← Latest brief

Security news.

·Morning Brief

Today's security brief highlights significant data breaches, including one affecting the European Commission via a supply chain attack and another impacting telehealth provider Hims & Hers. Additionally, CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, underscoring the ongoing threat of actively exploited flaws.

SECURITYWEEKBREACH
Apr 4READ

European Commission Confirms Data Breach

Over 300GB of data, including personal information, was stolen from the European Commission's AWS environment in a supply chain attack linked to Trivy.

BLEEPINGBREACH
Apr 3READ

Hims & Hers Warns of Data Breach

Telehealth company Hims & Hers Health disclosed a data breach resulting from stolen support tickets from a third-party customer service platform, Zendesk.

SECURITYWEEKZERO-DAY
Apr 3READ

TrueConf Zero-Day Exploited in Asian Government Attacks

A Chinese threat actor exploited a zero-day vulnerability in the TrueConf video conferencing platform for reconnaissance, privilege escalation, and payload execution against Asian government targets.

CISAKEV
Apr 2READ

CISA Adds TrueConf Vulnerability to KEV Catalog

CISA added CVE-2026-3502, a TrueConf Client download of code without integrity check vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.

CISAKEV
Apr 1READ

CISA Adds Google Dawn Use-After-Free to KEV Catalog

CISA added CVE-2026-5281, a Google Dawn Use-After-Free vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.

SECURITYWEEKRCE
Apr 3READ

Critical ShareFile Flaws Lead to Unauthenticated RCE

Critical vulnerabilities in ShareFile can be chained to bypass authentication and achieve unauthenticated remote code execution by uploading arbitrary files.

THN
Apr 3READ

China-Linked TA416 Targets European Governments

The China-aligned threat actor TA416 has resumed targeting European government and diplomatic organizations with PlugX malware and OAuth-based phishing campaigns since mid-2025.

BLEEPINGRANSOMWARE
Apr 3READ

German Political Party Hit by Qilin Ransomware

Die Linke, a German political party, confirmed a data breach and IT systems outage after being targeted by the Qilin ransomware group.

Generated twice daily from public security RSS feeds. Informational only.