Security news.
Today's security brief highlights critical vulnerabilities and active exploitation, with Fortinet patching an actively exploited flaw in FortiClient EMS and CISA adding another vulnerability to its KEV catalog. Supply chain attacks continue to be a significant concern, as seen with malicious npm packages and the Axios npm hack.
Fortinet Patches Actively Exploited FortiClient EMS Flaw
Fortinet has released out-of-band patches for CVE-2026-35616 (CVSS: 9.1), a critical pre-authentication API access bypass vulnerability in FortiClient EMS that is being actively exploited in the wild.
36 Malicious npm Packages Exploit Redis, PostgreSQL
Researchers found 36 malicious npm packages disguised as Strapi CMS plugins, designed to exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and install persistent implants.
Axios npm Hack Used Fake Teams Error Fix to Hijack Account
The maintainers of the Axios HTTP client detailed how a developer was targeted by a social engineering campaign, believed to be by North Korean threat actors, leading to a supply chain compromise.
CISA Adds TrueConf Zero-Day to KEV Catalog
CISA has added CVE-2026-3502, a TrueConf Client Download of Code Without Integrity Check Vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.
TrueConf Zero-Day Exploited in Asian Government Attacks
A Chinese threat actor exploited a zero-day vulnerability in the TrueConf video conferencing platform to conduct reconnaissance, escalate privileges, and execute additional payloads against Asian governments.
European Commission Confirms Data Breach from Trivy Supply Chain Attack
The European Commission confirmed a data breach where over 300GB of data, including personal information, was stolen from its AWS environment, linked to a Trivy supply chain attack.
Device Code Phishing Attacks Surge 37x
Device code phishing attacks, which abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts, have surged more than 37 times this year due to new kits spreading online.
Critical ShareFile Flaws Lead to Unauthenticated RCE
Critical vulnerabilities in ShareFile can be chained to bypass authentication and upload arbitrary files, leading to unauthenticated remote code execution.