Skip to content
Security News, Assessments & Alerts Page 24

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology

CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), along with the Department of War (DoW), Department of Energy (DOE), Federal Bureau of Investigation (FBI) and Department of State (DOS) today published a joint guide… 

Read More »CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: “So, are we actually… 

Read More »What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Ravie LakshmananApr 29, 2026Vulnerability / Web Hosting cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The… 

Read More »Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

Ravie LakshmananApr 29, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based… 

Read More »CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

Ravie LakshmananApr 29, 2026Vulnerability / Cloud Security In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active… 

Read More »LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Ravie LakshmananApr 28, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with… 

Read More »Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a… 

Read More »Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign