Vendors
-
Exim patches BDAT flaw that could lead to code execution
Exim has patched CVE-2026-45185, a use-after-free flaw in BDAT parsing that could lead to memory corruption and possible code execution in affected GnuTLS-based builds. Version 4.99.3 fixes the issue.
-
Skoda says customer data stolen in online shop breach
Škoda Auto said attackers breached its online shop, stole customer personal data and accessed login credentials after exploiting a software flaw. The company said payment card details were not stored on the compromised systems.
-
RubyGems pauses new signups after major malicious attack
RubyGems has temporarily paused new account signups after what the article described as a major malicious attack involving hundreds of packages. Mend.io said it will share more details once the incident is contained.
-
Instructure reaches ransom agreement after Canvas data breach
Instructure said it reached an agreement with an unauthorized actor after a Canvas breach that exposed data tied to thousands of schools and universities, including about 275 million records. The company said stolen data was returned and no customers will be separately extorted.
-
Apple adds beta end-to-end encryption to RCS chats in iOS 26.5
Apple released iOS 26.5 with beta end-to-end encryption for RCS chats on iPhone and Android, enabled by default for supported users. The update also fixes more than 50 vulnerabilities in iOS and iPadOS.
-
Checkmarx says modified Jenkins plugin was published in supply chain attack
Checkmarx said a modified Jenkins AST plugin was published to the Jenkins Marketplace and warned users to stay on an older safe version. The incident is the latest attack linked to TeamPCP in a broader supply chain campaign.
-
Ivanti says EPMM flaw exploited in limited attacks, CISA adds it to watchlist
Ivanti said a high-severity flaw in its Endpoint Manager Mobile software has been used in limited attacks and can allow remote code execution on affected on-premises systems. CISA added the issue to its exploited vulnerability catalog.
-
US commerce unit expands AI model testing agreements with Google, Microsoft and xAI
A US commerce unit has signed agreements with Google DeepMind, Microsoft and xAI to test frontier AI models before release, joining earlier deals with Anthropic and OpenAI as Washington weighs broader oversight.
-
Google expands Android binary transparency to verify apps and modules
Google has expanded Android binary transparency for production apps and Mainline modules released after May 1, 2026, adding a public cryptographic ledger meant to confirm that device software matches what was intended to ship.
-
Palo Alto says PAN-OS flaw is under active exploitation
Palo Alto Networks said a critical PAN-OS buffer overflow flaw is being exploited in the wild and can let unauthenticated attackers run code with root privileges on exposed firewalls.
