← Latest brief

Security news.

·Afternoon Brief

Today's security landscape is marked by critical vulnerabilities under active exploitation, supply chain compromises, and ongoing state-sponsored cyber activity. Adobe has patched a zero-day in Reader, while a critical RCE in Marimo is being actively exploited. Additionally, the CPUID website was breached to distribute malware via popular utility downloads.

BLEEPINGRCE
Apr 12READ

Critical Marimo RCE Flaw Under Active Exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo (CVE-2026-39987) is now being actively exploited for credential theft, just hours after public disclosure.

SECURITYWEEKZERO-DAY
Apr 12READ

Adobe Patches Actively Exploited Reader Zero-Day

Adobe has released emergency updates to fix CVE-2026-34621, a critical zero-day vulnerability in Acrobat Reader that has been actively exploited for months, allowing for arbitrary code execution.

THNMALWARE
Apr 12READ

CPUID Website Compromised to Distribute STX RAT

Threat actors compromised the official CPUID website (cpuid.com) for less than 24 hours, serving malicious executables for popular tools like CPU-Z and HWMonitor to deploy the STX RAT.

BLEEPING
Apr 11READ

International Crackdown Identifies 20,000 Crypto Fraud Victims

An international law enforcement operation, led by the U.K.'s National Crime Agency (NCA), has identified over 20,000 victims of cryptocurrency fraud across the UK, US, and Canada.

PRIVACY
READ

Law Enforcement Used Webloc for Global Geolocation Surveillance

Citizen Lab reports that law enforcement agencies, including Hungarian intelligence and US departments, used the Israeli-developed Webloc system to track over 500 million devices via advertising data.

DARK READINGBREACH
Apr 10READ

Hims Breach Exposes Sensitive PHI

The telehealth brand Hims experienced a data breach, potentially exposing highly sensitive protected health information (PHI) of its users.

BLEEPING
Apr 10READ

Thousands of US Industrial Devices Exposed to Iranian Cyberattacks

Nearly 4,000 Internet-exposed Rockwell Automation programmable logic controllers (PLCs) in the US are part of the attack surface targeted by Iranian-linked hackers against critical infrastructure.

SECURITYWEEKPATCH
Apr 10READ

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

Juniper Networks has released patches for numerous vulnerabilities in Junos OS, including a critical flaw that could allow unauthenticated remote device takeover.

Generated twice daily from public security RSS feeds. Informational only.