← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights a series of significant cyber incidents, including a utility firm breach and new malware campaigns. CISA has also updated its Known Exploited Vulnerabilities catalog with four actively exploited flaws, urging immediate patching.

BLEEPINGBREACH
Apr 26READ

American utility firm Itron discloses breach of internal IT network

Itron, Inc. has reported a cybersecurity incident where an unauthorized third party accessed certain internal systems.

THNKEV
Apr 25READ

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including flaws in SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers, due to active exploitation.

BLEEPINGMALWARE
Apr 25READ

Threat actor uses Microsoft Teams to deploy new “Snow” malware

A threat group, UNC6692, is using social engineering via Microsoft Teams to deploy a new custom malware suite named 'Snow,' which includes a browser extension, tunneler, and backdoor.

SECURITYWEEKNATION-STATE
Apr 25READ

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

The China-linked APT group GopherWhisper is leveraging multiple Go-based backdoors and custom loaders/injectors in attacks targeting government entities.

BLEEPINGBREACH
Apr 24READ

ADT confirms data breach after ShinyHunters leak threat

Home security giant ADT has confirmed a data breach following a ransom threat from the ShinyHunters extortion group.

BLEEPINGMALWARE
Apr 24READ

Firestarter malware survives Cisco firewall updates, security patches

U.S. and U.K. cybersecurity agencies warn about Firestarter, a custom malware persisting on Cisco Firepower and Secure Firewall devices even after updates and patches.

THNMALWARE
Apr 25READ

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Cybersecurity researchers have discovered a Lua-based malware, 'fast16,' dating back to 2005, which targeted high-precision calculation software years before Stuxnet.

BLEEPINGVULN
Apr 24READ

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability, Pack2TheRoot, in the PackageKit daemon could allow local Linux users to gain root permissions by installing or removing system packages.

Generated twice daily from public security RSS feeds. Informational only.