1. CISA added the high severity SolarWinds Serv-U denial of service vulnerability CVE-2026-28318 to its Known Exploited Vulnerabilities catalog following reports of active exploitation (The Hacker News).
2. Cisco warned that the high severity vulnerability CVE-2026-20245 in Catalyst SD-WAN Manager is currently being exploited in the wild with no patch yet available (The Hacker News).
3. The Miasma self-replicating supply chain attack has compromised 73 Microsoft GitHub repositories across four organizations including Azure and MicrosoftDocs (The Hacker News).
4. Palo Alto Networks issued a threat brief regarding the active exploitation of the PAN-OS vulnerability CVE-2026-0257 (Unit 42).
5. The threat cluster UNC3753 is conducting a financially motivated extortion campaign against US law firms and financial services using voice phishing (Google Cloud Blog).
6. A Chinese espionage group identified as OP-512 is targeting Microsoft IIS servers with a custom web shell framework (The Hacker News).
7. Researchers identified a new Chinese APT campaign using the Brickstorm backdoor and new malware variants Plenet and AgentPSD to maintain access to Microsoft 365 environments (BleepingComputer).
8. The npm ecosystem faces ongoing supply chain attacks from the IronWorm and Miasma worms which distribute information stealers and eBPF kernel rootkits (The Hacker News).
9. A new Android spyware campaign named Asin is targeting Arabic speaking users through malicious apps mimicking news and war map utilities (The Hacker News).
10. Microsoft discovered that the Claude Code GitHub Action is vulnerable to prompt injection attacks via malicious issues and pull requests (Reddit).
11. Over 900 automatic tank gauge systems at US gas stations are exposed online and vulnerable to ongoing cyberattacks (BleepingComputer).
12. A new BitLocker bypass has been identified that allows unauthorized access to encrypted drives in the pre-boot environment even with security features enabled (Reddit).
13. Free mobile applications are being used to turn smart TVs and other devices into residential proxy nodes for web scraping traffic (The Hacker News).
14. A security startup reported 21 zero-day vulnerabilities in the FFmpeg media library discovered by an autonomous AI agent (The Hacker News).
15. Google released Chrome 149 with patches for 429 security vulnerabilities marking a record number of fixes in a single release (The Hacker News).
Be First to Comment