Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-29 13:00 PDT
- Hackers arrested for hijacking and selling 610,000 Roblox accounts
BleepingComputer • 2026-04-29 11:32 • www.bleepingcomputer.com
The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. […]
https://www.bleepingcomputer.com/news/security/hackers-arrested-for-hijacking-and-selling-610-000-roblox-accounts/ - SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
The Hacker News • 2026-04-29 09:26 • thehackernews.com
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.
According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the mini Shai-Hulud – has affected the following packages associated with SAP’s JavaScript and cloud application
https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html - cPanel, WHM emergency update fixes critical auth bypass bug
BleepingComputer • 2026-04-29 08:51 • www.bleepingcomputer.com
A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. […]
https://www.bleepingcomputer.com/news/security/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug/ - New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
The Hacker News • 2026-04-29 07:43 • thehackernews.com
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM).
The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real
https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html - European police dismantles €50 million crypto investment fraud ring
BleepingComputer • 2026-04-29 07:27 • www.bleepingcomputer.com
Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. […]
https://www.bleepingcomputer.com/news/security/european-police-dismantles-50-million-crypto-investment-fraud-ring/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
