← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights a record-breaking Patch Tuesday from Microsoft, addressing numerous critical flaws, alongside urgent advisories for actively exploited vulnerabilities in SharePoint and SonicWall products. The impact of AI on cybersecurity is also a prominent theme, with reports of LLM-assisted botnet development, AI-driven vulnerability discovery, and even an AI assistant being abused for account takeovers.

THN
8h agoREAD

Critical Updates for Firefox, Chrome, Adobe, and VMware

Mozilla has released updates fixing two critical flaws in Firefox (CVE-2026-15718, CVE-2026-15719) with public exploit code, urging immediate patching.

SECURITYWEEKEXPLOIT
7h agoREAD

CISA Urges Patching of Exploited SharePoint Vulnerabilities

CISA advises immediate patching for three actively exploited SharePoint vulnerabilities, including two zero-days, that allow remote code execution and unauthorized access.

THNEXPLOIT
16h agoREAD

Two SonicWall SMA 1000 Zero-Days Actively Exploited

SonicWall has warned about active exploitation of two zero-day vulnerabilities (CVE-2026-15409, CVE-2026-15410) in SMA 1000 series appliances, one of which can lead to arbitrary command execution.

PATCH
READ

Unpatched Cursor Vulnerability Exposes Users to Code Execution

An unpatched vulnerability in the Cursor IDE allows attackers to execute arbitrary code by creating a malicious Git repository containing a `git.exe` in the project root, which Cursor automatically runs.

BLEEPINGSUPPLY CHAIN
5h agoREAD

AsyncAPI npm Packages Infected with Credential-Stealing Malware

Five malicious versions of AsyncAPI packages were published to npm in a supply-chain attack, distributing a remote access trojan with info-stealing capabilities.

BLEEPINGMALWARE
3h agoREAD

Google Gemini CLI Abused as Hacking Agent and Botnet Operator

A Russian-speaking threat actor known as "bandcampro" has been observed abusing Google's open-source Gemini CLI AI tool to act as a hacking agent and operate a small-scale botnet.

THNAI
2h agoREAD

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

Researchers found a new IoT botnet framework, TuxBot v3 Evolution, that appears to have been developed with assistance from a large language model (LLM), despite some unsuccessful attempts.

SECURITYWEEKZERO-DAY
11h agoREAD

Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption

Progress has confirmed a zero-day vulnerability caused a disruption in ShareFile and has released a fix, urging Storage Zones Controller customers to apply it immediately.

Generated twice daily from public security RSS feeds. Informational only.