← Latest brief

Security news.

·Morning Brief

Today's security news highlights critical vulnerabilities and active exploitation across various platforms. A severe out-of-bounds read flaw in Ollama could lead to remote memory leaks, while a new Linux kernel LPE vulnerability, "Dirty Frag," grants root access. Additionally, multiple supply chain attacks and data bre

THNBREACH
May 10READ

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

A critical vulnerability (CVE-2026-7482, CVSS 9.1) in Ollama, codenamed "Bleeding Llama," could allow remote, unauthenticated attackers to leak entire process memory, impacting over 300,000 servers.

BLEEPINGBREACH
May 9READ

JDownloader Site Hacked to Replace Installers with Python RAT Malware

The official JDownloader website was compromised to distribute malicious Windows and Linux installers, with the Windows payload deploying a Python-based remote access trojan.

BLEEPINGMALWARE
May 9READ

Fake OpenAI Repository on Hugging Face Pushes Infostealer Malware

A malicious Hugging Face repository impersonating OpenAI's "Privacy Filter" project delivered information-stealing malware to Windows users and reached the platform's trending list.

THNPATCH
May 9READ

cPanel, WHM Release Fixes for Three New Vulnerabilities

cPanel has released updates addressing three vulnerabilities (including CVE-2026-29201) in cPanel and Web Host Manager (WHM) that could lead to privilege escalation, code execution, and denial-of-service.

DARK READING
May 8READ

ShinyHunters Claims Second Attack Against Instructure

The edtech company Instructure, owner of Canvas, is struggling with a second attack by ShinyHunters, potentially exposing PII for hundreds of millions of people.

SANS INTERNET STORM CENTERVULN
May 8READ

Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag

A new Linux kernel LPE vulnerability, "Dirty Frag," has been disclosed, allowing local attackers to gain root privileges on most major Linux distributions, following closely after the "Copy Fail" flaw.

CISAKEV
May 8READ

CISA Adds BerriAI LiteLLM SQL Injection Vulnerability to KEV Catalog

CISA has added CVE-2026-42208, a BerriAI LiteLLM SQL Injection Vulnerability, to its Known Exploited Vulnerabilities Catalog, urging federal agencies to address it due to active exploitation.

SECURITYWEEKBREACH
May 8READ

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

Hackers gained the ability to modify operational parameters at five water treatment plants in Poland, posing a direct risk to public water supply.

Generated twice daily from public security RSS feeds. Informational only.