(255) Critical CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
Critical Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws
Critical cPanel zero-day exploited for months before patch release (CVE-2026-41940)
Critical Critical cPanel and WHM bug exploited as a zero-day, PoC now available
Critical ABB Ability Symphony Plus Engineering
Critical CISA Adds One Known Exploited Vulnerability to Catalog
Critical ABB Edgenius Management Portal
Critical ABB PCM600
Critical ABB Ability OPTIMAX
Critical ABB AWIN Gateways
Critical All supported cPanel versions hit by critical auth bug, now patched
Critical CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
Critical These two critical Mac security features are off by default - how to turn them on and why you should
Critical Adapting Zero Trust Principles to Operational Technology
Critical GitHub fixes RCE flaw that gave access to millions of private repos
Critical cPanel, WHM emergency update fixes critical auth bypass bug
Critical How to turn on Data Saver mode on your Android phone - and why it's critical to do so
Critical Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Critical Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Critical VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Critical NSA GRASSMARLIN
High Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
High Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling
High 2 US Cybersecurity Experts Jailed for Aiding ALPHV (BlackCat) Ransomware
High US ransomware negotiators get 4 years in prison over BlackCat attacks
High 15-year-old detained over French govt agency data breach
High Cyber incident responders who carried out ransomware attacks given 4-year sentences
High Training on Fiction While the Real Threat is in Your Inbox
High Security Insights: A Threat-First View for the Platform That Enforces Access
High Warp open sources its AI terminal client
High Hackers arrested for stealing and reselling 600,000 Roblox accounts
High Met Police face criticism for using AI to spy on their own officers
High Cisco releases open-source toolkit for verifying AI model lineage
High Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
High France investigates 15-year-old over alleged hack of national ID agency
High Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
High US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks
High Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen
High Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
High Learning from the Vercel breach: Shadow AI & OAuth sprawl
High Swiss police arrest 10 suspected members of Nigeria-linked crime group Black Axe
High [webapps] Xibo CMS 4.3.0 - RCE via SSTI
High ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs
High The Role of Aggregated Liquidity in Modern Crypto Markets
High Why Unofficial Download Sources Are Still a Security Risk in 2026
High A Vulnerability in OpenSSH Could Allow for Authentication Bypass
High AI Agent Wipes Startup's Data in 9-Second API Call
High French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches
High TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
High ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach
High Home security giant ADT data breach affects 5.5 million people
Medium Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
Medium Telegram Mini Apps abused for crypto scams, Android malware delivery
Medium ZDI-26-307: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability
Medium New Global Scam Uses Fake Meeting Links to Run PowerShell Malware
Medium 9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access
Medium Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)
Medium New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
Medium New Linux ‘Copy Fail’ flaw gives hackers root on major distros
Medium ABB System 800xA, Symphony Plus IEC 61850
Medium Scam-checking just got a lot easier: Malwarebytes is now in Claude
Medium Microsoft won’t patch PhantomRPC: Feature or bug?
Medium Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Medium Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities
Medium New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Medium ZDI-26-305: (0Day) OpenAI Codex Sandbox Escape Vulnerability
Medium After Mythos: New Playbooks For a Zero-Window Era
Medium Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
Medium CISA Adds Two Known Exploited Vulnerabilities to Catalog
Medium ZDI-26-300: Flowise AccountService resetPassword Authentication Bypass Vulnerability
Medium ZDI-26-301: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Medium ZDI-26-302: Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability
Medium ZDI-26-303: Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability
Medium ZDI-26-304: Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability
Medium What Anthropic’s Mythos Means for the Future of Cybersecurity
Medium UNC6692 Combines Social Engineering, Malware, Cloud Abuse
Medium GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
Medium Robinhood account creation flaw abused to send phishing emails
Medium UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware
Medium Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting
Medium Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Informational Carding service Jerry’s Store leak exposes 345,000 stolen payment cards
Informational Digital attacks drive a new wave of cargo theft, FBI says
Informational 6 Best Enterprise Antivirus Software Choices in 2026
Informational Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones
Informational Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise
Informational OpenAI Introduces Password-Free Login for Millions of ChatGPT Users
Informational Hackers Use Jenkins Access to Deploy DDoS Botnet Against Gaming Servers
Informational Best AirPods of 2026: Expert tested and reviewed
Informational Samsung will give you a free 32-inch Odyssey monitor right now - how to qualify
Informational Download: Automating Pentest Delivery Guide
Informational Microsoft now lets admins choose pre-installed Store apps to uninstall
Informational Microsoft fixes Remote Desktop warnings displaying incorrectly
Informational Post-quantum encryption for Cloudflare IPsec is generally available
Informational From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future
Informational Managed vs Self-Managed Cloud Hosting: Choosing the Best Option for Your Business
Informational Oracle Red Bull Racing Team Revs Up Automation to Boost Security
Informational Building with AI: Here's What No Briefing Will Tell You
Informational Samsung Galaxy vs. Google Pixel: My take after testing dozens of phones from both brands
Informational I fixed my Wi-Fi dead zones at home with these 6 simple changes
Informational Sony vs. Bose: My buying advice after listening to flagship headphones from both brands
Informational After testing this Linux laptop, I understand why MacBooks are the superior choice
Informational Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
Informational Bad bots make up 40% of internet traffic
Informational Proxmox Backup Server 4.2 arrives with S3 storage support and parallel sync jobs
Informational Researchers develop tool to expose GPS signal spoofing in transit networks
Informational New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Informational ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
Informational PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
Informational Police dismantles 9 crypto scam centers, arrests 276 suspects
Informational What Happens in the First 24 Hours After a New Asset Goes Live
Informational April KB5083769 Windows 11 update causes backup software failures
Informational FBI links cybercriminals to sharp surge in cargo theft attacks
Informational Moldova’s health insurance agency reports possible data leak after cyberattack
Informational Trump’s cyber ambassador nominee advances to full Senate vote
Informational Zambia cancels global digital freedoms conference days before start
Informational Auditing Application Permissions in Microsoft Entra ID: Hidden Risks, Pitfalls, and Quarkslab's QAZPT Tool
Informational Health is Tim Cook's defining legacy - and your Apple Watch proves it
Informational Forget Samsung Galaxy S26 Ultra: I found alternatives that are nearly as good for less money
Informational Motorola Razr Ultra (2026) vs. Samsung Galaxy Z Flip 7: I tried both, and there's a clear winner
Informational Operation Road Trap: Fake toll and parking texts are spreading worldwide
Informational 8 best practices for CISOs conducting risk reviews
Informational Brinker Introduces a Novel Approach to Deepfake Detection
Informational New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks
Informational What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
Informational Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
Informational Microsoft says backend change broke Teams Free chat and calls
Informational European Commission accuses Meta of breaching child safety rules
Informational [local] Atlona ATOMERX21 - Authenticated Command Injection
Informational AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations
Informational New Linux FIRESTARTER Backdoor Targets Cisco Firepower Devices
Informational Stablecoins: Always-On Money Needs Always-On Controls
Informational Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise
Informational Q1 2026 Cyber Attack Statistics
Informational Canonical's approach to AI is refreshingly thoughtful - Microsoft should take note
Informational I tested a BlackBerry-style Android phone with a keyboard, and it's weirdly practical in 2026
Informational You can save 50% on this Sony soundbar right now - but the deal ends tonight
Informational Want a free Apple Watch? T-Mobile will give you the SE 3 - how to get yours today
Informational User interfaces as we know them are dead - 4 ways to prep for 'disposable' UIs
Informational I was not expecting a Razer keyboard to enhance my office productivity - here's how it did
Informational Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Informational Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Informational Microsoft asks iPhone users to reauthenticate after Outlook outage
Informational Microsoft: New Remote Desktop warnings may display incorrectly
Informational Inside an OPSEC Playbook: How Threat Actors Evade Detection
Informational Microsoft to deprecate legacy TLS in Exchange Online starting July
Informational Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Informational Video site Vimeo blames security incident on Anodot breach
Informational Cyber Command, NSA chief warns foreign adversaries likely to target midterms
Informational New Android spyware Morpheus linked to Italian surveillance firm
Informational Microsoft fixes Entra ID flaw enabling privilege escalation
Informational ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)
Informational AI Is Not the Villain (or the Hero)
Informational From DMV to Wallet: Understanding Verifiable Digital Credential Issuance
Informational Weekly Update 501
Informational 82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected
Informational GitHub Copilot shifts to usage-based pricing June 1 - why that's no surprise
Informational 77% of IT managers say their AI agents are out of control - 5 ways to rein in yours
Informational Alleged Silk Typhoon hacker extradited to US for cyberespionage
Informational Canada arrests three for operating “SMS blaster” device in Toronto
Informational Money launderer for crypto thieves given 5-year sentence
Informational Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns
Informational Supreme Court signals location data searches should require a warrant
Informational Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
Informational Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Informational The EU Digital Wallet: Why Waiting is Not an Option
Informational Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files
Informational This bestselling gaming device is not a Nintendo or a PlayStation - and I highly recommend it
Informational I tested ChatGPT Images 2.0 vs. Gemini Nano Banana to see which is better - this model wins
Informational 6 MacOS settings I immediately change on every new Mac - and why
Informational Samsung Wallet just got a travel feature that I hope Google Wallet copies ASAP
Informational Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
Informational Money launderer linked to $230M crypto heist gets 70 months in prison
Informational Webinar: Spotting cyberattacks before they begin
Informational PyPI package with 1.1M monthly downloads hacked to push infostealer
Informational Italy extradites alleged Chinese state hacker to US
Informational Italy moves to extradite Chinese national to the U.S. over hacking charges
Informational Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
