← Latest brief

Security news.

·Afternoon Brief

Today's cybersecurity landscape is dominated by active exploitation of critical vulnerabilities, major law enforcement actions against botnets, and the evolving role of AI in both attacks and defenses. CISA has added a SharePoint RCE flaw to its KEV catalog, while a significant residential proxy network has been disrupted.

THNKEV
16h agoREAD

SharePoint RCE (CVE-2026-45659) Added to CISA KEV

CISA has added a high-severity Microsoft SharePoint Server remote code execution vulnerability (CVE-2026-45659) to its Known Exploited Vulnerabilities catalog due to active exploitation.

KREBSMALWARE
2h agoREAD

FBI Seizes NetNut Proxy Platform, Popa Botnet

The FBI, in collaboration with industry partners including Google, has seized hundreds of domains associated with NetNut, a large residential proxy service linked to the Popa botnet, significantly degrading its operations.

THNRANSOMWARE
3h agoREAD

Ransomware Groups Exploiting Citrix Bleed 2 (CVE-2025-5777)

Threat actors, including the Anubis ransomware operation, are actively exploiting the Citrix Bleed 2 vulnerability (CVE-2025-5777) for initial access, with public PoC code available immediately after disclosure.

DARK READINGRANSOMWARE
3h agoREAD

FortiBleed Actors Collaborating With INC, Lynx Ransomware Gangs

Attackers exploiting the FortiBleed campaign, which gained access to thousands of Fortinet firewalls, are now monetizing this access and collaborating with INC and Lynx ransomware groups, also leveraging a Nextcloud zero-day.

DARK READINGEXPLOIT
2h agoREAD

Apple Reverses Patch Policy to Keep Up With AI-Driven Exploits

Apple is expected to implement more compressed patching cycles as attackers increasingly leverage artificial intelligence to accelerate time to exploit, signaling a shift in their long-standing update strategy.

BLEEPINGBREACH
8h agoREAD

ConsentFix and ClickFix Attacks Hijack Microsoft 365 Accounts

New ConsentFix and ClickFix attacks are stealing Microsoft 365 tokens in seconds by using fake prompts and OAuth flows, demonstrating effective MFA bypass tactics.

THNRANSOMWARE
13h agoREAD

AI Agent Automates Database Ransomware Attack

Sysdig researchers have identified what they believe to be the first ransomware attack executed entirely by an AI agent, dubbed JADEPUFFER, which handled initial access, credential theft, lateral movement, and database encryption.

CISAVULN
10h agoREAD

CISA Warns of Critical Vulnerabilities in Gardyn IoT Hub

CISA has issued an advisory for Gardyn IoT Hub vulnerabilities (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) with a CVSS score of 10, allowing unauthenticated users to access and control managed devices.

Generated twice daily from public security RSS feeds. Informational only.