← Latest brief

Security news.

·Morning Brief

Today's security brief highlights critical supply-chain attacks, significant data breaches, and important vulnerability disclosures. Developers and IT teams should pay close attention to updates for widely used SDKs and open-source tools, as well as new advisories for enterprise hardware and software.

BLEEPINGBREACH
Mar 14READ

AppsFlyer Web SDK Hijacked to Spread Crypto-Stealing JavaScript

The AppsFlyer Web SDK was temporarily compromised in a supply-chain attack, injecting malicious code to steal cryptocurrency.

THNSUPPLY CHAIN
Mar 14READ

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions

A new GlassWorm campaign is escalating by abusing `extensionPack` and `extensionDependencies` in 72 Open VSX extensions to propagate malicious code.

SECURITYWEEKBREACH
Mar 15READ

Loblaw Data Breach Impacts Customer Information

Hackers accessed personal information including names, email addresses, and phone numbers in a data breach affecting Loblaw customers.

BLEEPINGRCE
Mar 14READ

Microsoft Releases Windows 11 OOB Hotpatch for RRAS RCE Flaw

Microsoft issued an out-of-band update to fix a critical Remote Code Execution (RCE) vulnerability affecting Windows 11 Enterprise devices using hotpatch updates.

THNVULN
Mar 14READ

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's CNCERT warned about security flaws in the OpenClaw (formerly Clawdbot and Moltbot) open-source AI agent, citing weak default security configurations.

SECURITYWEEKVULN
Mar 14READ

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

A critical vulnerability in HPE AOS-CX can be exploited remotely and without authentication to reset administrator passwords and bypass authentication controls.

CISAKEV
Mar 13READ

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA added CVE-2026-3909 (Google Skia Out-of-Bounds Write) and CVE-2026-3910 (Google Chromium V8 Unspecified Vulnerability) to its KEV Catalog, urging immediate remediation.

KREBS
Mar 11READ

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group linked to Iranian intelligence agencies claimed responsibility for a data-wiping attack against global medical technology company Stryker.

Generated twice daily from public security RSS feeds. Informational only.