← Latest brief

Security news.

·Morning Brief

Today's security news highlights a critical unpatched RCE vulnerability in Telnetd, alongside Apple's new background security updates addressing a WebKit flaw. The cybersecurity landscape also saw a significant supply-chain attack impacting hundreds of code repositories and new sanctions from Europe against firms involved in cyberattacks.

THNRCE
Mar 18READ

Critical Unpatched Telnetd Flaw Enables Unauthenticated Root RCE

A critical out-of-bounds write vulnerability (CVE-2026-32746) in GNU InetUtils telnetd allows unauthenticated remote attackers to execute arbitrary code with root privileges via port 23.

BLEEPINGVULN
Mar 18READ

Apple Pushes First Background Security Improvements Update for WebKit Flaw

Apple has released its initial Background Security Improvements update to fix a WebKit flaw (CVE-2026-20643) on iPhones, iPads, and Macs without requiring a full OS upgrade.

BLEEPINGMALWARE
Mar 17READ

GlassWorm Malware Hits 400+ Code Repos on GitHub, npm, VSCode

The GlassWorm supply-chain campaign has resurfaced with a coordinated attack targeting hundreds of packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX.

BLEEPINGPOLICY
Mar 17READ

Europe Sanctions Chinese and Iranian Firms for Cyberattacks

The European Union Council has imposed sanctions on three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure within the region.

THNRCE
Mar 17READ

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Researchers have detailed a new method for exfiltrating sensitive data from AI code execution environments using DNS queries, affecting platforms like Amazon Bedrock AgentCore Code Interpreter.

SECURITYWEEK
Mar 17READ

UK Companies House Exposed Details of Millions of Firms

A vulnerability in the UK government agency's systems could have allowed attackers to obtain company details and alter records for millions of firms.

THNRANSOMWARE
Mar 17READ

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

The LeakNet ransomware operation has adopted the ClickFix social engineering tactic, using compromised websites to trick users into manually running malicious commands.

CISAKEV
Mar 16READ

CISA Adds Wing FTP Server Vulnerability to KEV Catalog

CISA has added CVE-2025-47813, an information disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.

Generated twice daily from public security RSS feeds. Informational only.