Security news.
Today's security landscape is marked by critical vulnerabilities under active exploitation, supply chain compromises, and ongoing state-sponsored cyber activity. Adobe has patched a zero-day in Reader, while a critical RCE in Marimo is being actively exploited. Additionally, the CPUID website was breached to distribute malware via popular utility downloads.
Critical Marimo RCE Flaw Under Active Exploitation
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo (CVE-2026-39987) is now being actively exploited for credential theft, just hours after public disclosure.
Adobe Patches Actively Exploited Reader Zero-Day
Adobe has released emergency updates to fix CVE-2026-34621, a critical zero-day vulnerability in Acrobat Reader that has been actively exploited for months, allowing for arbitrary code execution.
CPUID Website Compromised to Distribute STX RAT
Threat actors compromised the official CPUID website (cpuid.com) for less than 24 hours, serving malicious executables for popular tools like CPU-Z and HWMonitor to deploy the STX RAT.
International Crackdown Identifies 20,000 Crypto Fraud Victims
An international law enforcement operation, led by the U.K.'s National Crime Agency (NCA), has identified over 20,000 victims of cryptocurrency fraud across the UK, US, and Canada.
Law Enforcement Used Webloc for Global Geolocation Surveillance
Citizen Lab reports that law enforcement agencies, including Hungarian intelligence and US departments, used the Israeli-developed Webloc system to track over 500 million devices via advertising data.
Hims Breach Exposes Sensitive PHI
The telehealth brand Hims experienced a data breach, potentially exposing highly sensitive protected health information (PHI) of its users.
Thousands of US Industrial Devices Exposed to Iranian Cyberattacks
Nearly 4,000 Internet-exposed Rockwell Automation programmable logic controllers (PLCs) in the US are part of the attack surface targeted by Iranian-linked hackers against critical infrastructure.
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
Juniper Networks has released patches for numerous vulnerabilities in Junos OS, including a critical flaw that could allow unauthenticated remote device takeover.