Security news.
Today's security news highlights critical vulnerabilities, active exploitation, and ongoing ransomware threats. CISA has added a TrueConf zero-day to its Known Exploited Vulnerabilities Catalog, while several organizations, including a German political party and telehealth provider Hims & Hers, have reported data breaches.
TrueConf Zero-Day Exploited in Asian Government Attacks
A Chinese threat actor exploited a zero-day vulnerability in the TrueConf video conferencing platform for reconnaissance, privilege escalation, and payload execution, leading CISA to add CVE-2026-3502 to its KEV catalog.
Critical ShareFile Flaws Lead to Unauthenticated RCE
Multiple critical vulnerabilities in ShareFile can be chained to bypass authentication and achieve unauthenticated remote code execution by uploading arbitrary files.
Hims & Hers warns of data breach after Zendesk support ticket breach
Telehealth company Hims & Hers Health disclosed a data breach resulting from stolen support tickets from a third-party customer service platform, Zendesk.
Die Linke German political party confirms data stolen by Qilin ransomware
The German political party Die Linke ('The Left') confirmed a data breach and IT systems outage following an attack by the Qilin ransomware group, which is threatening to leak sensitive data.
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
The China-aligned threat actor TA416 has been targeting European government and diplomatic organizations since mid-2025, utilizing PlugX malware and OAuth-based phishing campaigns.
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Microsoft Defender Security Research Team reports that threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers to achieve remote code execution.
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The supply chain compromise of the Axios npm package was attributed to a highly-targeted social engineering campaign by North Korean threat actors, UNC1069, against the package maintainer.
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
A new variant of the SparkCat malware has been discovered on both Apple App Store and Google Play Store, hidden in benign apps, designed to steal crypto wallet recovery phrase images.