← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights significant breaches and critical vulnerabilities, with GitHub and Grafana confirming incidents stemming from supply chain attacks and compromised credentials. Microsoft has also released mitigations for a BitLocker zero-day, while CISA added seven actively exploited vulnerabilities to its catalog, underscoring the persistent threat landscape.

DARK READINGVULN
May 20READ

Critical Flaw in OT Robot OS Gives Attackers Control

A critical command injection vulnerability in an OT Robot OS allows unauthenticated attackers remote access, potentially causing significant disruption.

BLEEPINGBREACH
May 19READ

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A critical vulnerability in the latest Python FastAPI version of ChromaDB allows unauthenticated attackers to execute arbitrary code on exposed servers.

BLEEPINGEXPLOIT
May 20READ

Drupal critical update to fix bug with high exploitation risk

Drupal has announced a critical core security release, warning that exploits could emerge within hours of the update's disclosure.

CISAKEV
May 20READ

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities, including older Microsoft and Adobe flaws, to its KEV Catalog based on evidence of active exploitation.

BLEEPINGBREACH
May 20READ

Exploit released for new PinTheft Arch Linux root escalation flaw

A public proof-of-concept exploit is now available for PinTheft, a recently patched Linux privilege escalation vulnerability, allowing local attackers to gain root privileges on Arch Linux systems.

SECURITYWEEKBREACH
May 20READ

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub confirmed that the TeamPCP hacking group accessed 3,800 internal repositories after an employee installed a malicious VS Code extension.

BLEEPINGBREACH
May 20READ

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was attributed to a single GitHub workflow token that was not rotated following the TanStack npm supply-chain attack.

SECURITYWEEKPATCH
May 20READ

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

Microsoft has released mitigations for the "YellowKey" BitLocker bypass vulnerability (CVE-2026-45585), preventing the FsTx Auto Recovery Utility from starting during WinRE image launch.

Generated twice daily from public security RSS feeds. Informational only.