← Latest brief

Security news.

·Afternoon Brief

Today's security landscape highlights critical exploitation of known vulnerabilities, supply chain risks via malicious software packages, and the emerging security challenges posed by AI coding assistants. Defenders must prioritize patching, scrutinize third-party components, and adapt to sophisticated phishing and AI-driven attack vectors.

BLEEPINGEXPLOIT
4h agoREAD

Hackers exploit Roundcube flaw to spy on academic researchers

A China-linked group is actively exploiting vulnerable Roundcube servers at US and Canadian universities to steal credentials and deploy backdoors.

BLEEPINGBREACH
3h agoREAD

Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials

Malicious packages on npm and PyPI are distributing stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications.

SECURITYWEEKBREACH
6h agoREAD

Accenture Confirms Data Breach After Hacker Claims Source Code Theft

Accenture confirmed a security breach after a threat actor offered 35 GB of source code and other data for sale, stating the incident was contained with no operational impact.

BLEEPING
6h agoREAD

Entra passkey enrollment vishing targets Microsoft 365 users

Threat actors are using vishing attacks, impersonating security requests, to trick Microsoft 365 users into enrolling new Entra passkeys.

BLEEPINGBREACH
11h agoREAD

Telco giant KDDI says data breach affects over 12 million people

Japanese telecom giant KDDI reported a data breach impacting over 12 million users, with email addresses and passwords exposed from an email platform used by five ISPs.

DARK READINGMALWARE
6h agoREAD

Vidar Infostealer Hammers SMBs via Malvertising Campaign

A financially motivated campaign is using malvertising, often with lures of cracked software, to deliver Vidar infostealer and cryptomining malware to SMBs.

THNMALWARE
7h agoREAD

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

Researchers discovered "HalluSquatting," an attack where threat actors register fake package names that AI coding assistants hallucinate, leading users to install malicious software.

THN
5h agoREAD

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

Sophos research indicates that AI coding agents like Claude Code and OpenAI Codex trigger endpoint security rules designed for human intruders due to their behavioral patterns, though they are not malicious.

Generated twice daily from public security RSS feeds. Informational only.