← Latest brief

Security news.

·Morning Brief

Critical vulnerabilities in widely-used infrastructure tools are under active exploitation, while major breaches continue to impact healthcare and education sectors. Patch Tuesday brought a record 169 Microsoft fixes, and authentication bypass flaws in Nginx UI and Cisco services demand immediate attention.

BLEEPINGEXPLOIT
Apr 15READ

Critical Nginx UI Auth Bypass (CVE-2026-33032) Actively Exploited

A critical authentication bypass in nginx-ui with CVSS 9.8 is being exploited in the wild for full server takeover without authentication.

BLEEPINGBREACH
Apr 16READ

McGraw Hill Breach Exposes 13.5 Million User Accounts

ShinyHunters extortion group leaked data from 13.5 million McGraw Hill accounts after breaching the company's Salesforce environment.

BLEEPINGPATCH
Apr 16READ

Cisco Patches Four Critical Webex and Identity Services Flaws

Critical vulnerabilities including CVE-2026-20184 (CVSS 9.8) in Cisco Webex and Identity Services enable code execution and user impersonation; patches require customer action.

SECURITYWEEKBREACH
Apr 16READ

Tennessee Hospital Breach Affects 337,000 Patients

Cookeville Regional Medical Center was targeted by Rhysida ransomware group, which stole 500GB of patient data.

BLEEPINGMALWARE
Apr 15READ

Over 30 WordPress Plugins Compromised with Malware

More than 30 plugins in the EssentialPlugin package were compromised to deliver malicious code allowing unauthorized website access.

THNMALWARE
Apr 16READ

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Finance Attacks

A novel campaign abuses Obsidian note-taking app to distribute previously undocumented PHANTOMPULSE RAT targeting financial and cryptocurrency sector individuals.

SECURITYWEEKRCE
Apr 16READ

Splunk Enterprise Patches Remote Code Execution Flaw

A vulnerability allowing low-privileged users to upload files to temporary directories and achieve RCE has been patched.

BLEEPINGEXPLOIT
Apr 15READ

CISA Flags Windows Task Host Vulnerability as Actively Exploited

A Windows Task Host privilege escalation vulnerability is being exploited to gain SYSTEM privileges; CISA warned federal agencies to patch immediately.

Generated twice daily from public security RSS feeds. Informational only.