← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights critical vulnerabilities requiring immediate attention across popular software, alongside a surge in infostealer attacks. Active exploitation and public exploits underscore the urgency for patching systems like WordPress and 7-Zip, while Microsoft warns of increased ACR Stealer activity.

BLEEPINGRCE
8h agoREAD

Public Exploits Released for WordPress "wp2shell" RCE Flaws

Critical remote code execution vulnerabilities in WordPress Core now have public exploits, urging immediate patching for all administrators, especially for versions 6.9 and 7.0.

BLEEPINGRCE
6h agoREAD

7-Zip Patches RCE Flaw Exploitable via Malicious Archives

7-Zip version 26.02 addresses a remote code execution vulnerability (RCE) that could allow attackers to execute arbitrary code if users open specially crafted compressed files. Users should update immediately.

BLEEPINGBREACH
11h agoREAD

Microsoft Warns of Increased ACR Stealer Attacks

Microsoft reports a surge in attacks using ACR Stealer malware to exfiltrate browser-stored passwords, authentication tokens, and sensitive documents from enterprise customers.

DARK READINGRANSOMWARE
1d agoREAD

Inc Ransomware Exploits SonicWall SMA Zero-Days

The Inc Ransomware group is actively exploiting two zero-day vulnerabilities in SonicWall's mobile access (SMA) appliances, which when chained, allow attackers to gain root-level access.

BLEEPINGZERO-DAY
1d agoREAD

New Windows LegacyHive Zero-Day Grants Admin Privileges

A newly disclosed Windows zero-day exploit, dubbed LegacyHive, allows attackers to escalate privileges on fully updated Windows systems.

CISAKEV
2d agoREAD

CISA Adds Three Vulnerabilities to KEV Catalog

CISA has added CVE-2026-25089 and CVE-2026-39808 (Fortinet FortiSandbox OS Command Injection) and CVE-2026-58644 (Microsoft SharePoint Deserialization of Untrusted Data) to its Known Exploited Vulnerabilities Catalog.

THNVULN
1d agoREAD

OpenSSL HollowByte Flaw Leads to DoS with 11-Byte Requests

A vulnerability named HollowByte allows unauthenticated attackers to cause a denial-of-service (DoS) on OpenSSL servers by sending an 11-byte malicious payload, leading to memory bloat.

RANSOMWARE
READ

Coca-Cola Suspends Fairlife Production Due to Ransomware

Coca-Cola has suspended production at its US Fairlife facilities following a ransomware attack, with the full scope and impact still under investigation.

Generated twice daily from public security RSS feeds. Informational only.