securityrss.ai

Ukrainian authorities arrested three hackers involved in a scheme that compromised over 610,000 Roblox accounts, generating approximately $225,000 in profit. https://t.co/azCgVE2qMR

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged operational technology (OT) operators to abandon implicit trust in their networks. https://t.co/gKyTmrF8IX

A supply chain attack named “mini Shai Hulud” has compromised SAP-related npm packages by injecting malicious preinstall scripts that execute during installation. https://t.co/v1Yezx7eYz

A local privilege escalation vulnerability in the Linux kernel, dubbed Copy Fail (CVE-2026-31431), allows unprivileged users to gain root access by modifying the page cache of readable files. https://t.co/xI1EYReqSr

A critical vulnerability in Cursor's Git integration could allow remote code execution (RCE) via prompt injection. The flaw enables an AI agent to write to unprotected Git configurations, potentially executing malicious code during routine operations. https://t.co/wgfYz2H9E1

cPanel issued an emergency patch on April 28, 2026, to address a critical vulnerability in its software affecting multiple authentication paths. All supported versions are impacted, allowing potential unauthorized access to servers. https://t.co/WmIjgHDy44

Video hosting platform Vimeo confirmed that user and customer data was compromised due to a breach at third-party analytics vendor Anodot. https://t.co/2zBQjSMsKM

VECT 2.0 ransomware acts more like a wiper, irreversibly destroying files over 131KB on Windows, Linux, and ESXi due to a critical flaw in its encryption. https://t.co/Y7uPAUQvYT

Microsoft confirmed active exploitation of Windows Shell vulnerability CVE-2026-32202, a spoofing flaw (CVSS score: 4.3) allowing unauthorized access to sensitive information. https://t.co/jfHLmAuDd9

Wiz Research identified a critical vulnerability (CVE-2026-3854) in GitHub's infrastructure allowing remote code execution via a single git push command. This flaw affects both GitHub. https://t.co/19adOo88jH

Checkmarx confirmed that data from its GitHub repository was posted on the dark web following a supply chain attack on March 23, 2026. https://t.co/bqbBYS49z0

Medtronic confirmed a data breach affecting its corporate IT systems, with no impact on products or patient safety. The group ShinyHunters claimed responsibility. https://t.co/mmjXZinMdt

A Chinese national, Song Wu, impersonated U.S. researchers in a multi-year phishing scheme targeting NASA and other U.S. defense entities to obtain sensitive software. https://t.co/DZaIFlBGlW

A critical vulnerability in Microsoft Entra Agent Identity Platform allowed the Agent ID Administrator role to hijack arbitrary service principals, enabling privilege escalation across the tenant. Microsoft patched this issue in April 2026. https://t.co/LWfkhrn66g

Hackers are exploiting fake CAPTCHA pages to execute International Revenue Share Fraud (IRSF), tricking users into sending costly international SMS messages. Victims unknowingly send texts to high-fee countries, generating revenue for fraudsters. https://t.co/qPHawreKpC

Italy is set to extradite Xu Zewei, a Chinese national arrested in July 2025, to the U.S. on cyber-espionage charges linked to state-backed hacking operations targeting COVID-19 research. https://t.co/5szaygVb2n

The U.S. Department of Justice announced significant actions against Southeast Asian scam centers targeting Americans, including charges against two Chinese nationals for managing a cryptocurrency fraud operation in Burma. https://t.co/Qh5e54ROLw

On April 13, 2026, Itron, Inc. was notified of unauthorized access to its systems. The company activated its cybersecurity response plan, initiated an investigation with external advisors, and notified law enforcement. https://t.co/k5dICQsCF1

ADT reported a cyber intrusion on Monday, resulting in the theft of a limited set of customer data, including names, phone numbers, addresses, dates of birth, and partial Social Security numbers. https://t.co/anSBlbXqUo