1. Microsoft confirmed active exploitation of two Microsoft Defender vulnerabilities including CVE-2026-41091 which grants SYSTEM privileges (The Hacker News).
2. CISA added critical vulnerabilities in Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog following evidence of active use (The Hacker News).
3. Cisco patched a maximum severity vulnerability CVE-2026-20223 in Secure Workload that allows unauthenticated remote attackers to access sensitive data (The Hacker News).
4. A Canadian man was arrested and charged for operating the Kimwolf DDoS botnet which infected nearly two million devices worldwide (Bleeping Computer).
5. The Chinese APT group Webworm is actively targeting European government entities using Discord and Microsoft Graph for command and control (Dark Reading).
6. A new modular Linux malware framework called Showboat is being used by attackers to target telecommunications providers in the Middle East (The Hacker News).
7. International law enforcement seized the First VPN service which was frequently utilized by threat actors for ransomware and data theft operations (Bleeping Computer).
8. Google accidentally leaked details regarding an unpatched Chromium vulnerability that allows remote code execution by keeping JavaScript active in the background (Bleeping Computer).
9. Researchers utilized the Mythos AI model to discover a kernel memory corruption vulnerability on Apple M5 hardware (Schneier on Security).
10. Microsoft warned that hackers are increasingly exploiting password reset processes to gain unauthorized access to user accounts (Reddit).
11. A massive campaign involving the backdooring of GitHub repositories via CI workflows has been identified under the name Megalodon (Reddit).
12. A nine year old Linux kernel flaw has been identified that enables root command execution across several major distributions (Reddit).
13. Security researchers identified a new zero day concern dubbed nginx-poolslip affecting millions of NGINX servers (Reddit).
14. The Verizon Data Breach Investigations Report 2026 indicates that vulnerability exploitation has surpassed credential theft as the primary breach vector (Reddit).
Be First to Comment