← Latest brief

Security news.

·Morning Brief

Today's security landscape highlights active exploitation of critical vulnerabilities in Oracle E-Business Suite and SimpleHelp, alongside a significant data breach impacting Aflac Japan. The growing influence of AI in both discovering and creating security risks remains a prominent theme, with new research on AI codin

THNEXPLOIT
11h agoREAD

Oracle E-Business Suite Flaw Actively Exploited

A critical improper privilege management and authentication flaw (CVE-2026-46817) in Oracle E-Business Suite's Payments product is under active exploitation, allowing unauthenticated attackers to take over instances.

THNMALWARE
4h agoREAD

SimpleHelp Vulnerability Exploited for Malware Delivery

A maximum-severity authentication bypass flaw (CVE-2026-48558) in SimpleHelp is being exploited to deploy new malware families, TaskWeaver and Djinn Stealer, targeting credentials and development tooling. CISA has added this to its KEV catalog.

SECURITYWEEKBREACH
3h agoREAD

Aflac Japan Data Breach Impacts 4.38 Million

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25, leading to a data breach affecting 4.38 million individuals.

BLEEPINGRANSOMWARE
7h agoREAD

CISA Warns: Windows BlueHammer Flaw Exploited by Ransomware

CISA confirmed that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, previously abused in zero-day attacks.

THN
7h agoREAD

BioShocking Attack Tricks AI Browsers into Leaking Credentials

A new technique, "BioShocking," can trick AI browsers and assistants like ChatGPT Atlas and Perplexity's Comet into copying and sending user credentials to attackers.

SECURITYWEEKSUPPLY CHAIN
3h agoREAD

Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-old Bash shell tricks can bypass safeguards in most open-source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.

THNVULN
8h agoREAD

Critical Progress Kemp LoadMaster Flaw Allows Root Command Execution

A critical vulnerability (CVE-2026-8037, CVSS 9.8) in Progress Kemp LoadMaster allows unauthenticated attackers to execute arbitrary commands as root via a crafted API request; a patch is available.

THNPATCH
8h agoREAD

Apple Patches Over 30 Flaws, Including AI-Discovered WebKit Bugs

Apple released security updates for iOS, macOS, and Safari, addressing over three dozen vulnerabilities, including four WebKit flaws (e.g., CVE-2026-43707) discovered using AI tools.

Generated twice daily from public security RSS feeds. Informational only.