← Latest brief

Security news.

·Afternoon Brief

Today's security landscape is marked by several critical vulnerabilities and active exploitation warnings. CISA has added multiple actively exploited flaws to its KEV catalog, including issues in Android, Linux, and a WordPress plugin. Additionally, a new "HTTP/2 Bomb" DoS attack method has been disclosed, capable of crashing major web servers.

BLEEPINGEXPLOIT
Jun 3READ

CISA warns of active attacks exploiting Android, Linux bugs

CISA has issued a warning regarding active exploitation of vulnerabilities in the Linux kernel and Android operating system.

CISAKEV
Jun 3READ

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added CVE-2026-45247, a Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability, to its KEV catalog due to active exploitation.

BLEEPING
Jun 3READ

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

A novel denial-of-service (DoS) attack, dubbed "HTTP/2 Bomb," can be launched from a single machine to quickly take down web servers like NGINX, Apache, IIS, Envoy, and Cloudflare.

DARK READING
Jun 3READ

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

A disabled security setting in Android versions of Microsoft 365 apps like Word, PowerPoint, and Excel could allow attackers to steal logins and data.

THNBREACH
Jun 3READ

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

A one-click attack via Microsoft Visual Studio Code (VS Code) allows attackers to steal a user's GitHub token, potentially granting read and write access to private repositories.

SECURITYWEEKVULN
Jun 3READ

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

Threat actors are actively exploiting vulnerabilities in Kirki and Burst Statistics WordPress plugins to elevate privileges and take over websites.

BLEEPINGPATCH
Jun 3READ

Acer working to patch max severity zero-days in Wave 7 routers

Acer is addressing two maximum-severity zero-day vulnerabilities impacting its Wave 7 mesh routers.

THNBREACH
Jun 3READ

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

An unpatched vulnerability in the Windows search: URI handler could be exploited to disclose a user's NTLMv2 hash to an attacker.

Generated twice daily from public security RSS feeds. Informational only.