Security news.
Today's security brief highlights significant data breaches, including one affecting the European Commission via a supply chain attack and another impacting telehealth provider Hims & Hers. Additionally, CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, underscoring the ongoing threat of actively exploited flaws.
European Commission Confirms Data Breach
Over 300GB of data, including personal information, was stolen from the European Commission's AWS environment in a supply chain attack linked to Trivy.
Hims & Hers Warns of Data Breach
Telehealth company Hims & Hers Health disclosed a data breach resulting from stolen support tickets from a third-party customer service platform, Zendesk.
TrueConf Zero-Day Exploited in Asian Government Attacks
A Chinese threat actor exploited a zero-day vulnerability in the TrueConf video conferencing platform for reconnaissance, privilege escalation, and payload execution against Asian government targets.
CISA Adds TrueConf Vulnerability to KEV Catalog
CISA added CVE-2026-3502, a TrueConf Client download of code without integrity check vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.
CISA Adds Google Dawn Use-After-Free to KEV Catalog
CISA added CVE-2026-5281, a Google Dawn Use-After-Free vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Critical ShareFile Flaws Lead to Unauthenticated RCE
Critical vulnerabilities in ShareFile can be chained to bypass authentication and achieve unauthenticated remote code execution by uploading arbitrary files.
China-Linked TA416 Targets European Governments
The China-aligned threat actor TA416 has resumed targeting European government and diplomatic organizations with PlugX malware and OAuth-based phishing campaigns since mid-2025.
German Political Party Hit by Qilin Ransomware
Die Linke, a German political party, confirmed a data breach and IT systems outage after being targeted by the Qilin ransomware group.