← Latest brief

Security news.

·Morning Brief

Today's security landscape is marked by active exploitation of critical vulnerabilities, supply chain attacks targeting developers, and state-sponsored campaigns. CISA has added a critical F5 BIG-IP APM flaw to its KEV catalog, while Apple is alerting users to active web-based exploits targeting outdated iOS versions.

THNKEV
Mar 28READ

CISA Adds F5 BIG-IP APM RCE to KEV

CISA has added CVE-2025-53521 (CVSS 9.3), a critical remote code execution vulnerability in F5 BIG-IP Access Policy Manager (APM), to its Known Exploited Vulnerabilities catalog due to active exploitation.

THNVULN
Mar 28READ

Citrix NetScaler Under Active Reconnaissance for CVE-2026-3055

A critical memory overread bug, CVE-2026-3055 (CVSS 9.3), affecting Citrix NetScaler ADC and NetScaler Gateway is experiencing active reconnaissance, potentially leading to sensitive information disclosure.

THNEXPLOIT
Mar 27READ

Apple Alerts Outdated iPhones to Active Web-Based Exploits

Apple is issuing Lock Screen notifications to users with older iOS/iPadOS versions, urging them to update due to active web-based attacks targeting their devices.

THNMALWARE
Mar 27READ

Malicious Telnyx PyPI Package Hides Stealer in WAV Files

TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions (4.87.1 and 4.87.2) that conceal credential-stealing malware within WAV audio files.

THNPHISHING
Mar 28READ

TA446 Deploys DarkSword iOS Exploit Kit in Spear-Phishing

The Russian state-sponsored threat group TA446 (Callisto, Seaborgium) is leveraging the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices.

SECURITYWEEKMALWARE
Mar 28READ

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

A new attack chain, dubbed "ClickFix," uses fake CAPTCHA pages and a Nuitka loader to deploy the Python-based Infiniti stealer on macOS systems.

BLEEPINGMALWARE
Mar 27READ

Fake VS Code Alerts on GitHub Spread Malware

A widespread campaign is targeting developers on GitHub with fraudulent Visual Studio Code security alerts in project discussions, tricking them into downloading malware.

BLEEPINGBREACH
Mar 27READ

European Commission Investigating Amazon Cloud Account Hack

The European Commission is probing a security breach after an attacker gained unauthorized access to its Amazon cloud environment.

Generated twice daily from public security RSS feeds. Informational only.