Security Brief Daily

Security Brief Daily

News EN ↓ 72 episodes

A daily AI-generated cybersecurity briefing. Fresh threat intelligence, vulnerability roundups, and infosec news — concise, clear, and delivered every day.

Author

Security Brief Daily

Category

News

Podcast website

podcast.offsecbits.com

Latest episode

Jun 20, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Jun 20, 2026 · #86 20.06.2026

Episode 86 — 20 Jun 2026 1. CISA: Splunk Enterprise flaw actively exploited, patch by Sunday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. Tracked as CVE-2026-20253 , this security flaw affects Splunk... 2....

Jun 19, 2026 · #85 19.06.2026

Episode 85 — 19 Jun 2026 1. F5 issues out-of-band patches for critical NGINX vulnerabilities Source: Bleeping Computer Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. The two critical vulnerabilities were found in the... 2....

Jun 18, 2026 · #84 18.06.2026

Episode 84 — 18 Jun 2026 1. FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Source: Bleeping Computer Update: Added Fortinet's statement to the end of the article. A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. The exposed data was first....

Jun 17, 2026 · #83 17.06.2026

Episode 83 — 17 Jun 2026 1. Microsoft working on Defender patch for RoguePlanet zero-day Source: Bleeping Computer Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. The security researcher who published a RoguePlanet exploit during the June 2026 Patch Tuesday (known as Nightmare Eclipse) said it... 2. Kodak...

Jun 16, 2026 · #82 16.06.2026

Episode 82 — 16 Jun 2026 1. Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Source: The Hacker News Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of....

Jun 12, 2026 · #81 12.06.2026

Episode 81 — 12 Jun 2026 1. CISA orders feds to patch actively exploited Ivanti flaw by Sunday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. Tracked as CVE-2026-10520 , this... 2. Ora...

Jun 11, 2026 · #80 11.06.2026

Episode 80 — 11 Jun 2026 1. Path traversal flaw in AI dev platform Langflow exploited in attacks Source: Bleeping Computer Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. Langflow is an open-source visual platform for building AI applications, AI agents,... 2. Microso...

Jun 10, 2026 · #79 10.06.2026

Episode 79 — 10 Jun 2026 1. Ivanti: Max severity Sentry flaw allows code execution as root Source: Bleeping Computer Security software company Ivanti has released patches to address two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. Formerly known as MobileIron... 2. Micros...

Jun 09, 2026 · #78 09.06.2026

Episode 78 — 09 Jun 2026 1. Google patches new Chrome zero-day flaw exploited in the wild Source: Bleeping Computer Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. "Google is aware that an exploit for CVE-2026-11645 exists in the wild," the company said in a... 2. CISA...

Jun 05, 2026 · #77 05.06.2026

Episode 77 — 05 Jun 2026 1. Cisco warns of unpatched SD-WAN zero-day exploited in attacks Source: Bleeping Computer On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245 ) actively exploited in attacks enabling root privilege escalation. The zero-day flaw impacts all deployment types, including On-Prem Deployment,... 2. Hac...

Jun 04, 2026 · #76 04.06.2026

Episode 76 — 04 Jun 2026 1. CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in... 2....

Jun 02, 2026 · #75 02.06.2026

Episode 75 — 02 Jun 2026 1. Critical Windows Netlogon RCE flaw now exploited in attacks Source: Bleeping Computer The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. Netlogon is a remote procedure call (RPC) interface... 2. Hacker...

Jun 01, 2026 · #74 01.06.2026

Episode 74 — 01 Jun 2026 1. Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Source: Bleeping Computer Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be...

May 31, 2026 · #73 31.05.2026

Episode 73 — 31 May 2026 1. Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Source: Bleeping Computer Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be...

May 30, 2026 · #72 30.05.2026

Episode 72 — 30 May 2026 1. PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Source: The Hacker News Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authenticat...

May 29, 2026 · #71 29.05.2026

Episode 71 — 29 May 2026 1. Hackers exploit FortiClient EMS flaw to push infostealer malware Source: Bleeping Computer Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker disguised the malware as an update for Fortinet endpoints and executed it... 2. N...

May 28, 2026 · #70 28.05.2026

Episode 70 — 28 May 2026 1. CISA gives feds 4 days to patch actively exploited cPanel plugin flaw Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. Tracked as CVE-2026-48172...

May 27, 2026 · #69 27.05.2026

Episode 69 — 27 May 2026 1. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems......

May 26, 2026 · #68 26.05.2026

Episode 68 — 26 May 2026 1. CISA orders feds to patch actively exploited Drupal vulnerability Source: Bleeping Computer CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. Drupal is typically used by large organizations managing massive......

May 23, 2026 · #65 23.05.2026

Episode 65 — 23 May 2026 1. Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is... 2. Ubiqui...

May 22, 2026 · #64 22.05.2026

Episode 64 — 22 May 2026 1. Max severity Cisco Secure Workload flaw gives Site Admin privileges Source: Bleeping Computer Cisco has released security updates to address a maximum-severity Secure Workload vulnerability that allows attackers to gain Site Admin privileges. Formerly known as Cisco Tetration, Cisco Secure Workload helps admins reduce their network's attack surface through zero trust......

May 21, 2026 · #63 21.05.2026

Episode 63 — 21 May 2026 1. Microsoft warns of new Defender zero-days exploited in attacks Source: Bleeping Computer On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. The first one, tracked as CVE-2026-41091 , is a privilege escalation security flaw affecting Microsoft Malware Protection Engine... 2. Hackers...

May 20, 2026 · #62 20.05.2026

Episode 62 — 20 May 2026 1. Microsoft shares mitigation for YellowKey Windows zero-day Source: Bleeping Computer Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. The security flaw was disclosed last week by an anonymous security researcher known as 'Nightmare Eclipse,' who described it... 2. Grafan...

May 19, 2026 · #61 19.05.2026

Episode 61 — 19 May 2026 1. INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers Source: Bleeping Computer More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa. Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon,... 2. New W...

May 16, 2026 · #58 16.05.2026

Episode 58 — 16 May 2026 1. Microsoft warns of Exchange zero-day flaw exploited in attacks Source: Bleeping Computer On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. Microsoft describes this security flaw... 2. F...

Listen to the Security Brief Daily podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.