← Latest brief

Security news.

·Morning Brief

Today's security landscape is marked by critical vulnerabilities, with CISA warning of active exploitation in Langflow for AI workflows and adding another flaw to its KEV catalog. Espionage campaigns by China-linked threat actors targeting telecom networks also highlight persistent state-sponsored threats, alongside various data breaches and phishing attempts.

BLEEPINGEXPLOIT
Mar 26READ

CISA: Langflow AI flaw actively exploited

CISA warns of active exploitation of CVE-2026-33017, a critical vulnerability in the Langflow framework that allows attackers to hijack AI workflows.

CISAKEV
Mar 26READ

CISA Adds Aqua Security Trivy Flaw to KEV Catalog

CISA has added CVE-2026-33634, an Aqua Security Trivy Embedded Malicious Code Vulnerability, to its Known Exploited Vulnerabilities Catalog.

READ

China-Linked Red Menshen Spies via Telecom Networks

A China-nexus threat actor, Red Menshen (aka Earth Bluecrow), is conducting a long-term espionage campaign using stealthy BPFDoor implants within telecom networks to target government entities.

SECURITYWEEKBREACH
Mar 26READ

Hightower Holding Data Breach Impacts 130,000

A data breach at Hightower Holding exposed names, Social Security numbers, and driver’s license numbers for approximately 130,000 individuals.

BLEEPINGPHISHING
Mar 26READ

TikTok for Business Accounts Targeted in Phishing

A new phishing campaign is targeting TikTok for Business accounts, employing techniques to evade security bot detection of malicious pages.

SECURITYWEEKPATCH
Mar 26READ

BIND Updates Patch High-Severity Vulnerabilities

ISC has released updates for BIND to address high-severity vulnerabilities that could lead to out-of-memory conditions and memory leaks via specially crafted domains.

THNVULN
Mar 26READ

Claude Extension Flaw Allowed Zero-Click XSS Prompt Injection

A vulnerability in Anthropic's Claude Google Chrome Extension could have enabled zero-click XSS prompt injection, allowing any website to silently inject prompts.

SECURITYWEEKPATCH
Mar 26READ

Cisco Patches Multiple IOS Software Vulnerabilities

Cisco has released patches for several high- and medium-severity vulnerabilities in its IOS software, addressing issues like denial-of-service, secure boot bypass, and privilege escalation.

Generated twice daily from public security RSS feeds. Informational only.