← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights critical vulnerabilities and ongoing cyber-espionage campaigns. Microsoft and Cisco have released patches for actively exploited flaws, while Chinese APTs are targeting telecommunication providers with new Linux and Windows malware. Supply chain attacks continue to be a significant concern, impacting major platforms like GitHub.

BLEEPINGVULN
May 21READ

Max severity Cisco Secure Workload flaw gives Site Admin privileges

Cisco has released security updates for a critical vulnerability in Secure Workload that allows attackers to gain Site Admin privileges.

CISAKEV
May 21READ

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added CVE-2025-34291 (Langflow Origin Validation Error) and CVE-2026-34926 (Trend Micro Apex One Directory Traversal) to its KEV Catalog due to active exploitation.

THNEXPLOIT
May 21READ

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed and patched two actively exploited zero-day flaws in Defender, CVE-2026-41091 (privilege escalation) and a denial-of-service vulnerability.

BLEEPINGPATCH
May 21READ

Google accidentally exposed details of unfixed Chromium flaw

Google inadvertently leaked details of an unfixed Chromium issue that could allow remote code execution by keeping JavaScript running after the browser closes.

BLEEPINGMALWARE
May 21READ

Chinese hackers target telcos with new Linux, Windows malware

A Chinese cyber-espionage campaign is targeting telecommunications providers with newly discovered Linux malware "Showboat" and Windows malware "JFMBackdoor."

BLEEPINGSUPPLY CHAIN
May 21READ

GitHub links repo breach to TanStack npm supply-chain attack

GitHub confirmed that a breach of 3,800 internal repositories was due to a malicious version of the Nx Console VS Code extension, compromised in a recent supply-chain attack.

SECURITYWEEKPATCH
May 21READ

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal has patched CVE-2026-9082, a highly critical vulnerability in Drupal Core that could lead to information disclosure, privilege escalation, and remote code execution without authentication.

THNVULN
May 21READ

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

A nine-year-old Linux kernel flaw, CVE-2026-46333, allows unprivileged local users to disclose sensitive files and execute arbitrary commands as root on several major distributions.

Generated twice daily from public security RSS feeds. Informational only.