⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-04-29 08:46
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below -
CVE-2024-1708 (CVSS score: 8.4) - A path traversal vulnerability in ConnectWise ScreenConnect
BleepingComputer
| 2026-04-29 08:38
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. [...]
The Register
| 2026-04-29 06:32
Yet another reason not to feast on OpenClaw Thirty ClawHub skills published by a single author are silently co-opting AI agents and creating a mass cryptocurrency mining swarm – without any malware or user consent.…
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-04-29 05:34
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.
The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying
SANS ISC
| 2026-04-29 02:00
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Exploit-DB
| 2026-04-29 00:00
OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)
Exploit-DB
| 2026-04-29 00:00
OpenKM 6.3.12 - Multiple
Exploit-DB
| 2026-04-29 00:00
GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)
Exploit-DB
| 2026-04-29 00:00
JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution
Exploit-DB
| 2026-04-29 00:00
FacturaScripts 2025.43 - XSS
Exploit-DB
| 2026-04-29 00:00
Xibo CMS 4.3.0 - RCE via SSTI
Exploit-DB
| 2026-04-29 00:00
Fedora - Local Privilege Escalation
Exploit-DB
| 2026-04-29 00:00
LangChain Core 1.2.4 - SSTI/RCE
Exploit-DB
| 2026-04-29 00:00
Atlona ATOMERX21 - Authenticated Command Injection
Dark Reading
| 2026-04-28 21:38
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.
BleepingComputer
| 2026-04-28 21:25
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. [...]
⚠️ ZERO-DAY DETECTED
BleepingComputer
| 2026-04-28 21:07
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. [...]
Dark Reading
| 2026-04-28 20:38
Chris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and "enculturation."
Dark Reading
| 2026-04-28 20:13
When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations.
Dark Reading
| 2026-04-28 19:07
The malware has filled the gap created by last year's law enforcement takedowns of Lumma and Rhadamanthys.
BleepingComputer
| 2026-04-28 19:04
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. [...]
The Register
| 2026-04-28 18:36
'Full recovery is impossible for anyone, including the attacker' Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That's because the ransomware Vect uses isn't actually ransomware at all, but a wiper that destroys any file larger than 128KB.…
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-04-28 18:19
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command.
The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve
The Hacker News
| 2026-04-28 17:39
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot).
"The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company ZenoX said in a technical report. "It uses the official game icon to induce voluntary execution,
BleepingComputer
| 2026-04-28 15:39
A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. [...]
Dark Reading
| 2026-04-28 14:59
Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.
BleepingComputer
| 2026-04-28 14:50
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]
The Register
| 2026-04-28 14:15
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump Updated Logistics technology company Pitney Bowes, which makes franking machines for US postage, is the latest scalp claimed by ShinyHunters and its ongoing spree of pay-or-leak attacks against major organizations.…
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-04-28 14:01
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors.
The fact that VECT's locker permanently destroys large files rather than encrypting them means even victims who opt to
SANS ISC
| 2026-04-28 13:28
This weekend, we saw a few requests to our honeypot that included an "X-Vercel-Set-Bypass-Cookie" header. A sample request:
BleepingComputer
| 2026-04-28 13:18
Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. [...]
BleepingComputer
| 2026-04-28 12:50
Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separation, and long-term evasion strategies. [...]
The Hacker News
| 2026-04-28 11:58
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done.
That assumption is wrong. It is also a major reason Zero Trust programs stall.
New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-04-28 11:18
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.
The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the
⚠️ ZERO-DAY DETECTED
Schneier on Security
| 2026-04-28 11:06
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have...
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-04-28 10:30
When patching isn’t fast enough, NDR helps contain the next era of threats.
If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast.
Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities and subtle cracks
The Register
| 2026-04-28 10:00
Linux vendor touts European independence at SUSECON as majority stakeholder quietly explores its options European-based SUSE devoted much of the annual SUSECON event to its sovereignty-focused pitch - even as reports swirl that its majority stakeholder is exploring a $6 billion sale which could land the Linux vendor in American hands.…