← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights critical vulnerabilities, active exploitation, and ongoing ransomware threats. CISA has added a TrueConf zero-day to its Known Exploited Vulnerabilities Catalog, while several organizations, including a German political party and telehealth provider Hims & Hers, have reported data breaches.

SECURITYWEEKZERO-DAY
Apr 3READ

TrueConf Zero-Day Exploited in Asian Government Attacks

A Chinese threat actor exploited a zero-day vulnerability in the TrueConf video conferencing platform for reconnaissance, privilege escalation, and payload execution, leading CISA to add CVE-2026-3502 to its KEV catalog.

SECURITYWEEKRCE
Apr 3READ

Critical ShareFile Flaws Lead to Unauthenticated RCE

Multiple critical vulnerabilities in ShareFile can be chained to bypass authentication and achieve unauthenticated remote code execution by uploading arbitrary files.

BLEEPINGBREACH
Apr 3READ

Hims & Hers warns of data breach after Zendesk support ticket breach

Telehealth company Hims & Hers Health disclosed a data breach resulting from stolen support tickets from a third-party customer service platform, Zendesk.

BLEEPINGRANSOMWARE
Apr 3READ

Die Linke German political party confirms data stolen by Qilin ransomware

The German political party Die Linke ('The Left') confirmed a data breach and IT systems outage following an attack by the Qilin ransomware group, which is threatening to leak sensitive data.

THNPHISHING
Apr 3READ

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

The China-aligned threat actor TA416 has been targeting European government and diplomatic organizations since mid-2025, utilizing PlugX malware and OAuth-based phishing campaigns.

THN
Apr 3READ

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Microsoft Defender Security Research Team reports that threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers to achieve remote code execution.

THNSUPPLY CHAIN
Apr 3READ

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The supply chain compromise of the Axios npm package was attributed to a highly-targeted social engineering campaign by North Korean threat actors, UNC1069, against the package maintainer.

THN
Apr 3READ

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new variant of the SparkCat malware has been discovered on both Apple App Store and Google Play Store, hidden in benign apps, designed to steal crypto wallet recovery phrase images.

Generated twice daily from public security RSS feeds. Informational only.