Security news.
Today's security brief highlights a confirmed breach at Vercel and ongoing exploitation of critical vulnerabilities, including a flaw in the Protobuf library. NIST is also adjusting its vulnerability scoring due to increased volume, focusing on higher-priority issues.
Vercel confirms breach, hackers selling data
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data.
Apple account alerts abused for phishing
Apple account change notifications are being exploited to send fake iPhone purchase phishing scams within legitimate emails from Apple's servers, enhancing their legitimacy and bypass potential spam filters.
NIST to limit non-priority vulnerability scoring
The National Institute of Standards and Technology (NIST) will cease assigning severity scores to lower-priority vulnerabilities due to a significant increase in submission volumes, focusing on critical flaws.
Critical flaw in Protobuf library enables JS code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers.
$13.74M hack shuts down sanctioned Grinex Exchange
Grinex, a cryptocurrency exchange sanctioned by the U.K. and U.S., has suspended operations after a $13.74 million hack, which it blames on Western intelligence agencies.
Mirai variant Nexcorium exploits CVE-2024-3721
Threat actors are exploiting CVE-2024-3721 in TBK DVR and end-of-life TP-Link Wi-Fi routers to deploy Mirai-botnet variants for DDoS attacks.
Three Microsoft Defender zero-days actively exploited
Huntress warns that threat actors are actively exploiting three recently disclosed zero-day vulnerabilities (BlueHammer, RedSun, UnDefend) in Microsoft Defender to gain elevated privileges.
Apache ActiveMQ CVE-2026-34197 added to CISA KEV
A high-severity remote code execution vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, has been added to CISA's Known Exploited Vulnerabilities Catalog due to active exploitation.