← Latest brief

Security news.

·Morning Brief

Today's cybersecurity landscape is marked by critical vulnerabilities across widely used software and active exploitation. Zimbra and U-Boot users are urged to patch immediately, while AI systems face novel injection and hallucination attacks. Authorities are also making strides in prosecuting ransomware operators and disrupting cybercrime infrastructure.

THNVULN
8h agoREAD

Critical Zimbra Flaw Allows Malicious Code via Crafted Emails

A critical stored XSS vulnerability in the Zimbra Classic Web Client allows specially crafted emails to execute arbitrary code in a user's session. Users are urged to apply updates immediately.

BLEEPINGAI
5h agoREAD

'Ghostcommit' Hides Prompt Injection in Images to Fool AI Agents

Researchers demonstrated a technique dubbed 'Ghostcommit' where a PNG image containing a prompt injection could trick AI code reviewers and agents into exfiltrating repository secrets.

VULN
READ

New U-Boot Flaws Enable Stealthy Firmware Attacks

Six vulnerabilities have been found in the U-Boot bootloader, allowing attackers to execute malicious code during device boot, potentially leading to persistent malware and compromised security.

THNADVISORY
22h agoREAD

Progress Software Urges ShareFile Customers to Shut Down Servers

Progress Software has issued an urgent advisory for ShareFile customers using Storage Zone Controllers to immediately shut down their Windows servers due to a "credible external security threat."

CISAKEV
1d agoREAD

CISA Adds Two Known Exploited Vulnerabilities to KEV Catalog

CISA has added CVE-2026-48939 (iCagenda Unrestricted File Upload) and CVE-2026-56291 (Balbooa Forms Unrestricted File Upload) to its KEV Catalog, indicating active exploitation.

THNSUPPLY CHAIN
22h agoREAD

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Threat actors compromised Injective Labs SDK's GitHub to publish a malicious npm package (@injectivelabs/[email protected]) designed to steal cryptocurrency wallet private keys and mnemonic seed phrases.

BLEEPINGEXPLOIT
23h agoREAD

Hackers Exploit Critical Auth Bypass in Gitea Docker Image

A critical vulnerability in the official Gitea self-hosted Git service Docker image is being actively exploited, allowing attackers to impersonate any user, including administrators.

BLEEPINGRANSOMWARE
21h agoREAD

Ryuk Ransomware Member Pleads Guilty in the US

A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the Ryuk ransomware, facing up to 15 years in prison.

Generated twice daily from public security RSS feeds. Informational only.