← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights critical vulnerabilities and active exploitation, with CISA adding several flaws to its Known Exploited Vulnerabilities Catalog. Supply chain attacks continue to pose a significant threat, impacting popular developer tools and services. Additionally, new threat groups and sophisticated state-sponsored campaigns underscore the evolving landscape of cyber threats.

CISAKEV
Apr 24READ

CISA Adds Four Exploited Vulnerabilities to KEV Catalog

CISA has added CVE-2024-7399 (Samsung MagicINFO), CVE-2024-57726 & CVE-2024-57728 (SimpleHelp), and CVE-2025-29635 (D-Link DIR-823X) to its Known Exploited Vulnerabilities Catalog, urging immediate patching.

THNEXPLOIT
Apr 24READ

LMDeploy CVE-2026-33626 Exploited Within Hours

A high-severity Server-Side Request Forgery (SSRF) vulnerability in LMDeploy (CVE-2026-33626) was actively exploited less than 13 hours after public disclosure, allowing access to sensitive data.

BLEEPINGEXPLOIT
Apr 23READ

Hackers Exploit Breeze Cache WordPress Plugin Flaw

A critical unauthenticated arbitrary file upload vulnerability in the Breeze Cache WordPress plugin is being actively exploited, allowing attackers to upload malicious files to servers.

THNMALWARE
Apr 24READ

FIRESTARTER Backdoor Hits Federal Cisco Firepower Device

CISA reports that a federal agency's Cisco Firepower device running ASA software was compromised with the FIRESTARTER backdoor, which provides remote access and persists even after security patches.

BLEEPINGVULN
Apr 24READ

New 'Pack2TheRoot' Flaw Grants Root Linux Access

A new vulnerability, Pack2TheRoot, in the PackageKit daemon allows local Linux users to install or remove system packages and gain root permissions.

READ

Over 10,000 Zimbra Servers Vulnerable to XSS Attacks

More than 10,000 Zimbra Collaboration Suite (ZCS) instances are exposed online and vulnerable to ongoing cross-site scripting (XSS) attacks.

SECURITYWEEKSUPPLY CHAIN
Apr 24READ

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI npm package was briefly compromised in a supply chain attack, with a malicious version containing a credential-stealing payload uploaded to npm.

BLEEPING
Apr 24READ

New BlackFile Extortion Group Linked to Vishing Surge

A new financially motivated hacking group, BlackFile, has been tied to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026, often using vishing.

Generated twice daily from public security RSS feeds. Informational only.