List cybersec
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
{ "priority": "HIGH", "cve": "N/A", "target": "npm package @validate-sdk/v2", "threat_actor": "DPRK", "patch_ready": false, "insight": "Researchers discovered malicious code in the @valida..
4:10 pm, April 29, 2026 Cybersecurity
cPanel, WHM emergency update fixes critical auth bypass bug
{ "priority": "CRITICAL", "cve": "N/A", "target": "cPanel and WHM", "threat_actor": "N/A", "patch_ready": true, "insight": "A critical authentication bypass vulnerability in cPanel and WHM..
4:10 pm, April 29, 2026 Cybersecurity
European police dismantles €50 million crypto investment fraud ring
Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 millio..
3:10 pm, April 29, 2026 Cybersecurity
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
{ "priority": "HIGH", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Researchers uncover threat actors using custom AI setups to automate attacks d..
2:10 pm, April 29, 2026 Cybersecurity
Learning from the Vercel breach: Shadow AI & OAuth sprawl
{ "priority": "INFO", "cve": "N/A", "target": "Vercel", "threat_actor": "N/A", "patch_ready": false, "insight": "The Vercel breach highlights the risks of compromised OAuth apps and their ..
2:10 pm, April 29, 2026 Cybersecurity
Today's Odd Web Requests, (Wed, Apr 29th)
Today, two different "new" requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional infor..
2:10 pm, April 29, 2026 Cybersecurity
GitHub fixes RCE flaw that gave access to millions of private repos
{ "priority": "CRITICAL", "cve": "CVE-2026-3854", "target": "GitHub", "threat_actor": "N/A", "patch_ready": true, "insight": "GitHub patched a critical RCE vulnerability allowing access to..
1:10 pm, April 29, 2026 Cybersecurity
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
{"priority":"INFO","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The article discusses the limitations of traditional vulnerability management metrics and the need for..
12:10 pm, April 29, 2026 Cybersecurity
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
{"priority": "CRITICAL", "cve": "N/A", "target": "cPanel", "threat_actor": "N/A", "patch_ready": true, "insight": "cPanel released security updates to address a critical authentication vulnerability t..
11:10 am, April 29, 2026 Cybersecurity
CISA orders feds to patch Windows flaw exploited as zero-day
{ "priority": "CRITICAL", "cve": "N/A", "target": "Windows", "threat_actor": "N/A", "patch_ready": true, "insight": "CISA orders federal agencies to patch a Windows flaw exploited in zero-..
11:10 am, April 29, 2026 Cybersecurity
Microsoft says backend change broke Teams Free chat and calls
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. [...]
9:10 am, April 29, 2026 Cybersecurity
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
{"priority": "CRITICAL", "cve": "CVE-2024-1708", "target": "ConnectWise ScreenConnect", "threat_actor": "N/A", "patch_ready": true, "insight": "CISA adds actively exploited ConnectWise ScreenConnect v..
9:10 am, April 29, 2026 Cybersecurity
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
{ "priority": "CRITICAL", "cve": "CVE-2026-42208", "target": "LiteLLM", "threat_actor": "N/A", "patch_ready": false, "insight": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Ho..
6:10 am, April 29, 2026 Cybersecurity
ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "ISC Stormcast podcast details for April 29th, 2026." }
2:10 am, April 29, 2026 Cybersecurity
Broken VECT 2.0 ransomware acts as a data wiper for large files
{ "priority": "HIGH", "cve": "N/A", "target": "VECT 2.0 ransomware", "threat_actor": "N/A", "patch_ready": false, "insight": "VECT 2.0 ransomware has a flaw in handling encryption nonces, ..
10:10 pm, April 28, 2026 Cybersecurity
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
{ "priority": "CRITICAL", "cve": "CVE-2026-42208", "target": "LiteLLM", "threat_actor": "Hackers", "patch_ready": false, "insight": "Hackers are exploiting a critical pre-auth SQLi flaw in..
9:10 pm, April 28, 2026 Cybersecurity
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
{"priority":"CRITICAL","cve":"CVE-2026-3854","target":"GitHub.com and GitHub Enterprise Server","threat_actor":"N/A","patch_ready":false,"insight":"CVE-2026-3854 is a critical RCE flaw in GitHub and G..
7:10 pm, April 28, 2026 Cybersecurity
Video service Vimeo confirms Anodot breach exposed user data
{ "priority": "MEDIUM", "cve": "N/A", "target": "Vimeo", "threat_actor": "Anodot", "patch_ready": false, "insight": "Vimeo disclosed a data breach caused by unauthorized access to user dat..
7:10 pm, April 28, 2026 Cybersecurity
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
{ "priority": "HIGH", "cve": "N/A", "target": "Minecraft", "threat_actor": "LofyGang", "patch_ready": false, "insight": "Brazilian LofyGang resurfaces with Minecraft LofyStealer campaign t..
6:10 pm, April 28, 2026 Cybersecurity
US reportedly charges Scattered Spider hacker arrested in Finland
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "Scattered Spider", "patch_ready": false, "insight": "A 19-year-old hacker, dual US and Estonian citizen, arrested in F..
4:10 pm, April 28, 2026 Cybersecurity
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
{ "priority": "CRITICAL", "cve": "N/A", "target": "VECT 2.0 Ransomware", "threat_actor": "VECT 2.0", "patch_ready": false, "insight": "VECT 2.0 ransomware permanently destroys files over 1..
3:10 pm, April 28, 2026 Cybersecurity
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
{ "priority": "HIGH", "cve": "N/A", "target": "Checkmarx GitHub repository", "threat_actor": "LAPSUS$", "patch_ready": false, "insight": "LAPSUS$ threat group leaked data stolen from Check..
3:10 pm, April 28, 2026 Cybersecurity
Microsoft to deprecate legacy TLS in Exchange Online starting July
{ "priority": "INFO", "cve": "N/A", "target": "Exchange Online", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft will block legacy TLS connections for POP and IMAP email..
2:10 pm, April 28, 2026 Cybersecurity
HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Detected HTTP requests with X-Vercel-Set-Bypass-Cookie header in honeypot." }
2:10 pm, April 28, 2026 Cybersecurity
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
{"priority":"INFO","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The article discusses the challenges of secure data movement in Zero Trust programs, highlighting that..
1:10 pm, April 28, 2026 Cybersecurity
Inside an OPSEC Playbook: How Threat Actors Evade Detection
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Threat actors are publishing OPSEC playbooks to evade detection, outlining str..
1:10 pm, April 28, 2026 Cybersecurity
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to..
12:10 pm, April 28, 2026 Cybersecurity
After Mythos: New Playbooks For a Zero-Window Era
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The exploit window is closing fast due to advancements in AI, making patching ..
11:10 am, April 28, 2026 Cybersecurity
Microsoft: New Remote Desktop warnings may display incorrectly
{ "priority": "MEDIUM", "cve": "N/A", "target": "Microsoft Windows", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft confirms an issue with new Windows security warnings..
10:10 am, April 28, 2026 Cybersecurity
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
{ "priority": "HIGH", "cve": "N/A", "target": "American organizations and government agencies", "threat_actor": "Silk Typhoon", "patch_ready": false, "insight": "A Chinese national linked ..
9:10 am, April 28, 2026 Cybersecurity
Microsoft asks iPhone users to reauthenticate after Outlook outage
After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail a..
9:10 am, April 28, 2026 Cybersecurity
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
{ "priority": "HIGH", "cve": "CVE-2026-32202", "target": "Windows Shell", "threat_actor": "N/A", "patch_ready": true, "insight": "Microsoft confirms active exploitation of Windows Shell CV..
7:10 am, April 28, 2026 Cybersecurity
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft Entra ID", "threat_actor": "N/A", "patch_ready": true, "insight": "Microsoft patches Entra ID role flaw that enabled service princi..
7:10 am, April 28, 2026 Cybersecurity
ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 28, 2026 Cybersecurity
Robinhood account creation flaw abused to send phishing emails
Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspici..
12:10 am, April 28, 2026 Cybersecurity
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
{ "priority": "HIGH", "cve": "N/A", "target": "OpenVSX ecosystem", "threat_actor": "GlassWorm", "patch_ready": false, "insight": "GlassWorm malware attacks return via 73 OpenVSX 'sleeper' ..
10:10 pm, April 27, 2026 Cybersecurity
Alleged Silk Typhoon hacker extradited to US for cyberespionage
A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. [...]
8:10 pm, April 27, 2026 Cybersecurity
Canada arrests three for operating “SMS blaster” device in Toronto
{ "priority": "LOW", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Canadian authorities arrested three men for operating an SMS blaster device in ..
8:10 pm, April 27, 2026 Cybersecurity
FTC: Americans lost over $2.1 billion to social media scams in 2025
The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in 2025. [...]
5:10 pm, April 27, 2026 Cybersecurity
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Weekly recap of various cybersecurity issues, including malware, supply chain ..
4:10 pm, April 27, 2026 Cybersecurity
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
{ "priority": "MEDIUM", "cve": "N/A", "target": "GitHub Repository", "threat_actor": "Cybercriminal Group", "patch_ready": false, "insight": "Checkmarx confirms data from its GitHub reposi..
4:10 pm, April 27, 2026 Cybersecurity
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
4:10 pm, April 27, 2026 Cybersecurity
Webinar: Spotting cyberattacks before they begin
{"priority":"INFO","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"BleepingComputer hosts a webinar with Flare and researcher Tammy Harper on spotting early warning sign..
3:10 pm, April 27, 2026 Cybersecurity
Home security giant ADT data breach affects 5.5 million people
{ "priority": "HIGH", "cve": "N/A", "target": "ADT", "threat_actor": "ShinyHunters", "patch_ready": false, "insight": "The ShinyHunters extortion group stole personal information of 5.5 mi..
3:10 pm, April 27, 2026 Cybersecurity
Medtronic confirms breach after hackers claim 9 million records theft
{ "priority": "HIGH", "cve": "N/A", "target": "Medtronic", "threat_actor": "N/A", "patch_ready": false, "insight": "Medtronic confirmed a breach where hackers claimed to have stolen 9 mill..
2:10 pm, April 27, 2026 Cybersecurity
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
{ "priority": "HIGH", "cve": "CVE-2026-33634", "target": "Checkmarx KICS, Bitwarden CLI, xinference PyPI", "threat_actor": "UNC6780", "patch_ready": false, "insight": "TeamPCP supply chain..
2:10 pm, April 27, 2026 Cybersecurity
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Deepfake voice attacks can clone a voice with just three seconds of audio, tri..
1:10 pm, April 27, 2026 Cybersecurity
Money launderer linked to $230M crypto heist gets 70 months in prison
{ "priority": "LOW", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "A 22-year-old individual was sentenced to 70 months in prison for laundering fu..
1:10 pm, April 27, 2026 Cybersecurity
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed Glass..
12:10 pm, April 27, 2026 Cybersecurity
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
{ "priority": "HIGH", "cve": "N/A", "target": "TrueConf video conferencing software", "threat_actor": "PhantomCore", "patch_ready": false, "insight": "PhantomCore exploits TrueConf vulnera..
12:10 pm, April 27, 2026 Cybersecurity
AI Testing
