← Latest brief

Security news.

·Morning Brief

Today's security news highlights active exploitation of a Palo Alto Networks PAN-OS vulnerability and ongoing supply chain compromises. Several large data breaches have also been disclosed, alongside new threats leveraging AI for cyberattacks and phishing campaigns.

THNEXPLOIT
May 30READ

PAN-OS GlobalProtect Authentication Bypass Under Active Exploitation

Palo Alto Networks has warned that CVE-2026-0257, a medium-severity authentication bypass flaw in PAN-OS and Prisma Access, is being actively exploited to establish unauthorized VPN connections.

CISASUPPLY CHAIN
May 28READ

CISA Warns of Supply Chain Compromises Impacting Nx Console and GitHub

CISA is prioritizing response to multiple software supply chain intrusion campaigns, including a GitHub compromise via a malicious Nx Console Visual Studio Code extension and the "Megalodon" campaign.

BLEEPINGBREACH
May 29READ

Charter Communications Data Breach Affects 4.9 Million Accounts

The ShinyHunters extortion group stole personal information from nearly 5 million Charter Communications accounts in April.

BLEEPINGAI
May 29READ

ChatGPT Share Links Abused for Malware Delivery

Threat actors are exploiting ChatGPT's content-sharing feature to host fake OpenAI outage pages that trick users into downloading malware disguised as a ChatGPT desktop application.

SECURITYWEEKZERO-DAY
May 29READ

Critical Gogs Zero-Day Exposes Servers to Remote Code Execution

A critical-severity argument injection flaw (CVSS 9.4) in the Gogs self-hosted Git service allows authenticated attackers to achieve remote code execution via malicious branch names in pull requests.

THNAI
May 29READ

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after exploiting a Marimo network via CVE-2026-39987.

BLEEPINGBREACH
May 29READ

California AG Sues 23andMe Over 2023 Breach Exposing Health Data

California Attorney General Rob Bonta has filed a lawsuit against 23andMe (now Chrome Holding Co.) for failing to protect sensitive customer genetic and personal information in a 2023 breach.

BLEEPINGBREACH
May 29READ

Google Chrome Adds Session Cookie Theft Protection for All Users

Google's Chrome Device Bound Session Credentials (DBSC) security feature is now generally available, rolling out to all users to help prevent account takeovers by protecting against session cookie theft.

Generated twice daily from public security RSS feeds. Informational only.