Security news.
Today's security landscape highlights critical vulnerabilities under active exploitation, significant supply chain attacks, and advancements in quantum computing's threat to current encryption. Organizations are urged to patch immediately against known exploited flaws, particularly in Fortinet and Citrix products, while also addressing emerging threats from sophisticated malware campaigns.
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
A critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing unauthenticated remote code execution via crafted HTTP requests, is now being actively exploited.
CISA Orders Feds to Patch Actively Exploited Citrix Flaw by Thursday
CISA has mandated federal agencies patch an actively exploited Citrix NetScaler vulnerability (CVE-2026-3055) by Thursday, adding it to the Known Exploited Vulnerabilities Catalog.
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
A supply chain attack on the popular Axios HTTP client saw malicious versions (1.14.1 and 0.30.4) of its npm package inject a trojan capable of targeting Windows, macOS, and Linux systems.
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise
Researchers discovered and OpenAI patched a critical vulnerability in OpenAI Codex that could have been exploited to compromise GitHub tokens.
Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
Google researchers have demonstrated that breaking Bitcoin and Ethereum encryption could require 20 times fewer qubits than previously estimated, accelerating the timeline for quantum threats to current cryptography.
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
A Chinese-speaking threat actor, "Silver Fox," is targeting users in Asia with typosquatted domains impersonating popular software to deliver a new remote access trojan named AtlasCross RAT.
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
A remotely exploitable integer underflow vulnerability affecting StrongSwan releases over 15 years allows unauthenticated attackers to crash VPNs.
Lloyds Data Security Incident Impacts 450,000 Individuals
A faulty software update at Lloyds Bank led to a data security incident, exposing mobile banking users’ transaction data to other users of the application, affecting 450,000 individuals.