7-Eleven Breach Exposes Sensitive Data in SQL Injection Exploit — Google News Security

7-Eleven suffered a data breach where franchise applicants' Social Security Numbers were exposed by the ShinyHunters group. The breach is linked to a large-scale campaign exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS. This incident underscores the importance of securing web applications against SQL injection attacks, which can lead to significant data exposure and potential identity theft.

Microsoft Releases Emergency Patches for Zero-Day Vulnerabilities — Google News Security (JP)

Microsoft has issued emergency patches for two zero-day vulnerabilities, RedSun (CVE-2026-41091) and UnDefend (CVE-2026-45498), which are being actively exploited. These vulnerabilities affect Windows systems and can lead to remote code execution and privilege escalation. Security teams should prioritize applying these patches to prevent potential exploitation and mitigate risks associated with these critical vulnerabilities.

• Storms in Mason County cause breach at data center, resulting in flooded neighborhoods - WCHS [Google News Security]
• StubZero：谷歌云生产环境中的 RCE 漏洞 - 51CTO [Google News Security (CN)]
• Trend Micro Apex One（オンプレミス版）のゼロデイ脆弱性 CVE-2026-34926がサイバー攻撃に悪用 - 合同会社ロケットボーイズ [Google News Security (JP)]
• NGINX Riftの次は“poolslip” NGINX最新版に未修正のゼロデイ：前回の修正では不十分 - ITmedia [Google News Security (JP)]
• Substack data breach exposes emails and phone numbers - AOL.com [Google News Security]