← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights critical vulnerabilities, with CISA adding three new actively exploited flaws to its KEV catalog. We also see significant developments in cybercrime, including prison sentences for Scattered Spider hackers and a new, rapid ransomware strain. AI-related security concerns are prominent, with a Claude extension flaw and new injection attacks demonstrating risks to AI agents.

CISAKEV
9h agoREAD

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added CVE-2026-25089 and CVE-2026-39808 (Fortinet FortiSandbox OS Command Injection) and CVE-2026-58644 (Microsoft SharePoint Deserialization of Untrusted Data) to its KEV Catalog, urging agencies to patch due to active exploitation.

BLEEPINGAI
2h agoREAD

Claude Chrome extension flaw lets malicious extensions trigger AI actions

A vulnerability in Anthropic's Claude for Chrome extension could allow malicious extensions to simulate user clicks and abuse Claude's access to services like Gmail and Salesforce.

THNAI
10h agoREAD

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

Researchers demonstrate "Agent Data Injection" attacks where manipulated input can cause AI agents to perform unintended actions, such as clicking "Buy Now" or executing attacker commands.

THNBREACH
4h agoREAD

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Owen Flowers, 18, and Thalha Jubair, 20, members of the Scattered Spider group, were sentenced to five and a half years in prison for the 2024 hack of Transport for London, which cost £29 million.

BLEEPINGRANSOMWARE
11h agoREAD

New Spirals ransomware encrypts victim network in under 24 hours

A new ransomware group, Spirals, has demonstrated the ability to compromise, exfiltrate data from, and encrypt victim networks in under 24 hours.

THNBREACH
9h agoREAD

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

The new ClickLock Stealer malware for macOS employs social engineering and continuous application termination to pressure users into entering their login password.

BLEEPINGBREACH
2h agoREAD

New OkoBot framework deploys 20 payloads to steal data, crypto

A new sophisticated malicious framework named OkoBot is delivering over 20 different payloads to steal cryptocurrency wallet seed phrases, credentials, and other sensitive data.

BLEEPINGBREACH
8h agoREAD

23andMe to pay $18 million in new genetics data breach settlement

Genetic testing company 23andMe has agreed to an $18 million settlement with 43 attorneys general over claims it failed to adequately protect customer genetic data during a previous breach.

Generated twice daily from public security RSS feeds. Informational only.