← Latest brief

Security news.

·Morning Brief

Today's security news highlights multiple actively exploited vulnerabilities, with CISA adding several to its KEV catalog, urging immediate patching. We also see reports of significant data breaches and ongoing sophisticated campaigns by state-sponsored actors and cybercriminals, emphasizing the persistent threat of identity-based attacks and supply chain compromises.

BLEEPINGEXPLOIT
Apr 21READ

CISA Flags Actively Exploited SD-WAN Flaw

CISA has given U.S. government agencies four days to patch a new Catalyst SD-WAN Manager vulnerability actively exploited in attacks.

BLEEPINGEXPLOIT
Apr 21READ

Actively Exploited Apache ActiveMQ Flaw Impacts 6,400 Servers

Over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.

SECURITYWEEKKEV
Apr 21READ

CISA Adds 8 Exploited Flaws to KEV Catalog

CISA expanded its Known Exploited Vulnerabilities (KEV) catalog with eight new flaws, including three impacting Cisco Catalyst SD-WAN Manager, PaperCut, JetBrains TeamCity, Kentico Xperience, Quest KACE, and Zimbra.

SECURITYWEEK
Apr 21READ

Unsecured Perforce Servers Expose Sensitive Data

A researcher identified over 1,500 Perforce P4 instances allowing attackers to read sensitive files on the server, affecting major organizations.

SECURITYWEEKPATCH
Apr 21READ

Progress Patches MOVEit WAF, LoadMaster Vulnerabilities

Progress Software has released patches for multiple security defects in MOVEit Web Application Firewall (WAF) and LoadMaster, which could lead to remote code execution and OS command injection.

DARK READINGNATION-STATE
Apr 21READ

Chinese APT Targets Indian Banks, Korean Policy Circles

A Chinese APT group is reportedly targeting India's financial sector and Korean policy circles, utilizing somewhat stale tactics, techniques, and procedures.

THN
Apr 21READ

Identity-Based Attacks Remain Dominant Initial Access Vector

Despite focus on sophisticated threats, stolen credentials and identity-based attacks continue to be the most reliable entry point for attackers in breaches.

SECURITYWEEKBREACH
Apr 21READ

Healthcare Data Breaches Affect 600,000

Data breaches at Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority have collectively impacted 600,000 individuals.

Generated twice daily from public security RSS feeds. Informational only.