← Latest brief

Security news.

·Morning Brief

Today's security news highlights critical vulnerabilities and ongoing exploitation campaigns. Cisco has issued patches for severe flaws, including an authentication bypass, while several organizations have reported significant data breaches and supply chain attacks. Threat actors continue to leverage sophisticated malware and social engineering tactics, emphasizing the need for robust patching and vigilance.

BLEEPING
Apr 2READ

Critical Cisco IMC Auth Bypass Gives Attackers Admin Access

Cisco has patched critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass (CVE-2026-XXXX) that could grant attackers administrative access.

SECURITYWEEKSUPPLY CHAIN
Apr 2READ

Mercor Hit by LiteLLM Supply Chain Attack

AI recruiting firm Mercor is investigating a supply chain incident involving LiteLLM, with the Lapsus$ group claiming to have stolen 4TB of data.

SECURITYWEEKBREACH
Apr 2READ

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital

A data breach in January 2026 at Nacogdoches Memorial Hospital resulted in a threat actor stealing personal and health information of 250,000 individuals.

THNMALWARE
Apr 2READ

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

A financially motivated operation, REF1695, has been using fake installers disguised as ISO files since November 2023 to deploy remote access trojans (RATs) and cryptocurrency miners.

THNMALWARE
Apr 2READ

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware

WhatsApp notified approximately 200 users who were tricked into installing a malicious fake iOS app infected with spyware, primarily targeting users in Italy.

BLEEPINGRCE
Apr 2READ

Over 14,000 F5 BIG-IP APM Instances Still Exposed to RCE Attacks

Shadowserver reports that over 14,000 F5 BIG-IP APM instances remain exposed online and vulnerable to ongoing remote code execution (RCE) attacks.

SECURITYWEEKMALWARE
Apr 2READ

Sophisticated CrystalX RAT Emerges

A new malware-as-a-service, CrystalX RAT, has emerged, offering capabilities for spying, information theft, and device configuration changes.

CISAKEV
Apr 1READ

CISA Adds Google Dawn Use-After-Free Vulnerability to KEV Catalog

CISA has added CVE-2026-5281, a Google Dawn Use-After-Free vulnerability, to its Known Exploited Vulnerabilities Catalog, urging federal agencies to patch.

Generated twice daily from public security RSS feeds. Informational only.