Tag Archives: it security

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly...

29
Apr
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise...

28
Apr
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate...

28
Apr
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like...

28
Apr
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Every security program is betting on the same assumption: once a system is connected, the...

28
Apr
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source...

28
Apr
After Mythos: New Playbooks For a Zero-Window Era

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve...

28
Apr
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

A Chinese national accused of being a member of the Silk Typhoon hacking group has...

28
Apr
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable...

28
Apr
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell...

28
Apr
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has...

27
Apr
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Everything is dumb again. This week feels broken in a very familiar way. Old tricks...

27
Apr
Could your choice of metrics be harming your SOC?
April 27, 2026

Poor metrics can render a well-intentioned security operation centre entirely ineffective....

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting...

27
Apr
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running...

27
Apr
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the...

27
Apr
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification...

27
Apr
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm...

25
Apr
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp,...

25
Apr
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian...

24
Apr
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA)...

24
Apr
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

The AI Agent Authority Gap – From Ungoverned to Delegation As discussed in our previous...

24
Apr
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that...

24
Apr
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of...

24
Apr
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs,...

24
Apr
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering...

23
Apr
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply...

23
Apr
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have...

23
Apr
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed

Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in...

23
Apr
Passkeys are more secure than traditional ways to log in
April 23, 2026

Passkeys and other FIDO2 credentials offer a more usable, secure replacement for passwords and are...