Aura Discloses Data Breach Impacting 900,000 Records
Security firm Aura disclosed a data breach caused by a phone phishing attack targeting an employee, which allowed attackers to access the account for approximately one hour. The company responded by terminating access, activating its incident response plan, and engaging external experts and law enforcement.
Source: SecurityWeek

Apple Fixes WebKit Vulnerability Allowing Same Origin Policy Bypass
Apple released security updates addressing a WebKit vulnerability that could be exploited to bypass the same origin policy using specially crafted web content. The flaw affects iOS, iPadOS, and macOS and has been mitigated through improved input validation.
Source: The Hacker News

New ClickFix Scam Tricks Users Into Mapping Attacker Controlled Drives
A new ClickFix variant manipulates users into executing malicious commands through the Windows Run dialog. The attack uses fake CAPTCHA pages that instruct users to paste and run commands already copied to their clipboard, effectively granting attackers access without traditional malware.
Source: Hackread

Critical ScreenConnect Flaw Exposes Server Level Cryptographic Keys
A vulnerability tracked as CVE-2026-3564 could allow attackers to access sensitive cryptographic material on the server due to improper handling of secrets in older versions. This could lead to unauthorized control over affected systems.
Source: SecurityOnline

KVM Devices Highlighted as Overlooked Security Risk
Research shows that compromising KVM devices can give attackers full control over connected systems at a level below the operating system. This allows bypassing security controls such as EDR, disk encryption, and Secure Boot.
Source: Eclypsium