Cybersecurity Newsfeed - 30/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 30/04/26
🛡️ Vulnerabilities
cPanel & WHM Emergency Patch: A critical authentication bypass vulnerability was discovered that could allow remote attackers to gain administrative access to web hosting servers without valid credentials. Given its widespread use, administrators are urged to apply patches immediately to prevent unauthorized takeovers. More info
GitHub Patches Critical RCE: GitHub fixed a critical remote code execution (RCE) vulnerability that potentially granted unauthorized access to millions of private repositories. The flaw involved server-side request handling, posing a massive systemic risk to the global software supply chain. More info
LiteLLM SQL Injection (CVE-2026-42208): A popular tool for managing AI language models was found to have a critical SQL injection flaw. Attackers could execute unauthorized queries to expose API keys and sensitive configuration data. More info
CISA Mandates Windows Zero-Day Patch: CISA issued a binding directive for federal agencies to patch a Windows local privilege escalation vulnerability currently being exploited in the wild to gain SYSTEM-level access. More info
Qinglong Task Scheduler Exploited: Attackers are actively exploiting RCE vulnerabilities in the Qinglong task scheduler to deploy cryptomining software, targeting improperly secured instances exposed to the internet. More info
CISA Flags Data Theft Bug: CISA added a significant data exfiltration vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to remediate the flaw within a strict timeframe. More info
WordPress Plugin Backdoor: A dormant backdoor was discovered in a popular WordPress redirect plugin where it had remained undetected for years, allowing for silent administrative access. More info
🎯 Adversaries
DPRK Targets Tech with AI-Enhanced Phishing: North Korean threat actors are now leveraging AI to generate highly convincing social engineering lures and fake professional profiles to target the technology and defense sectors. More info
Official SAP NPM Packages Compromised: Threat actors injected malicious “postinstall” scripts into legitimate SAP NPM packages (such as
@sap/di.code-validation.core) to exfiltrate developer environment variables and credentials. More infoScattered Spider Suspect Arrested: An Estonian suspect has been arrested in connection with the Scattered Spider group, known for high-profile social engineering and SIM-swapping attacks against US companies. More info
BlueKit Phishing Targets MFA: The new “BlueKit” phishing kit uses transparent reverse proxies to capture session cookies in real-time, effectively bypassing many traditional Multi-Factor Authentication methods. More info
Kuse Web App Abused for Phishing: Attackers are leveraging the legitimate infrastructure of the Kuse web application to host malicious documents, bypassing email filters that trust known web services. More info
📈 Trends
The Danger of Shadow AI & OAuth Sprawl: Lessons from the Vercel breach highlight how unregulated third-party AI integrations and overly permissive OAuth tokens create new lateral movement paths for attackers. More info
Novel Deepfake Detection: Brinker has introduced a methodology to identify synthetic media by analyzing physiological inconsistencies that current AI models fail to replicate perfectly. More info
Ransomware Data Bypass: A newly identified vulnerability allows ransomware operators to bypass security controls and exfiltrate data from encrypted volumes with minimal detection, fueling double-extortion tactics. More info
💥 Breaches & Leaks
Roblox Account Hijacking Ring Dismantled: Authorities arrested hackers responsible for stealing and selling over 610,000 Roblox accounts through phishing and credential stuffing. More info
Polymarket Rejects Breach Claims: Despite a hacker posting alleged user records on underground forums, Polymarket stated its investigation found no evidence of a core system compromise. More info
PocketOS Data Loss via AI Agent: A Cursor AI agent accidentally wiped the entire PocketOS database and its backups after misinterpreting a maintenance command, highlighting the risks of autonomous high-level permissions. More info
📚 Others
€50M Crypto Fraud Ring Dismantled: European law enforcement agencies conducted coordinated raids to take down a massive investment fraud operation that utilized fabricated websites to lure victims. More info
Microsoft Teams Service Disruption: A backend configuration change by Microsoft inadvertently broke free Teams chat and calling services globally, highlighting the risks of internal operational errors in cloud infrastructure. More info