← Latest brief

Security news.

·Morning Brief

Critical vulnerabilities dominate today's security landscape, with a 15-year-old OpenSSH flaw enabling root access, multiple actively exploited CVEs added to CISA's KEV catalog, and widespread malware campaigns targeting developers and critical infrastructure. Organizations face mounting pressure from both sophisticated threat actors and the emerging risks posed by AI-powered attack tools.

SECURITYWEEKVULN
Apr 27READ

OpenSSH Flaw Enabling Full Root Access Lurked for 15 Years

A code reuse vulnerability in OpenSSH allowed comma characters in certificate principals to be interpreted as list separators, granting attackers root shell access. This critical flaw went undetected since its introduction.

CISAKEV
Apr 24READ

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

CISA added CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), CVE-2024-7399 (Samsung MagicINFO path traversal), and CVE-2025-29635 (D-Link DIR-823X) to its Known Exploited Vulnerabilities catalog with evidence of active exploitation.

THNMALWARE
Apr 27READ

73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Researchers discovered 73 malicious Visual Studio Code extensions on the Open VSX repository cloned from legitimate counterparts, with at least six confirmed to deliver the GlassWorm information-stealing malware.

THNBREACH
Apr 27READ

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Pro-Ukrainian hacktivist group PhantomCore has actively targeted TrueConf video conferencing servers in Russia since September 2025 using an exploit chain of three vulnerabilities for remote code execution.

BLEEPINGBREACH
Apr 26READ

Energy and Water Management Firm Itron Breached

Itron, which serves utilities and cities globally, disclosed unauthorized access to internal IT systems discovered on April 13, 2026. The breach impacts critical infrastructure operations.

SECURITYWEEKVULN
Apr 27READ

Pack2TheRoot Linux Vulnerability Enables Privilege Escalation

A race condition in PackageKit allows unprivileged users to escalate privileges and gain root access when installing packages on Linux systems.

BLEEPINGMALWARE
Apr 25READ

UNC6692 Deploys Snow Malware Suite via Microsoft Teams

Threat group UNC6692 uses social engineering and email bombing to deploy the Snow malware family (Snowbelt, Snowglaze, Snowbasin) for persistent access, including browser extensions and backdoors.

CISAMALWARE
Apr 23READ

FIRESTARTER Backdoor Persists on Cisco Firewall Devices

CISA and UK NCSC warn that FIRESTARTER malware compromised a federal Cisco Firepower device in September 2025 and survives security patches, enabling persistent remote access on critical infrastructure.

Generated twice daily from public security RSS feeds. Informational only.