Today's security news highlights critical vulnerabilities and ongoing cyberattacks. F5 has patched severe NGINX flaws, while CISA added a Splunk vulnerability to its Known Exploited Vulnerabilities Catalog. Several data breaches and malware campaigns, including one targeting Salesforce users via third-party apps, also underscore the persistent threat landscape.

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution — F5 released security updates for two critical NGINX Open Source vulnerabilities (CVE-2026-42530, CVSS 9.2) that could lead to remote code execution. Read more →
CISA Adds One Known Exploited Vulnerability to Catalog — CISA has added CVE-2026-20253, a Splunk Enterprise Missing Authentication for Critical Function Vulnerability, to its KEV Catalog due to active exploitation. Read more →
Salesforce Data Thefts Continue via Klue App Compromise — Klue's Battlecards is the third integrated application compromised to steal Salesforce data, with victims including cybersecurity vendor Huntress. Read more →
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices — A new data leak, "FortiBleed," has exposed Fortinet and FortiGate VPN credentials for nearly 74,000 firewall URLs globally. Read more →
Nintendo confirms data stolen in WebMD subsidiary cyberattack — Nintendo of America confirmed that survey data was stolen from the third-party TinyPulse service, though its internal systems were not compromised. Read more →
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm — The Android-based Popa botnet, which has forced millions of consumer TV boxes to relay internet traffic for fraud and data scraping, has been linked to NetNut, a "residential proxy" provider operated by Israeli firm Ala. Read more →
USB worm spreads crypto-stealing malware via Windows shortcut files — Threat actors are distributing clipboard-stealing malware with self-spreading capabilities via USB, using the Tor network for C2 communication. Read more →
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp — International law enforcement agencies cleaned almost 15,000 WordPress sites infected with SocGholish malware and took down over 100 servers linked to the Evil Corp cybercrime group. Read more →