TrueConf and EvilTokens Zero-Day Exploits Emerge — BleepingComputer

Hackers are exploiting a zero-day vulnerability in TrueConf conference servers, allowing them to push malicious software updates. Concurrently, a new malicious kit named EvilTokens is enabling device code phishing attacks targeting Microsoft services. These developments underline the critical need for immediate patching and enhanced monitoring of network traffic to prevent unauthorized access. Organizations using TrueConf and Microsoft services should prioritize these updates to mitigate risks.

Oklahoma Tax Commission and Hasbro Hit by Data Breaches — Google News Security

The Oklahoma Tax Commission has confirmed a massive data breach impacting taxpayer files, while Hasbro reports a cyberattack that will take weeks to recover from. These incidents highlight vulnerabilities in data storage and the potential for significant operational disruptions. Security teams should review data protection strategies and incident response plans to safeguard sensitive information and ensure rapid recovery from breaches.

• Nissan says stolen data came from third-party vendor after hacking group claims breach - The Record from Recorded Future News [Google News Security]
• Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass [The Hacker News]
• New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released [The Hacker News]
• Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 [The Hacker News]