← Latest brief

Security news.

·Morning Brief

Today's security landscape is dominated by critical vulnerabilities and sophisticated supply chain attacks. Oracle has released an emergency patch for a critical Identity Manager RCE flaw, while the Trivy vulnerability scanner suffered a second supply chain compromise distributing infostealers and a self-propagating worm.

SECURITYWEEKRCE
Mar 23READ

Oracle Emergency Patch for Critical Identity Manager RCE

Oracle has released an emergency patch for CVE-2026-21992, a critical vulnerability in Identity Manager that allows unauthenticated remote code execution and may be actively exploited.

BLEEPINGMALWARE
Mar 22READ

VoidStealer Malware Bypasses Chrome ABE

VoidStealer, an information stealer, is using a novel debugger trick to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting browser data.

BLEEPINGMALWARE
Mar 21READ

Trivy Scanner Compromised, Distributed Infostealer

The Trivy vulnerability scanner was hit by a supply-chain attack by TeamPCP, distributing credential-stealing malware through official releases and GitHub Actions, with follow-on attacks spreading a new worm dubbed CanisterWorm.

THNPHISHING
Mar 21READ

FBI Warns of Russian Phishing on Signal, WhatsApp

The FBI and CISA have warned that Russian intelligence-linked actors are conducting phishing campaigns targeting commercial messaging apps like Signal and WhatsApp to compromise accounts of high-value individuals.

SECURITYWEEKEXPLOIT
Mar 21READ

Critical Quest KACE Vulnerability Exploited

A critical vulnerability, CVE-2025-32975, in Quest KACE products is potentially being exploited in attacks, particularly against the education sector.

THNKEV
Mar 21READ

CISA Adds Apple, Craft CMS, Laravel Bugs to KEV Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including flaws in Apple, Craft CMS, and Laravel Livewire, urging federal agencies to patch by April 3, 2026.

BLEEPINGPHISHING
Mar 21READ

Azure Monitor Alerts Abused for Callback Phishing

Threat actors are abusing Microsoft Azure Monitor alerts to send callback phishing emails, impersonating Microsoft Security Team warnings about unauthorized account charges.

KREBSMALWARE
Mar 20READ

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

U.S., Canadian, and German authorities have dismantled the infrastructure of four IoT botnets (Aisuru, Kimwolf, JackSkid, and Mossad) responsible for compromising over three million devices and launching massive DDoS attacks.

Generated twice daily from public security RSS feeds. Informational only.