← Latest brief

Security news.

·Afternoon Brief

Today's security landscape highlights active exploitation of critical vulnerabilities, particularly in WordPress plugins and Microsoft Exchange, alongside the evolving tactics of state-sponsored groups. The increasing role of AI in both generating vulnerable code and discovering exploits also signals a shift in defensive strategies.

THNEXPLOIT
May 16READ

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

A critical vulnerability in the Funnel Builder WordPress plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, aiming to steal payment data.

SECURITYWEEKVULN
May 16READ

PoC Code Published for Critical NGINX Vulnerability

Proof-of-concept code has been published for a critical NGINX vulnerability, introduced in 2008 and recently patched in NGINX Plus and open-source versions.

BLEEPINGMALWARE
May 16READ

Russian Hackers Turn Kazuar Backdoor into Modular P2P Botnet

The Russian hacker group Secret Blizzard has evolved its Kazuar backdoor into a modular peer-to-peer (P2P) botnet, designed for long-term persistence and data collection.

BLEEPINGBREACH
May 15READ

Microsoft Exchange, Windows 11 Hacked on Second Day of Pwn2Own

Competitors at Pwn2Own Berlin 2026 exploited 15 unique zero-day vulnerabilities in products including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux, earning $385,750.

BLEEPINGBREACH
May 15READ

Popular node-ipc npm Package Compromised to Steal Credentials

Hackers have injected credential-stealing malware into new versions of the popular node-ipc npm package, in a supply chain attack.

CISAZERO-DAY
May 15READ

CISA Adds Microsoft Exchange Server Zero-Day to KEV Catalog

CISA has added CVE-2026-42897, a Microsoft Exchange Server cross-site scripting vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.

SECURITYWEEKSUPPLY CHAIN
May 15READ

OpenAI Hit by TanStack Supply Chain Attack

Two OpenAI employee devices were compromised in a Mini Shai-Hulud supply chain attack on TanStack, leading to the theft of credential material from code repositories.

DARK READING
May 18READ

AI Agents and Code Generation Pose New Cyber Risks

The emergence of AI agents capable of discovering and exploiting obscure vulnerabilities, coupled with the proliferation of AI-generated code, is forcing cybersecurity defenders to adapt.

Generated twice daily from public security RSS feeds. Informational only.