← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights active exploitation of critical vulnerabilities, including a Palo Alto GlobalProtect VPN flaw and a Flowise RCE. We also see continued activity from state-sponsored threat actors and significant data breaches affecting millions of users, underscoring the persistent and evolving threat landscape.

BLEEPINGEXPLOIT
May 30READ

Palo Alto GlobalProtect VPN Auth Bypass Flaw Now Exploited in Attacks

Palo Alto Networks is warning that hackers are actively exploiting a PAN-OS GlobalProtect authentication bypass flaw (CVE-2026-0257) to breach corporate networks.

SECURITYWEEKRCE
May 30READ

Exploit Code Published for Critical Flowise RCE Vulnerability

Exploit code has been released for a critical one-click vulnerability in Flowise that allows attackers to execute arbitrary code on self-hosted servers by tricking users into importing a malicious chatflow.

BLEEPINGVULN
May 30READ

New CIFSwitch Linux Flaw Gives Root on Multiple Distributions

A newly discovered local privilege escalation vulnerability, 'CIFSwitch', in the Linux kernel could allow attackers to gain root privileges by forging CIFS authentication key descriptions and abusing the kernel's key request mechanism.

SECURITYWEEKPOLICY
May 30READ

Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite

Officials report that Russian agents are actively using fake companies, middlemen, and cyber spies to acquire Western technology, potentially for use in attacking critical infrastructure.

BLEEPINGAI
May 29READ

ChatGPT Share Links Abused to Host Fake Outage Pages to Deliver Malware

Threat actors are exploiting ChatGPT's content-sharing feature to display fake OpenAI outage pages that trick users into downloading malware disguised as the ChatGPT desktop application.

BLEEPINGBREACH
May 29READ

California AG Sues 23andMe Over 2023 Breach Exposing Health Data

California Attorney General Rob Bonta has filed a lawsuit against 23andMe (now Chrome Holding Co.) for failing to protect sensitive customer genetic and personal information during its 2023 data breach.

SECURITYWEEKBREACH
May 29READ

Charter Communications Data Breach Could Impact Nearly 5 Million

The ShinyHunters extortion group leaked over 42 million records, allegedly stolen from Charter Communications in April, potentially affecting nearly 5 million accounts.

BLEEPINGBREACH
May 29READ

Google Chrome Adds Session Cookie Theft Protection for All Users

Google has announced that its Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and rolling out to all users to prevent account takeovers via session cookie theft.

Generated twice daily from public security RSS feeds. Informational only.