Security news.
Critical vulnerabilities and active exploits dominate today's threat landscape, with AI-accelerated vulnerability discovery creating an urgent "velocity gap" for defenders. Major breaches affecting millions of users, actively exploited zero-days in Adobe and Windows, and new CISA KEV additions underscore the need for immediate patching and incident response readiness.
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited
A critical remote code execution vulnerability (CVSS 9.4) in ShowDoc document management software is under active exploitation on unpatched servers, particularly affecting users in China.
CISA Adds 6 Known Exploited Vulnerabilities to KEV Catalog
CISA added six actively exploited flaws including CVE-2026-21643 (SQL injection in Fortinet FortiClient EMS, CVSS 9.1) and vulnerabilities in Microsoft and Adobe software.
Basic-Fit Data Breach Exposes 1 Million Members
Europe's largest gym chain Basic-Fit confirmed hackers stole names, dates of birth, and bank account details from approximately 1 million customers.
Windows and Adobe Acrobat Vulnerabilities Under Active Exploitation
Organizations are being warned of actively exploited flaws in Windows and Adobe Acrobat that allow privilege escalation and arbitrary code execution.
108 Malicious Chrome Extensions Steal Google and Telegram Data
A coordinated campaign deployed 108 malicious Chrome extensions communicating with the same C2 infrastructure, affecting 20,000 users and stealing credentials while injecting ads.
Mirax Android RAT Reaches 220,000 Users via Meta Ads
A new Android remote access trojan called Mirax is actively targeting Spanish-speaking countries, with campaigns reaching over 220,000 accounts on Facebook, Instagram, and Threads, converting devices into SOCKS5 proxies.
'Mythos-Ready' Security: CSA Warns of AI-Accelerated Vulnerability Exploitation
The Cloud Security Alliance warns that AI models like Anthropic's Mythos are collapsing the gap between vulnerability discovery and exploitation, creating a "velocity gap" that demands urgent CISO preparation.
SAP Releases 19 Security Notes for Critical ABAP Vulnerability
SAP patched critical flaws affecting over a dozen enterprise products, addressing vulnerabilities in its ABAP platform.