ICYMI: 2026-04-29
Latest Headlines
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
Critical GitHub Vulnerability Exposed Millions of Repositories
SAP npm Packages Compromised to Harvest Developer and CI/CD Secrets
Lazarus Hackers Attacking macOS Users With ‘Mach-O Man’ Malware Kit
Cursor AI Coding Agent Vulnerability Allow Attackers to Execute Code on Developer’s Machine
SLOTAGENT Malware Uses API Hashing and Encrypted Strings to Hinder Reverse Engineering
Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection
Vimeo Confirms Data Breach – Hackers Accessed Users Database
CISA Warns Microsoft Windows Shell 0-click Vulnerability Exploited in Attacks
Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks
Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks
Popular WordPress redirect plugin hid dormant backdoor for years
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Hackers arrested for hijacking and selling 610,000 Roblox accounts
European police dismantles €50 million crypto investment fraud ring
GitHub fixes RCE flaw that gave access to millions of private repos
CISA orders feds to patch Windows flaw exploited as zero-day
Microsoft says backend change broke Teams Free chat and calls
– MTZ