Latest Cybersecurity News and Articles
29 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 29, 2026 – Watch the YouTube video Executive risk management has evolved far beyond physical protection and travel security. Today, the most pressing threats to leadership come from digital exposure, where publicly
The post VanishID: Agentic AI-Powered Cybersecurity Protects C-Suite Executives appeared first on Cybercrime Magazine.
29 April 2026
The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it.
The post Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure appeared first on SecurityWeek.
29 April 2026
Forescout has identified tens of thousands of exposed RDP and VNC servers that can be mapped to specific industries.
The post Hundreds of Internet-Facing VNC Servers Expose ICS/OT appeared first on SecurityWeek.
29 April 2026
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain.
We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes.
The problem? Most defensive workflows
29 April 2026
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?"
Crickets.
The room goes quiet because an honest answer requires context – which is something that patch counts and CVSS scores were never designed to provide. Exposure
29 April 2026
The hackers exfiltrated the data from Checkmarx’s GitHub environment on March 30, a week after publishing malicious code.
The post Checkmarx Confirms Data Stolen in Supply Chain Attack appeared first on SecurityWeek.
29 April 2026
US service members received WhatsApp messages claiming they would be targeted with drones and missiles.
The post Iranian Cyber Group Handala Targets US Troops in Bahrain appeared first on SecurityWeek.
29 April 2026
Some of the vulnerabilities discovered by Aisle can be exploited to access and alter sensitive patient information.
The post 38 Vulnerabilities Found in OpenEMR Medical Software appeared first on SecurityWeek.
29 April 2026
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.
The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions -
11.110.0.97
11.118.0.63
11.126.0.54
11.132.0.29
29 April 2026
The browser refreshes resolve critical and high-severity vulnerabilities that could lead to arbitrary code execution.
The post Chrome 147, Firefox 150 Security Updates Rolling Out appeared first on SecurityWeek.
29 April 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below -
CVE-2024-1708 (CVSS score: 8.4) - A path traversal vulnerability in ConnectWise ScreenConnect
29 April 2026
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server.
The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
29 April 2026
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.
The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying
28 April 2026
Boards may ignore alerts, but they listen to losses: new data from Resilience links security gaps directly to financial impact.
The post Cyber Insurance Data Gives CISOs New Ammo for Budget Talks appeared first on SecurityWeek.
28 April 2026
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command.
The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve
28 April 2026
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot).
"The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company ZenoX said in a technical report. "It uses the official game icon to induce voluntary execution,
28 April 2026
The ShinyHunters group is threatening to leak stolen files unless Vimeo agrees to pay a ransom.
The post Vimeo Confirms User and Customer Data Breach appeared first on SecurityWeek.
28 April 2026
Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era.
The post The Mythos Moment: Enterprises Must Fight Agents with Agents appeared first on SecurityWeek.
28 April 2026
Join the webinar to explore a practical, multi-layered roadmap to transition from fragmented AI usage to a governed, scalable ecosystem.
The post Webinar Today: A Step-by-Step Approach to AI Governance appeared first on SecurityWeek.
28 April 2026
Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites.
The post Robinhood Vulnerability Exploited for Phishing Attacks appeared first on SecurityWeek.