Today's security news highlights critical vulnerabilities and ongoing supply chain attacks. Multiple vendors, including F5, Atlassian, Splunk, and Cisco, have released patches for high-severity flaws, while a significant supply chain attack impacted WordPress plugins from ShapedPlugin.

ShapedPlugin update flow hacked to infect WordPress sites — A supply chain attack compromised multiple WordPress plugins from ShapedPlugin, distributing infected releases to paying customers via the official update system. Read more →
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices — A new data leak, "FortiBleed," has exposed Fortinet and FortiGate VPN credentials for 73,932 firewall URLs globally. Read more →
F5 issues out-of-band patches for critical NGINX vulnerabilities — F5 has released security updates to address multiple NGINX web server vulnerabilities, including two critical flaws that could allow remote code execution. Read more →
Atlassian, Splunk Patch Critical Vulnerabilities — Splunk patched an OS command injection in its AI Toolkit, while Atlassian fixed numerous flaws in third-party dependencies. Read more →
Critical Command Execution Vulnerability Patched in Cisco ISE — Cisco has patched a critical command execution vulnerability in ISE that could allow an attacker to gain access to the underlying OS and elevate privileges to root. Read more →
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations — Apple released security updates for a high-severity flaw in Beats Studio Buds that could allow attackers in Bluetooth range to eavesdrop on conversations. Read more →
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network — The rapid adoption of internal AI tools is creating administrative debt, including orphaned AI agents and standing privileges, posing significant security risks. Read more →
Rokarolla Banking Trojan Targets 200 Applications — The Rokarolla Android banking trojan allows operators to control infected devices and harvest sensitive information, targeting 200 applications. Read more →