Today's security news is dominated by critical vulnerabilities and widespread data exposures. Microsoft is actively developing a patch for a Defender zero-day, while a significant leak dubbed "FortiBleed" has exposed credentials for over 73,000 Fortinet VPN devices. Additionally, CISA has issued an urgent directive for federal agencies to patch an actively exploited Joomla plugin flaw.

Microsoft Confirms RoguePlanet Defender Zero-Day, Patch in Development — Microsoft has formally acknowledged and is working on a patch for CVE-2026-50656, a privilege escalation zero-day in Microsoft Defender's Malware Protection Engine. Read more →
FortiBleed Leak Exposes 73,000 Fortinet VPN Credentials — A new data leak, "FortiBleed," has exposed Fortinet and FortiGate VPN credentials for 73,932 firewall URLs globally, leaving numerous organizations vulnerable. Read more →
Crypto Clipper Campaign Leverages Fake Reviews and AI Narrators — A threat actor is using paid posts on news sites, a WordPress phishing page, fake GitHub/SourceForge accounts, and AI-narrated YouTube videos to promote crypto clipper malware. Read more →
Malicious JetBrains Plugins Steal AI API Keys — A coordinated malware campaign on the JetBrains Marketplace has deployed at least 15 malicious plugins, disguised as AI coding assistants, to exfiltrate AI provider keys. Read more →
144 Mastra npm Packages Compromised in Supply Chain Attack — A software supply chain attack, "easy-day-js," compromised 144 npm packages under the Mastra namespace, affecting a popular JavaScript/TypeScript framework for AI applications, via a hijacked contributor account. Read more →
Hacker Used Tailscale and OpenSSH for Persistent Access — A French-speaking attacker maintained access to a victim's machine by installing OpenSSH and Tailscale, creating a backdoor independent of their original command-and-control server. Read more →
CISA Orders Feds to Patch Max Severity Joomla Plugin Flaw — CISA has added CVE-2026-48907, a maximum-severity improper access control flaw in the Widget Factory Joomla Content Editor (JCE) plugin, to its KEV catalog and ordered federal agencies to patch it by Friday due to active exploitation. Read more →
Kodak Confirms Data Breach Claimed by ShinyHunters — Kodak has confirmed a security breach and is investigating with external cybersecurity experts after the ShinyHunters extortion gang claimed access to some of the company's data. Read more →