Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Ravie LakshmananApr 28, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve…

New Playbooks For a Zero-Window Era

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and…

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

Ravie LakshmananApr 28, 2026Cyber Espionage / Vulnerability A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in…

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Ravie LakshmananApr 28, 2026Vulnerability / Identity Management An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent…

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Ravie LakshmananApr 28, 2026Vulnerability / Threat Intelligence Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability…

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Ravie LakshmananApr 27, 2026 Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. “Based…

Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Ravie LakshmananApr 27, 2026Cybersecurity / Hacking Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help…

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations…

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That’s according to a report published by Positive Technologies, which found…

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Ravie LakshmananApr 27, 2026Malware / Software Supply Chain Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed…

« Previous
1
…
23
24
25
26
27
…
522
Next »