← Latest brief

Security news.

·Morning Brief

Today's security news highlights critical supply-chain attacks, including the hijacking of AppsFlyer's Web SDK and a significant escalation in the GlassWorm campaign targeting developers via Open VSX extensions. Additionally, Microsoft released an out-of-band hotpatch for a Windows 11 RCE flaw, and CISA added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

BLEEPINGSUPPLY CHAIN
Mar 14READ

AppsFlyer Web SDK Hijacked in Crypto-Stealing Supply-Chain Attack

The AppsFlyer Web SDK was temporarily compromised with malicious JavaScript code designed to steal cryptocurrency in a recent supply-chain attack.

THNSUPPLY CHAIN
Mar 14READ

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions

A new iteration of the GlassWorm campaign is significantly escalating its propagation by abusing extensionPack and extensionDependencies in 72 Open VSX extensions to target developers.

BLEEPINGRCE
Mar 14READ

Microsoft Releases Windows 11 OOB Hotpatch for RRAS RCE Flaw

Microsoft has issued an out-of-band update to address a remote code execution (RCE) vulnerability affecting Windows 11 Enterprise devices that receive hotpatch updates.

SECURITYWEEKVULN
Mar 14READ

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

A critical vulnerability in HPE AOS-CX allows unauthenticated, remote attackers to reset administrator passwords and bypass authentication controls.

CISAKEV
Mar 13READ

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added CVE-2026-3909 (Google Skia Out-of-Bounds Write) and CVE-2026-3910 (Google Chromium V8 Unspecified Vulnerability) to its KEV Catalog due to active exploitation.

THNVULN
Mar 14READ

OpenClaw AI Agent Flaws Enable Prompt Injection and Data Exfiltration

China's CNCERT has warned about security flaws in the OpenClaw AI agent, citing weak default configurations that could lead to prompt injection and data exfiltration.

BLEEPINGMALWARE
Mar 13READ

FBI Seeks Victims of Steam Games Used to Spread Malware

The FBI is asking for information from gamers who installed eight malicious Steam titles as part of an ongoing investigation into malware distribution via the platform.

THNMALWARE
Mar 13READ

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

A suspected China-based cyber espionage group, tracked as CL-STA-1087, has been targeting Southeast Asian military organizations since at least 2020 using AppleChris and MemFun malware.

Generated twice daily from public security RSS feeds. Informational only.