← Latest brief

Security news.

·Morning Brief

Today's security news highlights critical patches from major vendors and ongoing exploitation campaigns. Adobe, Citrix, Apple, and Google have released significant updates addressing numerous vulnerabilities, some of which are actively exploited or carry maximum severity ratings. Meanwhile, attackers continue to target

BLEEPING
3h agoREAD

Over 900 Oracle E-Business instances exposed to ongoing attacks

More than 900 Oracle E-Business Suite (EBS) instances are exposed online and targeted by ongoing attacks exploiting a critical security flaw.

SECURITYWEEKPATCH
4h agoREAD

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Adobe released security patches for seven maximum-severity vulnerabilities in ColdFusion and Campaign Classic, some of which could lead to arbitrary code execution.

SECURITYWEEKPATCH
5h agoREAD

Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

Citrix has urged customers to patch NetScaler after fixing six vulnerabilities, including a high-severity CitrixBleed-style information disclosure bug and a new HTTP/2 Bomb attack.

SECURITYWEEKPATCH
6h agoREAD

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

Apple released updates addressing numerous vulnerabilities in WebKit, the kernel, WebRTC, and other components affecting iPhone, iPad, Mac, and Safari users.

SECURITYWEEK
8h agoREAD

Massive Password Spray Campaign Targeting Azure CLI

Hackers launched over 81 million login attempts against Microsoft's Azure command-line interface (CLI) from systems linked to hosting provider LSHIY, compromising dozens of accounts.

SECURITYWEEKPATCH
10h agoREAD

Google Patches 382 Chrome Vulnerabilities

Google has released patches for 382 Chrome vulnerabilities, including fifteen critical and 67 high-severity flaws.

THNPHISHING
9h agoREAD

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Attackers are exploiting AI models' tendency to "hallucinate" non-existent web addresses by registering these domains and hosting phishing pages on them, a technique dubbed "phantom squatting."

DARK READING
15h agoREAD

China-Linked Group Targets Southeast Asia Critical Systems

A China-linked threat group has compromised at least 10 organizations in Southeast Asia, including two state-owned entities, deploying a new backdoor.

Generated twice daily from public security RSS feeds. Informational only.