← Latest brief

Security news.

·Morning Brief

Today's security news highlights a critical Adobe Reader zero-day under active exploitation and a pre-authentication RCE in Marimo also being exploited in the wild. Supply chain attacks are a recurring theme, with OpenAI impacted by a North Korea-linked incident and CPUID serving trojanized downloads.

BLEEPINGRCE
Apr 12READ

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo (CVE-2026-39987) is being actively exploited for credential theft, just hours after disclosure.

SECURITYWEEKZERO-DAY
Apr 12READ

Adobe Patches Reader Zero-Day Exploited for Months

Adobe has released emergency updates for a critical zero-day vulnerability (CVE-2026-34621) in Acrobat Reader that has been actively exploited for months, allowing for arbitrary code execution.

SECURITYWEEKBREACH
Apr 13READ

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads

The CPUID website was compromised by a Russian-speaking threat actor, replacing legitimate download links for CPU-Z and HWMonitor with versions distributing the STX RAT malware.

SECURITYWEEKSUPPLY CHAIN
Apr 13READ

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI is taking action after a macOS code signing certificate may have been compromised due to a malicious Axios library download via a GitHub Actions workflow, linked to North Korea.

THNNATION-STATE
Apr 13READ

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group APT37 (ScarCruft) is employing a multi-stage social engineering campaign via Facebook to deliver the RokRAT remote access trojan.

SECURITYWEEKMALWARE
Apr 13READ

Fake Claude Website Distributes PlugX RAT

A malicious website mimicking Anthropic's Claude AI is distributing the PlugX RAT, using DLL sideloading and self-cleanup to evade detection.

SECURITYWEEKBREACH
Apr 13READ

International Operation Targets Multimillion-Dollar Crypto Theft Schemes

Law enforcement in the US, UK, and Canada have identified over $45 million in cryptocurrency and frozen $12 million in an international crackdown on crypto theft.

SECURITYWEEK
Apr 13READ

Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users

Google has rolled out end-to-end encryption (E2EE) for Gmail on Android and iOS, allowing enterprise users to natively compose and read encrypted messages on mobile devices.

Generated twice daily from public security RSS feeds. Informational only.