← Latest brief

Security news.

·Morning Brief

Today's security landscape is marked by critical vulnerabilities, active exploitation, and significant supply chain attacks. Microsoft Exchange and Cisco SD-WAN zero-days are under active attack, while several WordPress plugins and popular npm packages have been compromised, leading to credential theft and potential site takeovers.

SECURITYWEEKVULN
May 16READ

PoC Code Released for Critical NGINX Vulnerability

A critical security defect, present since 2008, in NGINX Plus and NGINX open source has received a public Proof-of-Concept, urging immediate patching.

BLEEPINGBREACH
May 15READ

Funnel Builder WordPress Plugin Exploited to Steal Credit Cards

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript, targeting WooCommerce checkout pages for credit card theft.

BLEEPINGBREACH
May 15READ

Microsoft Exchange, Windows 11 Hacked at Pwn2Own

Competitors at Pwn2Own Berlin 2026 exploited 15 unique zero-day vulnerabilities in products including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux, earning over $385,000.

BLEEPINGSUPPLY CHAIN
May 15READ

Popular node-ipc npm Package Compromised in Supply Chain Attack

Hackers have injected credential-stealing malware into new versions of the popular node-ipc inter-process communication package, marking a new npm supply chain attack.

CISAZERO-DAY
May 15READ

CISA Adds Microsoft Exchange Zero-Day (CVE-2026-42897) to KEV Catalog

CISA has added a Microsoft Exchange Server Cross-Site Scripting Vulnerability (CVE-2026-42897) to its Known Exploited Vulnerabilities Catalog, urging federal agencies to remediate due to active exploitation.

SECURITYWEEKZERO-DAY
May 15READ

Cisco Patches Sixth SD-WAN Zero-Day Exploited in 2026

Cisco has patched CVE-2026-20182, a critical SD-WAN zero-day actively exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616.

THNMALWARE
May 15READ

Turla Transforms Kazuar Backdoor into Modular P2P Botnet

The Russian state-sponsored group Turla has evolved its Kazuar backdoor into a modular peer-to-peer botnet designed for stealthy and persistent access to compromised systems.

SECURITYWEEKSUPPLY CHAIN
May 15READ

OpenAI Hit by TanStack Supply Chain Attack

Two OpenAI employee devices were compromised in a supply chain attack on TanStack, leading to the theft of credential material from OpenAI code repositories.

Generated twice daily from public security RSS feeds. Informational only.