Security news.
Today's cybersecurity news highlights critical vulnerabilities and active exploitation. A severe flaw in the Protobuf library allows JavaScript code execution, while a Mirai variant is exploiting a TBK DVR vulnerability. Additionally, the Apache ActiveMQ flaw (CVE-2026-34197) has been added to CISA's KEV catalog due to active exploitation.
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers.
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are exploiting CVE-2024-3721, a medium-severity command injection vulnerability in TBK DVR devices, to deploy Mirai-botnet variants.
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
A high-severity remote code execution flaw in Apache ActiveMQ Classic, CVE-2026-34197, has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
The Kyrgyzstan-incorporated cryptocurrency exchange Grinex has suspended operations after a $13.74 million hack, which the exchange blames on Western intelligence agencies.
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is leveraging the QEMU emulator to run hidden virtual machines on compromised systems, effectively bypassing endpoint security measures.
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Following the disruption of the Tycoon 2FA platform, threat actors are now adopting device code phishing to trick victims into granting account access through legitimate new-device login flows.
How NIST's Cutback of CVE Handling Impacts Cyber Teams
NIST has decided to reduce its CVE data enrichment efforts, leading to industry and ad hoc coalitions stepping in to help fill the gap for cyber teams.
Microsoft Teams right-click paste broken by Edge update bug
Microsoft has issued a warning that a recent Edge browser update introduced a bug that prevents right-click paste functionality in Microsoft Teams desktop client chats.