← Latest brief

Security news.

·Morning Brief

Today's cybersecurity landscape highlights critical patches and active exploitation alongside emerging threats to AI systems and IoT devices. CISA has issued urgent directives for federal agencies to address actively exploited vulnerabilities, while new macOS malware and AI-driven attack vectors demonstrate the evolving methods of cybercriminals.

BLEEPINGEXPLOIT
4h agoREAD

CISA Orders Feds to Patch Actively Exploited Oracle Flaw by Saturday

CISA has mandated federal agencies to patch a critical, actively exploited vulnerability in Oracle E-Business Suite financial applications by Saturday to prevent ongoing attacks.

SECURITYWEEKPHISHING
2h agoREAD

‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing

A new macOS malware, "ClickLock Stealer," has targeted at least 100 users by using social engineering and process termination to steal passwords and cryptocurrency.

THNBREACH
3h agoREAD

20+ Hijacked Government Websites Became an Attack Channel

More than 20 Brazilian government websites were compromised and used as malware delivery channels in an active PhantomEnigma campaign, revealing new backdoor behaviors and attack infrastructure.

THNAI
3h agoREAD

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

Researchers have identified a new "agent data injection" attack where a single planted piece of information can cause AI agents to perform unintended actions, like making purchases or running arbitrary commands.

SECURITYWEEKPATCH
4h agoREAD

Splunk, Zoom Patch Critical Vulnerabilities

Splunk and Zoom have released patches for critical vulnerabilities that could allow attackers to access credentials, steal data, take over accounts, and escalate privileges.

BLEEPINGNATION-STATE
5h agoREAD

Russian Hackers Trojanize WebEx, Zoom Apps to Push Starland Malware

A Russian threat actor (UAT-11795) is distributing the new Starland RAT by trojanizing legitimate WebEx and Zoom applications to steal credentials and cryptocurrency.

THNPATCH
6h agoREAD

Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

An unpatched vulnerability in Shark RV2320EDUS robot vacuums could allow attackers to gain root access and control other devices in the same AWS region, potentially accessing cameras, maps, and Wi-Fi passwords.

SECURITYWEEK
7h agoREAD

Old UEFI Shims Expose Systems to Secure Boot Bypass

Vulnerable UEFI shim bootloaders, signed by Microsoft, could be exploited to bypass Secure Boot on any system, regardless of the operating system.

Generated twice daily from public security RSS feeds. Informational only.