← Latest brief

Security news.

·Morning Brief

Today's security brief highlights critical vulnerabilities, with a new WordPress core flaw allowing unauthenticated code execution and zero-days actively exploited in SonicWall SMA appliances. Additionally, CISA has added several Fortinet and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities Catalog, urging immediate patching.

THNVULN
17h agoREAD

New wp2shell WordPress Core Flaw Allows Unauthenticated Code Execution

A critical flaw in WordPress core, affecting versions 6.9 and 7.0, allows unauthenticated attackers to run code with a bare install. Working proof-of-concept code is now public.

DARK READINGRANSOMWARE
19h agoREAD

Inc Ransomware Exploits SonicWall SMA Zero-Days

The Inc ransomware group is actively exploiting two zero-day vulnerabilities in SonicWall's mobile access appliances, which, when chained, grant root-level capabilities to threat actors.

BLEEPINGEXPLOIT
1d agoREAD

CISA Urges Immediate Action on Actively Exploited Fortinet Flaws

CISA has added two actively exploited vulnerabilities (CVE-2026-25089, CVE-2026-39808) in Fortinet FortiSandbox to its KEV Catalog, mandating urgent patching by federal agencies.

CISAKEV
2d agoREAD

CISA Adds Microsoft SharePoint Deserialization Flaw to KEV Catalog

A critical-severity Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-58644) has been added to CISA's KEV Catalog due to active exploitation, allowing remote authenticated attackers to execute arbitrary code.

THNVULN
18h agoREAD

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

A denial-of-service vulnerability, dubbed HollowByte, allows unauthenticated attackers to cause OpenSSL servers to set aside significant memory with just an 11-byte TLS request, potentially leading to server freezes.

BLEEPINGZERO-DAY
1d agoREAD

New Windows LegacyHive Zero-Day Grants Admin Privileges

A security researcher has released a new Windows zero-day exploit, "LegacyHive," which allows attackers to escalate privileges on fully updated Windows systems.

BLEEPING
18h agoREAD

Abbott Laboratories Probes Two Cyber Incidents Amid Extortion Claims

Abbott Laboratories is investigating two separate cybersecurity incidents involving unauthorized access to internal legacy Exact Sciences systems and a separate claim of data theft from its LabCentral portal.

THNBREACH
22h agoREAD

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

The April 2026 DigiCert security incident, involving the theft of code-signing certificates, has been attributed to CylindricalCanine, a subgroup of the Chinese cybercrime group GoldenEyeDog (APT-Q-27).

Generated twice daily from public security RSS feeds. Informational only.