← Latest brief

Security news.

·Afternoon Brief

Today's security landscape highlights a surge in sophisticated phishing attacks, with device code phishing increasing dramatically and China-linked groups employing OAuth-based tactics. Several organizations, including the European Commission and German political party Die Linke, have confirmed data breaches, underscoring the persistent threat of supply chain attacks and ransomware.

BLEEPINGPHISHING
Apr 4READ

Device Code Phishing Attacks Surge 37x

Attacks abusing the OAuth 2.0 Device Authorization Grant flow to hijack accounts have increased over 37 times this year due to new kits spreading online.

SECURITYWEEKBREACH
Apr 4READ

European Commission Confirms Data Breach

Hackers stole over 300GB of data, including personal information, from the European Commission’s AWS environment in an incident linked to a Trivy supply chain attack.

THN
Apr 3READ

China-Linked TA416 Targets European Governments

The China-aligned threat actor TA416 has been targeting European government and diplomatic organizations since mid-2025, utilizing PlugX malware and OAuth-based phishing.

SECURITYWEEKZERO-DAY
Apr 3READ

TrueConf Zero-Day Exploited in Asian Government Attacks

A Chinese threat actor exploited a zero-day vulnerability in the TrueConf video conferencing platform to perform reconnaissance, escalate privileges, and execute payloads.

CISAKEV
Apr 2READ

CISA Adds TrueConf Vulnerability to KEV Catalog

CISA has added CVE-2026-3502, a TrueConf Client Download of Code Without Integrity Check Vulnerability, to its Known Exploited Vulnerabilities Catalog.

SECURITYWEEKRCE
Apr 3READ

Critical ShareFile Flaws Lead to Unauthenticated RCE

Multiple critical vulnerabilities in ShareFile can be chained to bypass authentication and achieve unauthenticated remote code execution.

BLEEPINGBREACH
Apr 3READ

Hims & Hers Warns of Data Breach

Telehealth company Hims & Hers Health disclosed a data breach after support tickets were stolen from a third-party customer service platform, Zendesk.

BLEEPINGRANSOMWARE
Apr 3READ

German Political Party Hit by Qilin Ransomware

Die Linke, a German political party, confirmed a data breach and IT systems outage after being targeted by the Qilin ransomware group.

Generated twice daily from public security RSS feeds. Informational only.