← Latest brief

Security news.

·Morning Brief

Today's security brief highlights critical vulnerabilities and persistent threats, with CISA adding four new flaws to its Known Exploited Vulnerabilities catalog. We also see continued activity from state-sponsored APTs and the emergence of new malware, underscoring the need for vigilance and timely patching.

THNKEV
Apr 25READ

CISA Adds 4 Exploited Flaws to KEV Catalog

CISA has added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, with a May 2026 federal deadline for remediation.

SECURITYWEEKNATION-STATE
Apr 25READ

China-Linked APT GopherWhisper Abuses Legitimate Services

A new China-linked APT, GopherWhisper, is actively using Go-based backdoors and custom loaders to target government entities by abusing legitimate services.

THNMALWARE
Apr 25READ

Pre-Stuxnet ‘fast16’ Malware Discovered

Researchers have uncovered "fast16," a Lua-based malware dating back to 2005, designed to sabotage high-precision engineering software, predating the notorious Stuxnet worm.

BLEEPINGBREACH
Apr 24READ

ADT Confirms Data Breach After ShinyHunters Threat

Home security giant ADT has confirmed a data breach following an extortion threat from the ShinyHunters group to leak stolen data.

BLEEPINGMALWARE
Apr 24READ

Firestarter Malware Persists on Cisco Firewalls

U.S. and U.K. cybersecurity agencies warn about Firestarter, a custom malware that maintains persistence on Cisco Firepower and Secure Firewall devices even after updates and security patches.

READ

New BlackFile Extortion Group Linked to Vishing Surge

A new financially motivated hacking group, BlackFile, is reportedly behind a wave of data theft and extortion attacks targeting retail and hospitality organizations since February 2026, often using vishing tactics.

BLEEPINGVULN
Apr 24READ

‘Pack2TheRoot’ Flaw Grants Root Linux Access

A new vulnerability, dubbed Pack2TheRoot, in the PackageKit daemon could allow local Linux users to install or remove system packages and gain root permissions.

THNEXPLOIT
Apr 24READ

LMDeploy CVE-2026-33626 Exploited Within Hours

A high-severity Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-33626) in LMDeploy, an LLM toolkit, was actively exploited less than 13 hours after its public disclosure.

Generated twice daily from public security RSS feeds. Informational only.