Today's security news highlights multiple data breaches, critical zero-day exploits, and significant patching efforts. Several organizations, including DentaQuest and RCI, have reported data compromises affecting millions, while Cisco issued warnings about actively exploited zero-days in its SD-WAN products. Additionally, Google Chrome released a major update addressing hundreds of vulnerabilities.

Cisco Warns of Unpatched SD-WAN Zero-Day Exploited in Attacks — Cisco has issued a warning about a high-severity, unpatched zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager, actively exploited to achieve root privilege escalation. Read more →
Hackers Leak DentaQuest Information Impacting 2.6 Million — The ShinyHunters extortion group has leaked approximately 234 GB of data allegedly stolen from dental benefits administrator DentaQuest, affecting 2.6 million individuals. Read more →
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw — Threat actors are actively exploiting CVE-2026-3300, a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin (versions up to 1.9.12), to compromise sites. Read more →
Chrome 149 Patches 429 Vulnerabilities — Google has released Chrome 149, addressing 429 vulnerabilities, with over 100 classified as critical or high-severity, primarily use-after-free and insufficient validation flaws. Read more →
Five Eyes Warns of Chinese Spies Targeting Government, Military Staff with Fake Job Opportunities — A joint advisory from the Five Eyes intelligence alliance indicates that Chinese intelligence officers are posing as recruiters on online platforms to target personnel with access to classified information. Read more →
PCPJack Hijacks Cloud Servers for Covert SMTP Relay Network — The threat actor PCPJack has compromised 230 AWS, Google Cloud, and Azure servers to establish a covert SMTP email relay network, converting business servers into mail proxies. Read more →
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals — RCI, a nightclub operator, reported a network intrusion in March that resulted in the theft of files impacting 40,000 individuals. Read more →
FIFA World Cup 2026 Scams Are Already Live — Security researchers and the FBI are warning of a surge in FIFA-themed fraud, including fake websites, banking malware in pirate streaming apps, and phishing campaigns stealing login credentials, ahead of the 2026 World Cup. Read more →