Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Ravie LakshmananApr 30, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431…

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.…

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep,…

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package in question is “@validate-sdk/v2,” which…

How to Automate Exposure Validation to Match the Speed of AI Attacks

The Hacker NewsApr 29, 2026Artificial Intelligence / Exposure Validation In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the…

CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology

by CISA
April 29, 2026
Security News, Assessments & Alerts
4 min read

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), along with the Department of War (DoW), Department of Energy (DOE), Federal Bureau of Investigation (FBI) and Department of State (DOS) today published a joint guide…

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: “So, are we actually…

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Ravie LakshmananApr 29, 2026Vulnerability / Web Hosting cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The…

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

Ravie LakshmananApr 29, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based…

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

Ravie LakshmananApr 29, 2026Vulnerability / Cloud Security In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active…

« Previous
1
…
40
41
42
43
44
…
541
Next »