← Latest brief

Security news.

·Morning Brief

Today's threat landscape is dominated by active exploitation campaigns, supply chain attacks, and AI-powered malware development. Critical vulnerabilities in Linux, educational platforms, and enterprise software are being weaponized, while threat actors increasingly leverage legitimate services and AI tools to evade de

SECURITYWEEKEXPLOIT
May 11READ

Linux 'Dirty Frag' Vulnerability (CVE-2026-43284, CVE-2026-43500) Possibly Exploited

A critical local privilege escalation flaw in the Linux kernel was disclosed before patches were available, with evidence of active exploitation in the wild.

THNBREACH
May 10READ

Ollama Critical Memory Leak Vulnerability (CVE-2026-7482) Affects 300K+ Servers

An out-of-bounds read flaw allows remote, unauthenticated attackers to leak entire process memory from Ollama instances, with a CVSS score of 9.1.

KREBSBREACH
May 8READ

Canvas LMS Breach Disrupts 9,000+ Schools; 275M Records at Risk

ShinyHunters attacked the widely-used Canvas learning platform during finals week, defacing login pages and threatening to leak data from nearly 9,000 educational institutions affecting hundreds of millions of students and faculty.

SECURITYWEEKSUPPLY CHAIN
May 11READ

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

A malicious version of the Checkmarx Jenkins plugin was published to the Jenkins Marketplace, compromising developer build pipelines.

THNMALWARE
May 11READ

Fake OpenAI Privacy Filter on Hugging Face Delivers Infostealer to 244K Users

A malicious repository impersonating OpenAI's Privacy Filter reached #1 on Hugging Face's trending list and delivered a Rust-based information stealer to Windows users.

BLEEPING
May 9READ

JDownloader Website Compromised; Installers Replaced with Python RAT

Attackers replaced legitimate JDownloader installers with malicious versions deploying a Python-based remote access trojan to Windows and Linux users.

BLEEPING
May 11READ

TrickMo Android Banker Uses TON Blockchain for Stealth Command-and-Control

A new variant of the TrickMo banking malware introduces blockchain-based C2 communications and targets European users with enhanced evasion capabilities.

SECURITYWEEKPHISHING
May 11READ

500+ Organizations Targeted in Years-Long Phishing Campaign

Victims span aviation, critical infrastructure, energy, logistics, public administration, and technology sectors in a sustained multi-year campaign.

Generated twice daily from public security RSS feeds. Informational only.