Security news.
Today's security news highlights critical updates and active exploitation campaigns. Apple is issuing lock screen alerts for outdated iPhones due to web-based attacks, and supply chain attacks continue with malicious Python packages and fake VS Code alerts targeting developers. Several high-severity vulnerabilities in routers and industrial control systems also require attention.
Apple Alerts Outdated iPhones to Active Web-Based Exploits
Apple is sending Lock Screen notifications to users running older iOS/iPadOS versions, urging them to update due to active web-based attacks.
TeamPCP Pushes Malicious Telnyx Versions to PyPI
The TeamPCP threat actor has compromised the 'telnyx' Python package on PyPI, pushing malicious versions (4.87.1 and 4.87.2) that hide credential-stealing capabilities in WAV files.
Fake VS Code Alerts on GitHub Spread Malware
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts in project discussions, tricking them into downloading malware.
Open VSX Bug Allowed Malicious VS Code Extensions to Bypass Checks
A now-patched bug in Open VSX's pre-publish scanning pipeline allowed malicious Microsoft Visual Studio Code (VS Code) extensions to bypass security vetting and go live in the registry.
TP-Link Patches High-Severity Router Vulnerabilities
TP-Link has released patches for high-severity security flaws in its routers that could allow authentication bypass, arbitrary command execution, and decryption of configuration files.
European Commission Investigating Amazon Cloud Account Hack
The European Commission is investigating a security breach after a threat actor gained unauthorized access to the Commission's Amazon cloud environment.
CISA Adds Aqua Security Trivy Vulnerability to KEV Catalog
CISA has added CVE-2026-33634, an Aqua Security Trivy Embedded Malicious Code Vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.
CISA Adds Langflow Code Injection Vulnerability to KEV Catalog
CISA has added CVE-2026-33017, a Langflow Code Injection Vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.