← Latest brief

Security news.

·Morning Brief

Today's cybersecurity landscape is marked by critical zero-day exploits and significant supply chain attacks. Microsoft and Cisco have issued urgent warnings and patches for vulnerabilities actively exploited in the wild, while OpenAI confirms a breach impacting employee devices.

SECURITYWEEKZERO-DAY
May 15READ

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

Microsoft has released mitigations for CVE-2026-42897, a high-severity Exchange Server vulnerability actively exploited to allow arbitrary code execution via cross-site scripting (XSS).

SECURITYWEEKSUPPLY CHAIN
May 15READ

OpenAI Hit by TanStack Supply Chain Attack

OpenAI confirmed that two employee devices were compromised in the Mini Shai-Hulud supply chain attack on TanStack, leading to the theft of credential material from code repositories.

SECURITYWEEKMALWARE
May 15READ

TeamPCP Releases Shai-Hulud Worm’s Source Code

The hacking group TeamPCP has released the source code for the Shai-Hulud worm, encouraging its use in supply chain attacks and offering monetary rewards.

SECURITYWEEKZERO-DAY
May 15READ

Cisco Patches Sixth SD-WAN Zero-Day Exploited in 2026

Cisco has patched CVE-2026-20182, a critical authentication bypass vulnerability in Catalyst SD-WAN Controller, which has been actively exploited by a sophisticated threat actor (UAT-8616) to gain administrative privileges.

BLEEPINGEXPLOIT
May 14READ

Hackers Exploit Auth Bypass in Burst Statistics WordPress Plugin

A critical authentication bypass vulnerability in the Burst Statistics WordPress plugin is being actively exploited by hackers to gain admin-level access to websites.

SECURITYWEEKBREACH
May 15READ

American Lending Center Data Breach Affects 123,000 Individuals

A ransomware attack discovered nearly a year ago at American Lending Center has now been confirmed to have impacted 123,000 individuals.

BLEEPING
May 15READ

Microsoft to Automatically Roll Back Faulty Windows Drivers

Microsoft is implementing a new feature to automatically roll back problematic Windows drivers delivered via Windows Update, aiming to improve system stability.

SECURITYWEEKPATCH
May 15READ

Chrome 148 Update Patches Critical Vulnerabilities

Google has released Chrome 148, addressing several critical-severity use-after-free and other bugs across various browser components.

Generated twice daily from public security RSS feeds. Informational only.