← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights critical supply chain attacks, with DAEMON Tools installers compromised to deliver backdoors. Several critical vulnerabilities have been disclosed and are under active exploitation, alongside warnings of sophisticated phishing campaigns targeting organizations globally. The focus remain

BLEEPINGSUPPLY CHAIN
May 5READ

DAEMON Tools Trojanized in Supply-Chain Attack

Hackers trojanized installers for DAEMON Tools software, delivering a backdoor to thousands of systems that downloaded the product from the official website since April 8.

THNRCE
May 5READ

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation released updates for a severe vulnerability, CVE-2026-23918, in its HTTP Server that could lead to remote code execution due to a double free issue in HTTP/2 protocol handling.

THNRCE
May 5READ

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting CVE-2026-29014, a critical code injection flaw in MetInfo CMS versions 7.9, 8.0, and 8.1, allowing unauthenticated PHP code execution.

SECURITYWEEKRCE
May 5READ

Critical Remote Code Execution Vulnerability Patched in Android

A critical RCE vulnerability, CVE-2026-0073, affecting Android’s System component has been patched, which could be exploited without user interaction.

THNRCE
May 5READ

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited

A critical unauthenticated remote code execution vulnerability (CVE-2026-22679) in Weaver E-cology 10.0 versions prior to 20260312 is under active exploitation.

DARK READING
May 5READ

Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk

A proof-of-concept exploit demonstrates how an attacker with admin privileges can steal passwords from Microsoft Edge's process memory, enabling further malicious activity.

SECURITYWEEKPHISHING
May 5READ

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Microsoft has detailed a large-scale phishing campaign leveraging code of conduct-themed lures and legitimate email services to steal authentication tokens from over 35,000 users across 26 countries.

BLEEPINGBREACH
May 5READ

Vimeo Data Breach Exposes Personal Information of 119,000 People

The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April.

Generated twice daily from public security RSS feeds. Informational only.