← Latest brief

Security news.

·Morning Brief

Critical vulnerabilities are actively exploited across multiple platforms today, including a maximum-severity Adobe ColdFusion flaw and authentication bypass flaws in BeyondTrust remote access software. Meanwhile, threat actors continue targeting high-value infrastructure with modular malware frameworks and supply chain attacks.

SECURITYWEEKEXPLOIT
3h agoREAD

Critical Adobe ColdFusion Vulnerability (CVE-2026-48282) Exploited in Active Attacks

A maximum-severity flaw with CVSS 10/10 is now being actively exploited in the wild.

BLEEPINGPATCH
7h agoREAD

BeyondTrust Patches Critical Authentication Bypass Flaws (CVE-2026-40138)

Two critical vulnerabilities in Remote Support and Privileged Remote Access products allow unauthenticated attackers to take control of affected devices.

BLEEPINGVULN
3h agoREAD

16-Year-Old Linux KVM Vulnerability (CVE-2026-53359) Enables VM Escape

The "Januscape" use-after-free bug in Linux's KVM hypervisor allows guest VMs to escape to the host on both Intel and AMD systems.

THNEXPLOIT
6h agoREAD

China-Aligned Hackers Exploit Roundcube Flaws Against U.S. and Canadian Universities

Threat actors are exploiting critical Roundcube webmail vulnerabilities (CVE-2024-42009, CVSS 9.3) to target physics and engineering departments and steal credentials.

THNMALWARE
9h agoREAD

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware (CVE-2026-11405)

Multiple Tenda firmware versions contain an undocumented authentication backdoor enabling administrative access to web management interfaces.

SECURITYWEEK
3h agoREAD

Iran-Linked Hackers Deploy Modular C&C Framework Targeting Israeli Organizations

The Cavern framework is being used by MOIS-affiliated threat actors to compromise IT service providers and government entities in targeted supply chain attacks.

SECURITYWEEK
1d agoREAD

North Korean PolinRider Campaign Compromises 100+ Open Source Packages

The supply chain attack delivers backdoors and information stealers to developers through compromised legitimate repositories.

THNVULN
23h agoREAD

Threat Actors Actively Probe Gitea Docker Flaw (CVE-2026-20896, CVSS 9.8)

Attackers are exploiting a critical authentication bypass in Gitea Docker images just 13 days after public disclosure.

Generated twice daily from public security RSS feeds. Informational only.