Security news.
Critical zero-day vulnerabilities in Palo Alto Networks firewalls and Apache HTTP/2 are under active exploitation, while supply chain attacks continue to compromise major software platforms. Iranian APT activity, educational institution breaches, and emerging threats to AI deployments dominate today's threat landscape.
Palo Alto Networks PAN-OS Zero-Day (CVE-2026-0300) Under Active Exploitation
A critical unauthenticated remote code execution vulnerability in the User-ID Authentication Portal is being actively exploited in the wild with a CVSS score of 9.3. Patches are forthcoming but systems remain vulnerable until applied.
Critical Apache HTTP/2 Vulnerability (CVE-2026-23918) Enables RCE
The Apache Software Foundation released updates for a severe "double free" flaw in HTTP/2 protocol handling with a CVSS score of 8.8 that could lead to remote code execution.
Instructure Breach Exposes 280 Million Records from 8,809 Educational Institutions
A threat actor claims to have stolen data from students and staff across colleges, school districts, and online education platforms via the Instructure learning management system.
DAEMON Tools Supply Chain Attack Delivers Backdoor to Thousands
Trojanized installers distributed from the official DAEMON Tools website since April 8 deployed a sophisticated backdoor to government and scientific entities, though only a dozen systems received the full payload.
Iranian APT (MuddyWater) Masquerades as Chaos Ransomware
A sophisticated intrusion campaign attributed to MuddyWater combined social engineering, credential harvesting, and data theft while impersonating ransomware activity to evade detection.
Quasar Linux RAT Targets Software Developers with Rootkit Capabilities
A previously undocumented Linux implant provides remote access, surveillance, and credential exfiltration capabilities, specifically targeting developer systems.
MetInfo CMS CVE-2026-29014 Actively Exploited for Remote Code Execution
Threat actors are exploiting an unauthenticated PHP code injection flaw (CVSS 9.8) in MetInfo CMS versions 7.9, 8.0, and 8.1 for arbitrary code execution.
Bleeding Llama: Critical Ollama Vulnerability Exposes 300,000 Deployments
A heap out-of-bounds read issue ("Bleeding Llama") in Ollama can be exploited remotely without authentication to steal sensitive information from AI model deployments.