← Latest brief

Security news.

·Afternoon Brief

Today's cybersecurity news is dominated by actively exploited vulnerabilities, with CISA issuing urgent advisories for Fortinet and SharePoint flaws. We're also seeing new botnet threats targeting AI services and a surge in malicious software supply chain attacks.

THNZERO-DAY
15h agoREAD

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

CISA has added a critical SharePoint Server remote code execution flaw (CVE-2026-58644) to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch by July 19.

BLEEPINGEXPLOIT
14h agoREAD

CISA Urges Immediate Action on Actively Exploited Fortinet Flaws

CISA has ordered government agencies to patch two actively exploited OS command injection vulnerabilities in Fortinet FortiSandbox (CVE-2026-25089, CVE-2026-39808).

BLEEPINGZERO-DAY
10h agoREAD

New Windows LegacyHive Zero-Day Grants Admin Privileges

A researcher released a Windows zero-day exploit, "LegacyHive," enabling privilege escalation on up-to-date Windows systems.

THNSUPPLY CHAIN
2h agoREAD

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Researchers uncovered "ViteVenom," a software supply chain attack involving seven malicious npm packages targeting Vite, leveraging a four-tier blockchain-based C2 infrastructure.

THNAI
4h agoREAD

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A new Go botnet, NadMesh, is actively scanning for and exploiting exposed AI services like ComfyUI and Ollama to steal AWS keys and Kubernetes tokens.

BLEEPINGMALWARE
3h agoREAD

HollowByte DDoS Flaw Bloats OpenSSL Server Memory with 11-byte Payload

A new vulnerability, "HollowByte," allows unauthenticated attackers to trigger a denial-of-service on OpenSSL servers using a minimal 11-byte payload.

THNBREACH
5h agoREAD

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

The April 2026 DigiCert security incident has been attributed to CylindricalCanine, a sub-group of the Chinese cybercrime group GoldenEyeDog (APT-Q-27).

BLEEPINGBREACH
6h agoREAD

Ernst & Young Discloses Data Breach After Support System Hack

Ernst & Young is notifying customers about a data breach stemming from the compromise of a third-party support ticket system used by its IT staff.

Generated twice daily from public security RSS feeds. Informational only.