Security news.
Today's security brief highlights critical vulnerabilities and active exploitation across various platforms, alongside significant financial losses due to sophisticated cyberattacks. Organizations are urged to address newly disclosed flaws and be aware of evolving threat tactics.
Drift Protocol loses $280 million in sophisticated hack
The Drift Protocol suffered a loss of at least $280 million after a threat actor gained control of its Security Council administrative powers through a planned, sophisticated operation.
Critical vulnerability found in Claude Code after source leak
A critical vulnerability was discovered in Anthropic's Claude Code, days after its source code was inadvertently leaked.
Cisco patches critical 9.8 CVSS flaws in IMC and SSM
Cisco released updates to address a critical security flaw (CVE-2026-20093) in its Integrated Management Controller (IMC) and other high-severity vulnerabilities that could allow remote system compromise.
Progress ShareFile flaws allow pre-auth RCE attacks
Two vulnerabilities in Progress ShareFile can be chained to enable unauthenticated file exfiltration and potentially remote code execution from affected environments.
CISA adds TrueConf Client vulnerability to KEV catalog
CISA has added CVE-2026-3502, a TrueConf Client Download of Code Without Integrity Check Vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
Nacogdoches Memorial Hospital data breach affects 250,000
A data breach at Nacogdoches Memorial Hospital in January 2026 resulted in a threat actor hacking their internal network and stealing personal and health information of 250,000 individuals.
Apple rolls out DarkSword exploit protection to more devices
Apple has expanded its deployment of protections against the DarkSword exploit kit, which has been utilized by both state-sponsored hackers and commercial spyware vendors.
Residential proxies evade IP reputation checks in 78% of sessions
Researchers warn that residential proxies are significantly problematic for IP reputation systems, having evaded checks in 78% of 4 billion sessions due to the difficulty in distinguishing malicious from legitimate traffic.