, 21:26 UTC Update - The impact is currently mitigated. We are continuing to re-route traffic from the FRA1 Vercel Region to ...
PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs
Two Chrome extensions presenting as adblockers also intercept every prompt and response on ChatGPT, Claude, Gemini, Copilot, Grok, Perplexity, DeepSeek, and Meta AI, exfiltrating them to operator-controlled servers. They also check whether you're a paid user on 5 of the 8 platforms (ChatGPT, Claude, Perplexity, Copilot, Gemini). Both share the same capture engine, payload format, and partnerId. Tw...
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns. The AI company said it received an order at 5:21 p.m. ET, instructing it to suspend
Supabase - Storage users in US-West-2 experiencing increased latency on storage requests
Jun 13, 00:40 UTC Resolved - All residual jobs have drained. Storage performance and job activity is normal. Jun 12, 23:57 UTC Update - Job queues continue to drain. We will actively monitor until they are complete. Jun 12, 20:26 UTC Monitoring - Backlog is being effectively processed and operations have returned to normal. We continue to monitor the performance in us-west-2. Jun 12, 19:30 UTC Update - We are seeing improvement in the performance of us-west-2 after implementation of our m...
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) - watchTowr Labs
  submitted by   /u/dx7r__ [link]   [comments]
Datadog - Delayed Evaluation
Jun 12, 15:39 EDT Resolved - This incident has been resolved. Jun 12, 15:23 EDT Monitoring - A fix has been implemented and we are monitoring the results. Jun 12, 15:08 EDT Update - We are continuing to work on a fix for this issue. During this time, the following components are affected:Monitor evaluationMetrics and Infra MonitoringAPM metricsEstimated usage metrics Jun 12, 15:01 EDT Update - We are continuing to work on a fix for this issue. Jun 12, 14:39 EDT Update - We are continuin...
HubSpot - Meta service integrations including WhatsApp, Facebook, Instagram and Ads are unavailable for most customers
Jun 12, 14:36 EDT Resolved - Between 04:05 PM (UTC +02:00) and 08:35 PM (UTC +02:00), all customers in all affected regions experienced issues with Meta service integrations including WhatsApp, Facebook, Instagram and Ads. This was caused by disruptions to Meta services. As of 08:35 PM (UTC +02:00), our Meta service integrations including WhatsApp, Facebook, Instagram and Ads are working properly and the incident has been fully resolved.HubSpot conducts a thorough review after each incident ...
Dropbox - Shared content downloads are degraded
Jun 12, 16:54 UTC Resolved - Shared content downloads on Dropbox is back up and running! Thanks for bearing with us. Jun 8, 19:43 UTC Investigating - We are currently experiencing performance issues affecting shared content downloads on Dropbox. Some people may see significantly slower downloads than expected, including delays when downloading small assets. We are working to resolve the issue as quickly as possible. Thank you for your patience.
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack
Sentry - Missing SDK Client Reports and Rate Limiting Outcomes
Jun 12, 11:30 UTC Resolved - From approximately 10:55 UTC to 11:10 UTC we experienced a loss of outcomes which power the "Stats" in the organization settings.The data loss is purely informational without impact on billing or ingested data.
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications. "An SQL injection in LangGraph's function could
DocuSign - Notification failures when utilising Outlook (Incident 5087)
Jun 12, 06:37 UTC Resolved - We can confirm that this issue is now resolved, thank you for your patience. Jun 12, 06:10 UTC Monitoring - A fix has been applied and our engineering teams are actively reviewing our telemetry to confirm this fix has mitigated the issue. Jun 12, 06:04 UTC Investigating - Customers utilising Outlook may receive delivery notification failures when sending envelopes to signers. Engineering teams have been engaged and we are actively triaiging this issue.
DocuSign - Document Upload and Generation Errors (Incident 5073)
Jun 11, 23:21 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 11, 22:13 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jun 11, 22:05 UTC Identified - We have identified the issue and a fix is being implemented. Jun 11, 21:52 UTC Update - We continue to investigate the issue. Jun 11, 20:34 UTC Update - We continue to investigate the issue and additi...
GitHub - Incident with Webhooks
Jun 11, 22:19 UTC Resolved - This incident has been resolved. Thank you for your patience and understanding as we addressed this issue. A detailed root cause analysis will be shared as soon as it is available. Jun 11, 20:00 UTC Monitoring - The degradation affecting Webhooks has been mitigated. We are monitoring to ensure stability. Jun 11, 19:58 UTC Update - We have applied a mitigation and are monitoring for recovery. Jun 11, 19:42 UTC Update - We are currently experiencing delays in We...
DocuSign - Users may encounter errors when attempting to process envelopes (Incident 5072)
Jun 11, 21:50 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 11, 19:45 UTC Investigating - We are investigating this issue.
Sentry - Notification delivery
Jun 11, 14:48 UTC Resolved - This issue has been resolved. Jun 11, 14:18 UTC Update - The issue involving some alerts not firing has been mitigated. We will continue to monitor the situation to ensure it does not reoccur. Jun 11, 13:23 UTC Update - We have identified an issue with one of our cloud providers that might have caused some alert notifications to not fire starting at around 4:00 AM GMT+2.Since around 1:30 PM GMT+2, alert notifications are now fully operational in the US region, w...
Box - [Medium] Issue with Multiple Box Services
Jun 10, 19:01 PDT Resolved - After further monitoring, this incident is now considered resolved. The affected services have been restored to full functionality. If you continue to experience any issues, please contact Box Support at https://support.box.com. Jun 10, 18:41 PDT Monitoring - Our team has taken steps to remediate this issue and is seeing improvement. We are continuing to monitor for any additional impact. Jun 10, 17:34 PDT Identified - Our team is investigating an issue with Box...
GitHub - Authentication issues related to API requests
Jun 10, 16:39 UTC Resolved - Between 15:05 UTC and 16:25 UTC, GitHub API services experienced degraded availability due to sporadic authentication failures affecting approximately 9% of requests. Customers experienced intermittent "logged out" behavior as erroneous 401 responses triggered repeated authentication flows in app integrations. Affected requests also experienced approximately 800ms of additional latency. A memcached proxy service rollout to our internal API infrastructure caused ou...
Sentry - Users unable to login to sentry.io
Jun 10, 10:28 UTC Resolved - Our auth systems are back operational Jun 10, 10:17 UTC Update - We rolled back a configuration change we identified as the root cause of the issue. We'll keep monitoring our systems Jun 10, 10:15 UTC Monitoring - We deployed a fix and are monitoring the situation. Jun 10, 10:05 UTC Investigating - We are currently investigating the issue.
Jupyter Enterprise Gateway - From Notebook to Kubernetes Cluster Admin - elttam
  submitted by   /u/AnimalStrange [link]   [comments]
Supabase - Higher connection failure rate for ap-northeast-1 and ap-northeast-2
Jun 10, 00:00 UTC Resolved - From 00:52 to 01:02 UTC on 10th June an internal deployment in one of the ap-northeast-1 and ap-northeast-2 clusters caused a higher connection failure rate. Users would have experienced failing connections, increased query latency and would not have been able to retrieve pooler metrics. The deployment has now been reverted and full service availability restored.
Heroku - Resolved: Heroku Retroactive Feature Disruption
The issue is now resolved.
CrowdStrike Falcon Shield vs AppOmni
AppOmni vs CrowdStrike Falcon Shield CrowdStrike Falcon Shield provides broad visibility across the security stack, including SaaS environments. AppOmni delivers deep SaaS security by analyzing configurations, identities, and data access directly within SaaS applications. Why AppOmni is needed AppOmni delivers deep SaaS security by continuously analyzing configurations, identities, user activity, ...
Supabase - Upgrade Shared Pooler V1 to V2 for eu-west-2 region
Jun 9, 15:00 UTC Completed - The scheduled maintenance has been completed. Jun 9, 13:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 2, 00:56 UTC Scheduled - There will be a scheduled maintenance on 2026-06-09 from 13:00-15:00 UTC on the Shared Pooler(V1) for the eu-west-2 region.This maintenance upgrades the Shared Pooler to a new version (V2) that provides better scalability and uptime.The Shared Pooler will be unavailable ...
Vercel - Elevated Build Errors for Secure Compute/Static IPs Projects
Jun 9, 14:46 UTC Resolved - This incident has been resolved. Jun 9, 14:39 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jun 9, 14:33 UTC Identified - The issue has been identified and a fix is being implemented. Jun 9, 14:09 UTC Investigating - We are currently investigating this issue.
Device Code Phishing Explained: How Attackers Abuse OAuth Across SaaS
Device code phishing is expanding beyond Microsoft 365. Learn how attackers abuse OAuth authorization flows across SaaS platforms and what security teams can do to reduce risk. The post Device Code Phishing Explained: How Attackers Abuse OAuth Across SaaS appeared first on AppOmni.
Netlify - Elevated latency affecting image delivery
Jun 9, 03:55 UTC Resolved - This incident has been resolved. Jun 9, 03:49 UTC Monitoring - We are seeing recovery from the elevated latency affecting image delivery for some Netlify-hosted sites across our network. Error rates have decreased and image delivery performance has improved. Our engineering team is continuing to monitor the service to confirm stability. We will provide another update once the issue is fully resolved. Jun 9, 03:41 UTC Investigating - We are investigating elevat...
Vercel - Elevated Functions Invocation Errors in DUB1 (Dublin, Ireland) Region
Jun 8, 20:00 UTC Resolved - This incident has been resolved. Jun 8, 19:36 UTC Update - We are continuing to monitor for any further issues. Jun 8, 19:36 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jun 8, 19:04 UTC Update - We're continuing to work on a fix. In the meantime, deployments with multiple function regions or failover regions are being rerouted to the nearest healthy region.If your project uses only the dub1 function region, you can switch ...
GitHub - Degraded availability for GitHub.com, GraphQL API, and Webhooks UI/API
Jun 8, 15:00 UTC Resolved - On June 8, 2026, between 14:49 and 14:54 UTC, a subset of requests to GitHub.com, the REST API, GraphQL API, and Webhooks UI/API experienced elevated error rates due to a transient infrastructure capacity issue that self-resolved within approximately 5 minutes.Users experienced HTTP 500 errors and timeouts when accessing GitHub.com, the REST API, GraphQL API, and Webhooks UI/API for approximately 5 minutes, with the REST API taking up to 12 minutes to fully recover....
Datadog - Increased latency across multiple products
Jun 8, 08:59 EDT Resolved - This incident has been resolved. Jun 8, 08:21 EDT Update - We are continuing to monitor the fix deployed earlier.We will provide another update once the issue is fully resolved. Jun 8, 07:21 EDT Monitoring - We have deployed a fix and we are monitoring the results. Jun 8, 07:05 EDT Identified - We are investigating and have identified a fix for increased latency across multiple products. As a result of this issue, some users may see delays in data across th...
GitHub - Disruption with Claude Opus 4.7
Jun 8, 10:03 UTC Resolved - On June 8, 2026, between 08:40 UTC and 09:30 UTC, the Claude Opus 4.7 model experienced degraded availability with error rates peaking at 8.4% and averaging 1.9%. This was due to an upstream provider issue that caused temporary unavailability and rate limiting on secondary failover systems. Users selecting Auto or alternative models were unaffected. We are improving provider failover mechanisms and monitoring to prevent similar issues. Jun 8, 09:49 UTC Update - W...
GitHub - Pull Requests and Issues unavailable for signed-out users
Jun 8, 08:36 UTC Resolved - On June 8, 2026, between approximately 06:30 UTC and 08:36 UTC, signed-out users experienced sustained elevated HTTP 504 errors when accessing Pull Requests, Issues, releases, patch diffs, and other related GitHub.com pages. During the incident, approximately 17% of unauthenticated requests to the affected GitHub.com endpoints returned gateway timeout errors, peaking at roughly 34% of requests at around 06:50 UTC. Some GitHub Actions workflows were also affected whe...
GitHub - EU Network Maintenance
Jun 6, 18:49 UTC Resolved - This incident was used to notify for a maintenance event. There is no specific root cause analysis. Maintenance did run longer than expected (we were complete at 18:48 UTC) but the work proceeded as planned. Jun 6, 18:48 UTC Update - All work has been completed and we are hands off. Jun 6, 15:36 UTC Monitoring - The degradation has been mitigated. We are monitoring to ensure stability. Jun 6, 15:31 UTC Update - We are conducting routine maintenance on our n...
GitHub - Disruption with some GitHub services in the EU region
Jun 6, 17:07 UTC Resolved - On June 6, 2026 between 16:18 UTC and 17:01 UTC, users experienced elevated error rates when performing Git operations (cloning, fetching, downloading archives) and accessing package registries. The issue affected users whose traffic was routed through our European infrastructure.During this time, on average 0.95% of Codeload requests and 9.2% of Package Registry requests failed with server errors. At peak, the Codeload error rate reached 1.76% and Package Registry ...
DocuSign - CLM: Resolved Authentication/Access Issues in EU11 (Incident 5040)
Jun 5, 23:03 UTC Resolved - An unexpected system dependency caused a temporary service disruption affecting a subset of accounts in the CLM EU11 environment between 21:09 UTC and 22:40 UTC on June 5, 2026. During this time, impacted users may have experienced authentication errors or issues accessing certain features.The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Customers may have experienced errors fro...
DocuSign - Customers Unable to Purchase Plans (Incident 5034)
Jun 5, 22:32 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jun 5, 22:22 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jun 5, 22:15 UTC Identified - We have identified the issue and a fix is being implemented. Jun 5, 22:02 UTC Investigating - We are actively investigating this issue.
GitHub - Auth issue resulting in API impacts, including some Slack and Teams channel subscriptions
Jun 5, 22:21 UTC Resolved - On June 5, 2026, between 15:35 UTC and 16:45 UTC, 0.11% of authenticated REST API requests incorrectly returned “not found” responses. Impact was concentrated among - and significantly higher for - users authenticating with user-to-server tokens to access organization-owned repositories.Some users of our GitHub for Slack and GitHub for Microsoft Teams integrations saw their channel subscriptions removed as those systems interpreted the transient "not found" response...
Netlify - Elevated error rates for a subset of sites using Edge Functions
Jun 4, 20:59 UTC Resolved - This incident has been resolved. Between approximately 17:00 and 20:30 UTC, a subset of sites using Edge Functions experienced elevated 504 error rates. We applied a mitigation and error rates have remained at normal levels since. We apologize for the impact to your sites and visitors. Jun 4, 20:42 UTC Monitoring - We have applied a mitigation and error rates for affected sites have returned to normal levels as of approximately 20:30 UTC. We are continuing to mo...