Security news.
Today's security news is dominated by critical vulnerabilities and supply chain attacks. Adobe has released an emergency patch for an actively exploited zero-day in Acrobat Reader, while the popular hardware monitoring site CPUID was compromised to distribute malware.
Adobe Patches Actively Exploited Acrobat Reader Zero-Day
Adobe has released emergency updates to fix CVE-2026-34621, a critical vulnerability in Acrobat Reader that has been actively exploited in the wild for months, allowing for arbitrary code execution.
CPUID Website Compromised to Distribute STX RAT
The official CPUID website was breached for less than 24 hours, serving malicious executables for popular tools like CPU-Z and HWMonitor, which deployed the STX RAT.
Critical Marimo RCE Flaw Exploited Within Hours of Disclosure
A critical pre-authenticated remote code execution vulnerability (CVE-2026-39987) in Marimo, an open-source Python notebook, was exploited in the wild within 10 hours of its public disclosure.
20,000+ Crypto Fraud Victims Identified in International Crackdown
An international law enforcement operation, led by the U.K.'s National Crime Agency, has identified over 20,000 victims of cryptocurrency fraud across the UK, US, and Canada.
Law Enforcement Used Webloc to Track 500 Million Devices
Citizen Lab reports that law enforcement agencies, including those in Hungary, El Salvador, and the U.S., used the advertising-based global geolocation surveillance system Webloc to track 500 million devices.
Hims Breach Exposes Sensitive PHI
The telehealth brand Hims experienced a data breach, potentially exposing highly sensitive protected health information (PHI) of its users.
Thousands of US Industrial Devices Exposed to Iranian Cyberattacks
Nearly 4,000 internet-exposed Rockwell Automation programmable logic controllers (PLCs) in the U.S. are part of the attack surface targeted by Iranian-linked hackers against critical infrastructure.
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
Juniper Networks has released patches for dozens of vulnerabilities in Junos OS, including a critical flaw that could allow remote, unauthenticated device takeover.