Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-28 08:00 PDT
- Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
BleepingComputer • 2026-04-28 07:50 • www.bleepingcomputer.com
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. […]
https://www.bleepingcomputer.com/news/security/checkmarx-confirms-lapsus-hackers-leaked-its-stolen-github-data/ - VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
The Hacker News • 2026-04-28 07:01 • thehackernews.com
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors.
The fact that VECT’s locker permanently destroys large files rather than encrypting them means even victims who opt to
https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html - HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
SANS ISC Diary (full) • 2026-04-28 06:28 • isc.sans.eduThis weekend, we saw a few requests to our honeypot that included an “X-Vercel-Set-Bypass-Cookie” header. A sample request:
- Microsoft to deprecate legacy TLS in Exchange Online starting July
BleepingComputer • 2026-04-28 06:18 • www.bleepingcomputer.com
Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-deprecate-legacy-tls-in-exchange-online-starting-july/ - Inside an OPSEC Playbook: How Threat Actors Evade Detection
BleepingComputer • 2026-04-28 05:50 • www.bleepingcomputer.com
Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separation, and long-term evasion strategies. […]
https://www.bleepingcomputer.com/news/security/inside-an-opsec-playbook-how-threat-actors-evade-detection/ - Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
The Hacker News • 2026-04-28 04:58 • thehackernews.com
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done.
That assumption is wrong. It is also a major reason Zero Trust programs stall.
New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security
https://thehackernews.com/2026/04/why-secure-data-movement-is-zero-trust.html - Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
The Hacker News • 2026-04-28 04:18 • thehackernews.com
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.
The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the
https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html - What Anthropic’s Mythos Means for the Future of Cybersecurity
Schneier on Security • 2026-04-28 04:06 • www.schneier.comTwo weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, https://www.schneier.com/blog/archives/2026/04/what-anthropics-mythos-means-for-the-future-of-cybersecurity.html
- After Mythos: New Playbooks For a Zero-Window Era
The Hacker News • 2026-04-28 03:30 • thehackernews.com
When patching isn’t fast enough, NDR helps contain the next era of threats.
If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast.
Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities and subtle cracks
https://thehackernews.com/2026/04/after-mythos-new-playbooks-for-zero.html - Microsoft: New Remote Desktop warnings may display incorrectly
BleepingComputer • 2026-04-28 02:51 • www.bleepingcomputer.com
Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-new-remote-desktop-warnings-may-display-incorrectly/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
