← Latest brief

Security news.

·Morning Brief

Today's threat landscape is dominated by active exploitation campaigns, supply chain compromises, and state-sponsored APT activity. Critical vulnerabilities in LMDeploy and WordPress plugins are being exploited in the wild, while Lazarus continues targeting macOS users and Chinese APT groups are expanding their operational scope across multiple regions and attack vectors.

THNEXPLOIT
Apr 24READ

LMDeploy CVE-2026-33626 Exploited Within 13 Hours of Disclosure

A high-severity SSRF vulnerability (CVSS 7.5) in the LLM deployment toolkit LMDeploy is under active exploitation in the wild less than 13 hours after public disclosure, allowing attackers to access sensitive data.

DARK READINGNATION-STATE
Apr 24READ

North Korea's Lazarus Targets macOS Users via ClickFix

Lazarus continues leveraging the ClickFix social engineering technique for initial access and data theft against Mac-centric organizations and their high-value leaders.

BLEEPINGEXPLOIT
Apr 23READ

Breeze Cache WordPress Plugin Under Active Exploitation

Hackers are actively exploiting a critical file upload vulnerability in the Breeze Cache plugin that allows unauthenticated arbitrary file uploads to WordPress servers.

BLEEPINGSUPPLY CHAIN
Apr 23READ

Bitwarden CLI npm Package Compromised in Supply Chain Attack

The @bitwarden/cli npm package was compromised with malicious code designed to steal developer credentials and spread to other projects, part of an ongoing Checkmarx supply chain campaign.

THN
Apr 24READ

26 FakeWallet Apps Discovered on Apple App Store Targeting Crypto Users

Researchers found 26 malicious apps impersonating popular cryptocurrency wallets on the App Store since fall 2025, designed to steal recovery phrases and private keys by redirecting users to trojanized wallet versions.

SECURITYWEEKMALWARE
Apr 24READ

US Federal Agency's Cisco Firewall Infected with Firestarter Backdoor

A critical backdoor named Firestarter has been discovered on a U.S. federal agency's Cisco firewall, providing remote access and maintaining persistence even after patching.

THNMALWARE
Apr 24READ

Tropic Trooper Deploys AdaptixC2 via Trojanized SumatraPDF

Chinese-speaking targets are being attacked with a trojanized SumatraPDF reader that deploys the AdaptixC2 Beacon post-exploitation agent and abuses VS Code tunnels for remote access.

CISAKEV
Apr 23READ

CISA Adds Marimo RCE Vulnerability to KEV Catalog

CVE-2026-39987, a remote code execution flaw in Marimo, has been added to CISA's Known Exploited Vulnerabilities catalog based on evidence of active exploitation.

Generated twice daily from public security RSS feeds. Informational only.