← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights critical vulnerabilities under active exploitation, significant supply chain attacks, and major law enforcement actions against cybercrime. Developers and IT teams should prioritize patching and be aware of new threats targeting popular platforms and development tools.

THNSUPPLY CHAIN
Jun 1READ

Miasma Supply Chain Attack Hits Red Hat npm Packages

A new Mini Shai-Hulud campaign, codenamed Miasma, has compromised @redhat-cloud-services npm packages to steal credentials and deliver a self-propagating worm.

SECURITYWEEKEXPLOIT
Jun 1READ

WP Maps Pro Vulnerability Exploited on WordPress Sites

A critical security defect (CVE-2026-8732) in the WP Maps Pro WordPress plugin is being actively exploited by unauthenticated attackers to create administrative accounts.

SECURITYWEEKEXPLOIT
Jun 1READ

Critical Windows Netlogon Vulnerability Under Active Exploitation

Organizations are urged to patch CVE-2026-41089, a critical Windows Netlogon vulnerability, as soon as possible due to ongoing exploitation.

DARK READINGEXPLOIT
Jun 1READ

Palo Alto PAN-OS Auth Bypass Bug Actively Exploited

A Palo Alto Networks PAN-OS GlobalProtect VPN authentication bypass vulnerability (CVE-2026-0257) is under active exploitation, with adversaries leveraging it in two attack waves since mid-May.

SECURITYWEEKMALWARE
Jun 1READ

Dutch Police Dismantle Massive 17-Million-Device Botnet

Dutch authorities have seized command-and-control servers linked to a botnet of 17 million infected devices, allegedly used for a residential proxy network and cybercrime.

KREBSAI
Jun 1READ

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Instructions circulated on Telegram show how attackers tricked Meta's "AI support assistant" bot into resetting Instagram account passwords, leading to the defacement of high-profile accounts.

BLEEPINGBREACH
Jun 1READ

Dashlane Password Manager Users Locked Out by Brute Force Attacks

Multiple Dashlane users have been locked out of their accounts following brute-force login attempts from distant locations and unknown devices.

SECURITYWEEKVULN
Jun 1READ

19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access

Proof-of-concept exploit code has been released for the CIFSwitch flaw, allowing low-privileged users to escalate to root on vulnerable Linux systems.

Generated twice daily from public security RSS feeds. Informational only.