← Latest brief

Security news.

·Morning Brief

Today's security brief highlights critical unpatched vulnerabilities in AI coding tools and browser extensions, alongside significant patches from SAP and warnings about state-sponsored cyberattacks. Phishing campaigns targeting Microsoft 365 accounts with MFA bypass techniques also remain a major threat.

SECURITYWEEKPATCH
14h agoREAD

Unpatched Claude for Chrome Flaw Exposes Gmail, Calendar

A persistent "ClaudeBleed"-linked vulnerability in the Claude for Chrome extension reportedly allows other extensions to access sensitive user data, despite eight previous patches.

DARK READING
14h agoREAD

Cursor IDE Auto-Executes Malicious Code in Poisoned Repos

The Cursor AI coding platform remains vulnerable to attacks where it auto-executes malicious code from poisoned repositories, a flaw reported in December 2025 that still persists.

BLEEPINGPHISHING
14h agoREAD

New Phishing Kits Target Microsoft 365, Bypass MFA

Two new phishing kits, Jalisco and OmegaLord, are actively used in attacks against Microsoft 365 accounts, employing techniques to bypass multi-factor authentication.

BLEEPINGPATCH
15h agoREAD

SAP Patches Critical Vulnerabilities in NetWeaver, Commerce Cloud

SAP released its July 2026 security updates, addressing 16 vulnerabilities, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter that could allow data access, modification, and system unavailability.

SECURITYWEEK
16h agoREAD

US, Allies Warn of Russian Cyberattacks on Critical Infrastructure Routers

Multiple state-sponsored APTs from Russia are reportedly compromising poorly secured devices across critical infrastructure sector networks, according to a joint warning from the US and its allies.

SECURITYWEEKSUPPLY CHAIN
18h agoREAD

Multiple Jscrambler Packages Hit by Supply Chain Attack

A supply chain attack has poisoned several Jscrambler NPM package versions, injecting a cross-platform credential stealer, with malicious versions downloaded almost 1,500 times.

THN
18h agoREAD

Grok Build Uploaded Entire Git Repositories to xAI Storage

xAI's Grok Build coding CLI, specifically version 0.2.93, was found to be uploading entire Git repositories, including full commit history, to an xAI-operated Google Cloud Storage bucket, instead of just required files.

BLEEPING
14h agoREAD

Microsoft Entra ID to Default to Passkeys Authentication in September

Microsoft announced that passkeys will become the default authentication method for its enterprise identity service, Entra ID, beginning in September 2026, enhancing security for corporate accounts.

Generated twice daily from public security RSS feeds. Informational only.