← Latest brief

Security news.

·Morning Brief

Today's security landscape highlights critical vulnerabilities under active exploitation, significant supply chain attacks, and advancements in quantum computing's threat to current encryption. Organizations are urged to patch immediately against known exploited flaws, particularly in Fortinet and Citrix products, while also addressing emerging threats from sophisticated malware campaigns.

SECURITYWEEKEXPLOIT
Mar 31READ

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

A critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing unauthenticated remote code execution via crafted HTTP requests, is now being actively exploited.

BLEEPINGEXPLOIT
Mar 31READ

CISA Orders Feds to Patch Actively Exploited Citrix Flaw by Thursday

CISA has mandated federal agencies patch an actively exploited Citrix NetScaler vulnerability (CVE-2026-3055) by Thursday, adding it to the Known Exploited Vulnerabilities Catalog.

THNSUPPLY CHAIN
Mar 31READ

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

A supply chain attack on the popular Axios HTTP client saw malicious versions (1.14.1 and 0.30.4) of its npm package inject a trojan capable of targeting Windows, macOS, and Linux systems.

SECURITYWEEKVULN
Mar 31READ

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

Researchers discovered and OpenAI patched a critical vulnerability in OpenAI Codex that could have been exploited to compromise GitHub tokens.

SECURITYWEEK
Mar 31READ

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google researchers have demonstrated that breaking Bitcoin and Ethereum encryption could require 20 times fewer qubits than previously estimated, accelerating the timeline for quantum threats to current cryptography.

THNMALWARE
Mar 31READ

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

A Chinese-speaking threat actor, "Silver Fox," is targeting users in Asia with typosquatted domains impersonating popular software to deliver a new remote access trojan named AtlasCross RAT.

SECURITYWEEKVULN
Mar 31READ

StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs

A remotely exploitable integer underflow vulnerability affecting StrongSwan releases over 15 years allows unauthenticated attackers to crash VPNs.

SECURITYWEEK
Mar 31READ

Lloyds Data Security Incident Impacts 450,000 Individuals

A faulty software update at Lloyds Bank led to a data security incident, exposing mobile banking users’ transaction data to other users of the application, affecting 450,000 individuals.

Generated twice daily from public security RSS feeds. Informational only.