238/69 Friday, May 1, 2026 On April 24, senior executives in Japan’s financial sector formed a special task force to address potential cyber threats posed by Mythos, an AI model developed by Anthropic and described as a “super hacker.” Concerns were raised after testing reportedly showed that Mythos could identify previously unknown vulnerabilities across all […]
237/69 Thursday, April 30, 2026 A critical vulnerability, CVE-2026-42208, has been actively exploited in LiteLLM, an open-source gateway for large language models (LLMs). The flaw is an unauthenticated SQL injection vulnerability that occurs during the proxy API key validation process. Attackers can exploit this issue by sending specially crafted Authorization headers to LiteLLM API endpoints, […]
236/69 Thursday, April 30, 2026 Vimeo, a global video hosting and streaming platform, has confirmed an incident involving unauthorized access to data, stemming from a security breach at Anodot. According to the company’s initial investigation, the affected data primarily includes technical information, video titles, and metadata. In some cases, user and customer email addresses were […]
235/69 Thursday, April 30, 2026 A report from the Halcyon Ransomware Research Center has revealed a major conflict within the cybercriminal ecosystem, as two emerging ransomware groups-0APT and KryBit-engaged in a heated feud that escalated into mutual hacking and public data exposure. The conflict began when 0APT attempted to build its reputation by claiming it […]
234/69 Wednesday, April 29, 2026 Researchers have discovered a vulnerability, CVE-2026-6770, affecting Mozilla Firefox, Mozilla Thunderbird, and Tor Browser, classified as a medium-severity issue. This flaw may allow websites to generate unique identifiers for fingerprinting, enabling the tracking of user activity across different websites—even when users are in Private Browsing mode or using Tor Browser, […]
233/69 Wednesday, April 29, 2026 Medtronic, a global medical device manufacturer, has confirmed a cybersecurity incident affecting its internal IT systems after the cybercrime group ShinyHunters claimed it had accessed and stolen more than 9 million records. The company stated that it detected unauthorized access to certain parts of its IT environment but has not […]
232/69 Wednesday, April 29, 2026 A 2026 report by LayerX Security reveals that at least 82 extensions on Google Chrome have been found secretly collecting users’ personal data and selling it to third parties, impacting more than 6.5 million users worldwide. Notably, these tools are not traditional malware. Instead, they explicitly disclose data-sharing practices in […]
231/69 Tuesday, April 29, 2026 Researchers from Silverfort have disclosed a vulnerability in Microsoft Entra Agent ID, a mechanism designed to manage digital identities for AI agents. The issue lies in the Agent ID Administrator role, which was intended to manage only agent-related objects but was found to have excessive permissions. This allowed it to […]
230/69 Tuesday, April 29, 2026 Researchers from Symantec report that the Trigona ransomware has evolved its tactics by using a self-developed command-line tool for data exfiltration instead of commonly detected tools like Rclone or MegaSync. This trend, observed in attacks during March 2026, highlights the group’s effort to increase sophistication and evade detection. Trigona operates […]
229/69 Tuesday, April 28, 2026 CrowdStrike has disclosed a critical vulnerability, CVE-2026-40050, affecting its LogScale product in self-hosted deployments. The flaw is an unauthenticated path traversal vulnerability located in a specific Cluster API endpoint. If left unpatched, it could allow remote attackers to access and read sensitive files on the server’s file system without requiring […]
