Latest Cybersecurity News & Insights
29 April 2026
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server.
The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
29 April 2026
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.
The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying
28 April 2026
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command.
The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve
28 April 2026
Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites.
The post Robinhood Vulnerability Exploited for Phishing Attacks appeared first on SecurityWeek.
28 April 2026
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done.
That assumption is wrong. It is also a major reason Zero Trust programs stall.
New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security
28 April 2026
Vulnerabilities in Zero Motorcycles electric motorcycles and Yadea electric scooters can pose physical security and safety risks.
The post Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety appeared first on SecurityWeek.
28 April 2026
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.
The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the
28 April 2026
When patching isn’t fast enough, NDR helps contain the next era of threats.
If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast.
Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities and subtle cracks
28 April 2026
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild.
The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this
27 April 2026
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries.
The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on SecurityWeek.
27 April 2026
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds.
The debate that followed has mostly focused on the right
27 April 2026
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages.
The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek.
27 April 2026
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10.
The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek.
25 April 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is below -
CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in
24 April 2026
CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw.
The post Vulnerabilities Patched in CrowdStrike, Tenable Products appeared first on SecurityWeek.
24 April 2026
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.
The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.
"A server-side
23 April 2026
NIST recently changed to how it handles CVEs.
23 April 2026
Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly.
Well, that world is already here.
Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We call this the Collapsing Exploit Window, and it means your
23 April 2026
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device.
The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction.
"Notifications marked for deletion could be unexpectedly retained on the device,"
23 April 2026
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges.
The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.