← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights critical vulnerabilities and ongoing exploitation campaigns. CISA has added a Linux root access bug and a cPanel flaw to its Known Exploited Vulnerabilities catalog, both actively being leveraged by attackers. Meanwhile, Microsoft Defender is experiencing widespread false positives, mi

THNKEV
May 3READ

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

CISA has added CVE-2026-31431, a local privilege escalation flaw affecting various Linux distributions, to its Known Exploited Vulnerabilities catalog due to active exploitation.

BLEEPINGRANSOMWARE
May 2READ

Critical cPanel Flaw Mass-Exploited in "Sorry" Ransomware Attacks

A critical cPanel flaw, CVE-2026-41940, is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks.

BLEEPINGMALWARE
May 3READ

Microsoft Defender Wrongly Flags DigiCert Certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender is generating widespread false positives by detecting legitimate DigiCert root certificates as malware, in some cases removing them from Windows systems.

BLEEPINGMALWARE
May 3READ

Telegram Mini Apps Abused for Crypto Scams, Android Malware Delivery

Researchers have uncovered a large-scale fraud operation leveraging Telegram's Mini App feature for crypto scams, brand impersonation, and Android malware distribution.

SANS INTERNET STORM CENTER
May 3READ

Wireshark 4.6.5 Released

Wireshark version 4.6.5 has been released, addressing 43 vulnerabilities (38 CVEs) and 35 bugs.

BLEEPINGPATCH
May 2READ

ConsentFix v3 Attacks Target Azure with Automated OAuth Abuse

A new attack type, ConsentFix v3, is circulating on hacker forums, enhancing previous OAuth abuse techniques against Azure with automation and scalability.

THNBREACH
May 2READ

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Cybersecurity company Trellix has confirmed a breach that resulted in unauthorized access to a portion of its source code repository.

SECURITYWEEKPHISHING
May 2READ

New Bluekit Phishing Kit Features AI Assistant

A new phishing kit, Bluekit, is under development and offers automated domain registration and an AI Assistant to its users.

Generated twice daily from public security RSS feeds. Informational only.