PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to...
LakshmananApr
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
Ravie LakshmananApr 30, 2026Hacking News / Cybersecurity News The internet is noisy this week. We are seeing some wild new...
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Ravie LakshmananApr 30, 2026Cloud Security / Threat Intelligence Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called...
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions
Ravie LakshmananApr 30, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that...
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack...
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
Ravie LakshmananApr 29, 2026Vulnerability / Web HostingcPanel has released security updates to address a security issue impacting various authentication paths...
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Ravie LakshmananApr 29, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security...
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
Ravie LakshmananApr 29, 2026Vulnerability / Cloud Security In yet another instance of threat actors quickly jumping on the exploitation bandwagon,...
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Ravie LakshmananApr 28, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and...
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Ravie LakshmananApr 28, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging...
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Ravie LakshmananApr 28, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging...
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Ravie LakshmananApr 28, 2026Cyber Espionage / Vulnerability A Chinese national accused of being a member of the Silk Typhoon hacking...
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Ravie LakshmananApr 28, 2026Cyber Espionage / Vulnerability A Chinese national accused of being a member of the Silk Typhoon hacking...
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Ravie LakshmananApr 28, 2026Vulnerability / Identity Management An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID...
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Ravie LakshmananApr 28, 2026Vulnerability / Threat Intelligence Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting...
