← Latest brief

Security news.

·Morning Brief

Today's security news highlights significant law enforcement actions against cybercrime, with arrests made in connection to the Kimwolf botnet and the disruption of the "First VPN" service. Additionally, critical vulnerabilities are being addressed across various platforms, including Ubiquiti UniFi OS, Cisco Secure Workload, and Trend Micro Apex One, with CISA adding several to its Known Exploited Vulnerabilities catalog.

THN
May 22READ

Megalodon GitHub Attack Targets 5,561 Repositories

A new automated campaign, "Megalodon," pushed 5,718 malicious commits to 5,561 GitHub repositories, injecting GitHub Actions workflows with base64-encoded bash payloads to exfiltrate CI data.

SECURITYWEEKZERO-DAY
May 22READ

Trend Micro Patches Apex One Zero-Day Exploited in the Wild

Trend Micro has released a patch for CVE-2026-34926, a directory traversal flaw in the on-premise version of Apex One that has been actively exploited.

THNMALWARE
May 22READ

Kimwolf DDoS Botnet Operator Arrested in Canada

Jacob Butler, 23, has been arrested in Canada and charged by US authorities for allegedly operating the Kimwolf DDoS botnet, which infected nearly two million devices.

SECURITYWEEKPOLICY
May 22READ

‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

The FBI announced the disruption of "First VPN," a service allegedly used by dozens of ransomware groups for network reconnaissance and intrusions, leading to the arrest of its administrator.

BLEEPINGPATCH
May 22READ

Ubiquiti Patches Three Max Severity UniFi OS Vulnerabilities

Ubiquiti has released security updates to address three maximum severity vulnerabilities in UniFi OS that could allow unprivileged remote attackers to exploit systems.

THNPATCH
May 22READ

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw

Cisco has released updates for a critical vulnerability (CVE-2026-20223, CVSS 10.0) in Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data due to insufficient validation and authentication.

SECURITYWEEKSUPPLY CHAIN
May 22READ

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Hackers accessed Grafana’s GitHub repositories and stole codebase and other data after a token compromised in the TanStack attack was not rotated.

DARK READINGBREACH
May 22READ

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

The Chinese APT group "Webworm" is reportedly using Discord and Microsoft Graphs, along with SOCKS proxies, to target EU governments.

Generated twice daily from public security RSS feeds. Informational only.