Security news.
Today's security brief highlights critical vulnerabilities and active exploitation, with CISA adding several flaws to its Known Exploited Vulnerabilities Catalog. Supply chain attacks continue to pose a significant threat, impacting popular developer tools and services. Additionally, new threat groups and sophisticated state-sponsored campaigns underscore the evolving landscape of cyber threats.
CISA Adds Four Exploited Vulnerabilities to KEV Catalog
CISA has added CVE-2024-7399 (Samsung MagicINFO), CVE-2024-57726 & CVE-2024-57728 (SimpleHelp), and CVE-2025-29635 (D-Link DIR-823X) to its Known Exploited Vulnerabilities Catalog, urging immediate patching.
LMDeploy CVE-2026-33626 Exploited Within Hours
A high-severity Server-Side Request Forgery (SSRF) vulnerability in LMDeploy (CVE-2026-33626) was actively exploited less than 13 hours after public disclosure, allowing access to sensitive data.
Hackers Exploit Breeze Cache WordPress Plugin Flaw
A critical unauthenticated arbitrary file upload vulnerability in the Breeze Cache WordPress plugin is being actively exploited, allowing attackers to upload malicious files to servers.
FIRESTARTER Backdoor Hits Federal Cisco Firepower Device
CISA reports that a federal agency's Cisco Firepower device running ASA software was compromised with the FIRESTARTER backdoor, which provides remote access and persists even after security patches.
New 'Pack2TheRoot' Flaw Grants Root Linux Access
A new vulnerability, Pack2TheRoot, in the PackageKit daemon allows local Linux users to install or remove system packages and gain root permissions.
Over 10,000 Zimbra Servers Vulnerable to XSS Attacks
More than 10,000 Zimbra Collaboration Suite (ZCS) instances are exposed online and vulnerable to ongoing cross-site scripting (XSS) attacks.
Bitwarden NPM Package Hit in Supply Chain Attack
The Bitwarden CLI npm package was briefly compromised in a supply chain attack, with a malicious version containing a credential-stealing payload uploaded to npm.
New BlackFile Extortion Group Linked to Vishing Surge
A new financially motivated hacking group, BlackFile, has been tied to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026, often using vishing.