Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-29 17:00 PDT
- Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
Graham Cluley • 2026-04-29 16:15 • grahamcluley.com
A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency.Meanwhile, there’s a 1980s phone protocol called SS7 that lets shadowy surveillance companies track anyone, anywhere, via their mobile phone. Governments know about it. Telecoms know about it. Nobody’s fixing it.
All this and more in episode 465 of the “Smashing Security” podcast with cybersecurity keynote s…
https://grahamcluley.com/smashing-security-podcast-465/ - Official SAP npm packages compromised to steal credentials
BleepingComputer • 2026-04-29 15:43 • www.bleepingcomputer.com
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. […]
https://www.bleepingcomputer.com/news/security/official-sap-npm-packages-compromised-to-steal-credentials/ - Popular WordPress redirect plugin hid dormant backdoor for years
BleepingComputer • 2026-04-29 15:13 • www.bleepingcomputer.com
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites. […]
https://www.bleepingcomputer.com/news/security/popular-wordpress-redirect-plugin-hid-dormant-backdoor-for-years/ - Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
BleepingComputer • 2026-04-29 13:50 • www.bleepingcomputer.com
Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. […]
https://www.bleepingcomputer.com/news/security/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cryptomining/ - Hackers arrested for hijacking and selling 610,000 Roblox accounts
BleepingComputer • 2026-04-29 11:32 • www.bleepingcomputer.com
The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. […]
https://www.bleepingcomputer.com/news/security/hackers-arrested-for-hijacking-and-selling-610-000-roblox-accounts/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
