← Latest brief

Security news.

·Morning Brief

Today's security landscape highlights critical vulnerabilities under active exploitation and significant law enforcement actions. Russian intelligence services are linked to Signal phishing attacks, while multiple critical flaws in popular software are being weaponized rapidly after disclosure, demanding immediate patching.

BLEEPINGPHISHING
Mar 20READ

FBI Links Signal Phishing to Russian Intelligence

The FBI warns that Russian intelligence-linked actors are actively targeting encrypted messaging app users, including Signal and WhatsApp, in phishing campaigns that have already compromised thousands of accounts.

THNEXPLOIT
Mar 20READ

Critical Langflow Flaw Exploited Within 20 Hours

A critical Langflow vulnerability, CVE-2026-33017, allowing unauthenticated remote code execution, saw active exploitation within 20 hours of public disclosure.

THNBREACH
Mar 20READ

Trivy GitHub Actions Breached, CI/CD Secrets Stolen

The popular Trivy open-source vulnerability scanner's GitHub Actions were compromised for a second time, with 75 tags hijacked to deliver malware and steal sensitive CI/CD secrets.

BLEEPINGRCE
Mar 20READ

Oracle Pushes Emergency Fix for Critical Identity Manager RCE

Oracle released an out-of-band update to address CVE-2026-21992, a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager.

CISAKEV
Mar 20READ

CISA Adds Five New Exploited Vulnerabilities to KEV Catalog

CISA has added five new vulnerabilities, including Apple buffer overflows and a Craft CMS code injection, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.

BLEEPINGPATCH
Mar 20READ

CISA Orders Feds to Patch Max-Severity Cisco Flaw

CISA has mandated federal agencies patch CVE-2026-20131, a maximum-severity vulnerability in Cisco Secure Firewall Management Center (FMC), by Sunday, March 22.

BLEEPING
Mar 20READ

Police Take Down 373,000 Fake CSAM Sites in Operation Alice

An international law enforcement effort, Operation Alice, has successfully shut down over 373,000 dark web sites distributing fake CSAM packages.

KREBSMALWARE
Mar 20READ

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

U.S. Justice Department, alongside Canadian and German authorities, dismantled the infrastructure of four botnets (Aisuru, Kimwolf, JackSkid, Mossad) that compromised over three million IoT devices for DDoS attacks.

Generated twice daily from public security RSS feeds. Informational only.