← Latest brief

Security news.

·Morning Brief

Critical vulnerabilities in widely-used software continue to be actively exploited, with CISA adding multiple flaws to its Known Exploited Vulnerabilities catalog. Supply chain attacks remain a major threat, with malware campaigns targeting developers across multiple ecosystems and AI-powered attack techniques emerging as a significant concern for enterprises.

BLEEPINGZERO-DAY
May 27READ

CISA Orders Immediate Patching of Actively Exploited LiteSpeed cPanel Plugin Zero-Day

CVE-2026-48172 in the LiteSpeed cPanel plugin allows privilege escalation and is being actively exploited in the wild; federal agencies have been given four days to patch.

THNSUPPLY CHAIN
May 27READ

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, Google, and Shadowserver Foundation have disrupted all command-and-control channels for GlassWorm, a persistent campaign targeting software developers through malicious packages and extensions since early 2025.

SECURITYWEEKSUPPLY CHAIN
May 27READ

SymJack Attack Exploits AI Coding Agents for Supply Chain Attacks

Malicious repositories and disguised symlinks can trick AI coding agents into installing attacker-controlled MCP servers capable of stealing secrets and compromising CI pipelines.

DARK READINGMALWARE
May 26READ

Megalodon Malware Infects Thousands of GitHub Repositories in Six Hours

A coordinated campaign pushed malicious commits to over 5,500 GitHub repositories, stealing credentials, developer secrets, and sensitive data.

THNVULN
May 27READ

Gitea Vulnerability Allows Unauthenticated Access to Private Container Images

CVE-2026-27771 in Gitea versions prior to 1.26.2 permits remote attackers to pull private container images without credentials or authentication.

BLEEPINGBREACH
May 27READ

FBI Warns of Silent Ransom Group Conducting In-Person Data Theft Attacks

The Silent Ransom Group (SRG) is targeting U.S. law firms by sending operatives to physically insert USB drives and steal data on-site.

SECURITYWEEKNATION-STATE
May 27READ

LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers

While claimed by a hacktivist group, evidence shows the attack used infrastructure linked to Iranian government threat actors.

THNRCE
May 26READ

Microsoft Patches SharePoint RCE Vulnerability CVE-2026-45659

CVE-2026-45659 (CVSS 8.8) in SharePoint allows remote code execution through deserialization of untrusted data without requiring specialized conditions.

Generated twice daily from public security RSS feeds. Informational only.