← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights significant data breaches and the evolving threat landscape involving AI. Multiple reports detail large-scale data exposures, while threat actors are increasingly leveraging AI tools and platforms for sophisticated phishing and post-exploitation activities.

CISAKEV
May 29READ

CISA Adds Palo Alto Networks PAN-OS Auth Bypass to KEV Catalog

CISA has added CVE-2026-0257, a Palo Alto Networks PAN-OS Authentication Bypass Vulnerability, to its Known Exploited Vulnerabilities Catalog, indicating active exploitation.

BLEEPINGAI
May 29READ

ChatGPT Share Links Abused for Malware Delivery

Threat actors are exploiting ChatGPT's content-sharing feature to host fake OpenAI outage pages that trick users into downloading malware disguised as a desktop application.

THNPHISHING
May 29READ

ChatGPhish Vulnerability Turns ChatGPT Summaries Into Phishing Surface

A vulnerability dubbed "ChatGPhish" allows prompt injections and phishing attacks by leveraging ChatGPT's trust in Markdown links and images within web summaries.

SECURITYWEEKBREACH
May 29READ

Charter Communications Data Breach Impacts Nearly 5 Million

The ShinyHunters extortion group leaked over 42 million records, allegedly stolen from Charter Communications in April, affecting approximately 4.9 million accounts.

BREACH
READ

California AG Sues 23andMe Over 2023 Data Breach

California Attorney General Rob Bonta has filed a lawsuit against 23andMe (now Chrome Holding Co.) for failing to protect sensitive customer genetic and personal information during its 2023 breach.

SECURITYWEEKZERO-DAY
May 29READ

Gogs Zero-Day Exposes Servers to Remote Code Execution

A critical-severity argument injection flaw in Gogs, a self-hosted Git service, allows authenticated attackers to achieve remote code execution via malicious branch names in pull requests.

THNAI
May 29READ

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after exploiting a Marimo network via CVE-2026-39987.

BLEEPINGBREACH
May 29READ

Google Chrome Adds Session Cookie Theft Protection

Google has made its Chrome Device Bound Session Credentials (DBSC) security feature generally available, rolling it out to all users to help prevent account takeovers via session cookie theft.

Generated twice daily from public security RSS feeds. Informational only.