Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-29 08:00 PDT
- European police dismantles €50 million crypto investment fraud ring
BleepingComputer • 2026-04-29 07:27 • www.bleepingcomputer.com
Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. […]
https://www.bleepingcomputer.com/news/security/european-police-dismantles-50-million-crypto-investment-fraud-ring/ - Today's Odd Web Requests, (Wed, Apr 29th)
SANS ISC Diary (full) • 2026-04-29 06:11 • isc.sans.eduToday, two different “new” requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information
- Learning from the Vercel breach: Shadow AI & OAuth sprawl
BleepingComputer • 2026-04-29 06:05 • www.bleepingcomputer.com
A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. […]
https://www.bleepingcomputer.com/news/security/learning-from-the-vercel-breach-shadow-ai-and-oauth-sprawl/ - GitHub fixes RCE flaw that gave access to millions of private repos
BleepingComputer • 2026-04-29 05:41 • www.bleepingcomputer.com
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. […]
https://www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/ - Alleged Silk Typhoon hacker extradited to the United States to face charges
Graham Cluley • 2026-04-29 05:14 • www.bitdefender.com
A man accused of working as a hacker for China’s Ministry of State Security has been extradited to the USA from Italy, and faces – if found guilty – the prospect of decades behind bars.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/silk-typhoon-hacker-extradited-united-states - Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
The Hacker News • 2026-04-29 05:02 • thehackernews.com
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain.
We aren’t just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes.
The problem? Most defensive workflows
https://thehackernews.com/2026/04/webinar-how-to-automate-exposure.html - What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
The Hacker News • 2026-04-29 04:30 • thehackernews.com
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: “So, are we actually safer now?”
Crickets.
The room goes quiet because an honest answer requires context – which is something that patch counts and CVSS scores were never designed to provide. Exposure
https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html - CISA orders feds to patch Windows flaw exploited as zero-day
BleepingComputer • 2026-04-29 03:29 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. […]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-flaw-exploited-in-zero-day-attacks/ - Claude Mythos Has Found 271 Zero-Days in Firefox
Schneier on Security • 2026-04-29 03:12 • www.schneier.comThat’s a lot. No, it’s an extraordinary number:
Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148.
As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of C…
https://www.schneier.com/blog/archives/2026/04/claude-mythos-has-found-271-zero-days-in-firefox.html - Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
The Hacker News • 2026-04-29 02:37 • thehackernews.com
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.
The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions –11.110.0.97
11.118.0.63
11.126.0.54
11.132.0.29
https://thehackernews.com/2026/04/critical-cpanel-authentication.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
