← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights critical threats, including active exploitation of vulnerabilities in Gitea Docker and the addition of two more CVEs to CISA's KEV catalog. Progress Software has issued an urgent warning to ShareFile customers regarding a "credible external security threat" and law enforcement continues to pursue ransomware actors, with one Ryuk member pleading guilty.

THN
5h agoREAD

Progress Urges ShareFile Customers to Shut Down Storage Zone Controllers

Progress Software is advising ShareFile customers using Storage Zone Controllers to immediately shut down their Windows servers due to a "credible external security threat."

BLEEPINGEXPLOIT
6h agoREAD

Hackers Actively Exploit Critical Auth Bypass in Gitea Docker Image

A critical vulnerability in the official Docker image for Gitea, a self-hosted Git service, is being actively exploited, allowing attackers to impersonate any user, including administrators.

CISAKEV
9h agoREAD

CISA Adds Two New Exploited Vulnerabilities to KEV Catalog

CISA has added CVE-2026-48939 (iCagenda Unrestricted File Upload) and CVE-2026-56291 (Balbooa Forms Unrestricted File Upload) to its Known Exploited Vulnerabilities Catalog due to active exploitation.

THN
5h agoREAD

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Threat actors compromised the Injective Labs SDK's GitHub repository to publish a malicious npm package (@injectivelabs/[email protected]) designed to steal cryptocurrency wallet private keys and mnemonic seed phrases.

BLEEPINGRANSOMWARE
4h agoREAD

Ryuk Ransomware Member Pleads Guilty in US, Faces 15 Years

An Armenian national has pleaded guilty in the U.S. to hacking companies and deploying Ryuk ransomware, potentially facing 15 years in prison.

SECURITYWEEKRANSOMWARE
8h agoREAD

Third US Security Expert Sentenced for Helping Ransomware Gang

Angelo Martino, a former ransomware negotiator, was sentenced to 70 months in prison for aiding the BlackCat/Alphv ransomware group in attacks against U.S. companies.

THNVULN
5h agoREAD

Six New U-Boot Flaws Could Allow Devices to Crash or Run Malicious Code

Firmware security researchers discovered six new vulnerabilities in U-Boot, a bootloader used in various devices, with two critical flaws potentially allowing arbitrary code execution at boot.

BLEEPINGPATCH
10h agoREAD

Zimbra Urges Customers to Patch Critical Web Client XSS Flaw

Zimbra has issued an urgent advisory for customers to patch a critical cross-site scripting (XSS) vulnerability affecting the Classic Web Client in Zimbra Collaboration suite.

Generated twice daily from public security RSS feeds. Informational only.