#cybersecurity
#cybersecurity

Information security

AI digs up decades of code debt. Patch up.

Higher education

US imposes AI skills requirement on CyberCorps pipeline

Information security

Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good

fromComputerWeekly.com

Cyber experts take an optimistic view of AI-powered hacking | Computer Weekly

Claude Mythos Preview enhances cybersecurity by autonomously identifying vulnerabilities, while cyber crime forums show limited impact from 'dark AI' products.

fromZDNET

Anthropic's new Claude Security tool scans your codebase for flaws - and helps you decide what to fix first

AI vulnerability scanning is integrating into developer workflows to enhance cybersecurity.

fromFuturism

4 hours ago

The White House Suddenly Seems Pretty Terrified of Anthropic

Mythos, an AI model by Anthropic, poses significant cybersecurity risks, prompting concerns from the White House and a strained relationship with the Department of Defense.

AI digs up decades of code debt. Patch up.

AI-driven bug hunting is exposing long-buried vulnerabilities, prompting a significant wave of necessary patches for organizations.

Higher education

US imposes AI skills requirement on CyberCorps pipeline

CyberCorps scholarship program now requires applicants to demonstrate skills in AI and cybersecurity integration for government jobs.

Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good

Fear-based marketing is criticized in the context of limited AI model releases, particularly regarding cybersecurity advancements.

fromComputerWeekly.com

Cyber experts take an optimistic view of AI-powered hacking | Computer Weekly

Claude Mythos Preview enhances cybersecurity by autonomously identifying vulnerabilities, while cyber crime forums show limited impact from 'dark AI' products.

fromZDNET

Anthropic's new Claude Security tool scans your codebase for flaws - and helps you decide what to fix first

AI vulnerability scanning is integrating into developer workflows to enhance cybersecurity.

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

A critical Linux vulnerability allows unprivileged users to gain root access, impacting various distributions and requiring immediate patching.

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

A high-severity Linux vulnerability allows unprivileged users to gain root access through a flaw in the kernel's cryptographic subsystem.

7 hours ago

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

A critical Linux vulnerability allows unprivileged users to gain root access, impacting various distributions and requiring immediate patching.

fromwww.businessinsider.com

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

A high-severity Linux vulnerability allows unprivileged users to gain root access through a flaw in the kernel's cryptographic subsystem.

North Korea rejects US cybercrime claims as 'absurd slander'

North Korea denied US cybercrime allegations, calling them absurd slander and asserting it does not pose a cyber threat.

Business

22 hours ago

Berkshire Hathaway's first Q&A without Warren Buffett opened with a question from a deepfake Warren Buffett

Warren Buffett's likeness was used in a deepfake at Berkshire Hathaway's annual meeting to discuss the risks of cyberattacks and misinformation.

#phishing

Information security

New Bluekit Phishing Kit Features AI Assistant

Information security

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise

Phishing attacks are evolving, utilizing QR codes and modular strategies, requiring comprehensive security measures beyond traditional email defenses.

Information security

Bluekit combines AI and phishing in a new all-in-one platform

Most phishing now uses AI, says KnowBe4

AI is increasingly used in phishing campaigns, with 86% involving AI in the last six months, enhancing personalization and automation.

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

New phishing kits are evolving, integrating advanced features for targeted attacks, while security vulnerabilities continue to pose significant risks online.

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

A Vietnamese-linked operation uses Google AppSheet for phishing, compromising around 30,000 Facebook accounts to sell them back through an illicit storefront.

Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise

Phishing attacks are evolving, utilizing QR codes and modular strategies, requiring comprehensive security measures beyond traditional email defenses.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

Most phishing now uses AI, says KnowBe4

AI is increasingly used in phishing campaigns, with 86% involving AI in the last six months, enhancing personalization and automation.

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

New phishing kits are evolving, integrating advanced features for targeted attacks, while security vulnerabilities continue to pose significant risks online.

Information security

Trellix Confirms Source Code Breach With Unauthorized Repository Access

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

Key cybersecurity developments include OFAC actions against Iranian crypto, the arrest of a Scattered Spider member, and a major data leak at ADT.

Healthcare

Sandhills Medical Says Ransomware Breach Affects 170,000

Sandhills Medical Foundation experienced a data breach affecting nearly 170,000 individuals due to a ransomware attack discovered on May 8, 2025.

Information security

Trellix Confirms Source Code Breach With Unauthorized Repository Access

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

Key cybersecurity developments include OFAC actions against Iranian crypto, the arrest of a Scattered Spider member, and a major data leak at ADT.

Healthcare

Sandhills Medical Says Ransomware Breach Affects 170,000

Sandhills Medical Foundation experienced a data breach affecting nearly 170,000 individuals due to a ransomware attack discovered on May 8, 2025.

more#data-breach

fromComputerworld

Windows shell spoofing vulnerability puts sensitive data at risk

CISA can shorten the deadline to three days in cases of high-risk exploitation. However, for CVE-2026-32202, the CVSS score was rated at 4.3, which does not meet the policy threshold for a faster patch cycle.

Information security

Privacy technologies

fromHarvard Gazette

Worried about how online firms use data they get from you? - Harvard Gazette

Keyring wallet allows users to verify identity while controlling personal information and reducing vulnerability to identity theft.

#account-security

Privacy technologies

OpenAI Introduces Password-Free Login for Millions of ChatGPT Users

fromWIRED

Information security

OpenAI Rolls Out 'Advanced' Security Mode for At-Risk Accounts

Privacy technologies

OpenAI Introduces Password-Free Login for Millions of ChatGPT Users

OpenAI's Advanced Account Security replaces passwords with passkeys or security keys, enhancing protection against cyberattacks but limiting recovery options.

fromWIRED

OpenAI Rolls Out 'Advanced' Security Mode for At-Risk Accounts

OpenAI introduces Advanced Account Security to enhance protection against account takeover attacks for ChatGPT and Codex users.

more#account-security

Ubuntu services hit by outages after DDoS attack | TechCrunch

Hacktivists launched a DDoS attack on Ubuntu and Canonical, disrupting services and preventing users from updating the operating system.

Pro-Iran group turns Ubuntu DDoS into shakedown

Canonical's web infrastructure is under a sustained DDoS attack by the pro-Iran hacktivist group 313 Team.

Ubuntu services hit by outages after DDoS attack | TechCrunch

Hacktivists launched a DDoS attack on Ubuntu and Canonical, disrupting services and preventing users from updating the operating system.

Pro-Iran group turns Ubuntu DDoS into shakedown

Canonical's web infrastructure is under a sustained DDoS attack by the pro-Iran hacktivist group 313 Team.

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

A new China-aligned espionage campaign targets government and defense sectors in Asia and Europe, exploiting vulnerabilities in Microsoft Exchange and IIS servers.

New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

BlueNoroff hackers exploit fake Zoom calls and fileless malware to steal credentials from Web3 and cryptocurrency organizations.

Critical cPanel exploited: 'Millions' of sites could be hit

CISA has identified a critical cPanel vulnerability being actively exploited, allowing attackers full server control.

Hackers are actively exploiting a bug in cPanel, used by millions of websites | TechCrunch

A critical vulnerability in cPanel and WHM allows hackers to gain full control of affected servers, necessitating immediate patching by users.

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical authentication bypass vulnerability in cPanel & WHM allows remote attackers to gain administrative access, risking system takeover.

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root access, affecting millions of domains.

Critical cPanel exploited: 'Millions' of sites could be hit

CISA has identified a critical cPanel vulnerability being actively exploited, allowing attackers full server control.

Hackers are actively exploiting a bug in cPanel, used by millions of websites | TechCrunch

A critical vulnerability in cPanel and WHM allows hackers to gain full control of affected servers, necessitating immediate patching by users.

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical authentication bypass vulnerability in cPanel & WHM allows remote attackers to gain administrative access, risking system takeover.

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root access, affecting millions of domains.

more#cpanel

fromwww.theguardian.com

Pentagon plans to make US military AI-first fighting force' by pairing with companies

The Pentagon has partnered with seven AI companies to enhance military capabilities and decision-making through advanced technology.

Two US Security Experts Sentenced to Prison for Helping Ransomware Gang

Two cybersecurity experts were sentenced to four years in prison for their involvement in ransomware attacks.

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Two cybersecurity professionals were sentenced to four years for facilitating BlackCat ransomware attacks in 2023.

Stolen patient data from Dutch firm ChipSoft destroyed after cyberattack

ChipSoft claims all data stolen in the ransomware attack has been destroyed, but has not confirmed if a ransom was paid.

Two US Security Experts Sentenced to Prison for Helping Ransomware Gang

Two cybersecurity experts were sentenced to four years in prison for their involvement in ransomware attacks.

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Two cybersecurity professionals were sentenced to four years for facilitating BlackCat ransomware attacks in 2023.

Stolen patient data from Dutch firm ChipSoft destroyed after cyberattack

ChipSoft claims all data stolen in the ransomware attack has been destroyed, but has not confirmed if a ransom was paid.

OpenAI locks GPT-5.5-Cyber behind velvet rope

OpenAI is releasing GPT-5.5-Cyber to select cyber defenders to enhance security for critical systems.

fromTNW | Next-Featured

OpenAI launches hardware security keys for ChatGPT with Yubico partnership and disables password login for high-risk users

OpenAI launched Advanced Account Security, replacing passwords with hardware keys and disabling email recovery, targeting sensitive user accounts.

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too | TechCrunch

OpenAI will restrict access to its cybersecurity tool Cyber, similar to Anthropic's approach with Mythos.

OpenAI prepares GPT-5.5-Cyber for trusted security researchers

OpenAI is launching GPT-5.5-Cyber, a specialized cybersecurity model for vetted cyber defenders, with access expected soon.

OpenAI locks GPT-5.5-Cyber behind velvet rope

OpenAI is releasing GPT-5.5-Cyber to select cyber defenders to enhance security for critical systems.

fromTNW | Next-Featured

OpenAI launches hardware security keys for ChatGPT with Yubico partnership and disables password login for high-risk users

OpenAI launched Advanced Account Security, replacing passwords with hardware keys and disabling email recovery, targeting sensitive user accounts.

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too | TechCrunch

OpenAI will restrict access to its cybersecurity tool Cyber, similar to Anthropic's approach with Mythos.

OpenAI prepares GPT-5.5-Cyber for trusted security researchers

OpenAI is launching GPT-5.5-Cyber, a specialized cybersecurity model for vetted cyber defenders, with access expected soon.

more#openai

fromDeveloper Tech News

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

The 'Mini Shai-Hulud' worm targets developer credentials across multiple ecosystems, exploiting vulnerabilities in popular packages to steal sensitive information.

Growth hacking

Top Five Sales Challenges Costing MSPs Cybersecurity Revenue

The managed security services market is set to grow significantly, but MSPs often fail to align technical expertise with business needs.

#malware

Information security

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors exploit AI distribution platforms to distribute malware through trojanized shared files, relying on social engineering tactics to deceive users.

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

A sophisticated malicious campaign targets high-privilege accounts using SEO poisoning and GitHub for malware distribution.

Information security

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR is a Python-based backdoor framework that enables persistent access and sensitive information harvesting from compromised systems.

fromInfoWorld

Information security

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Attackers view developer workstations as critical access points, targeting them to infiltrate software supply chains.

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

A new Python-based backdoor framework, Deep#Door, enables persistent remote command execution and surveillance on Windows systems.

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors exploit AI distribution platforms to distribute malware through trojanized shared files, relying on social engineering tactics to deceive users.

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

A sophisticated malicious campaign targets high-privilege accounts using SEO poisoning and GitHub for malware distribution.

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR is a Python-based backdoor framework that enables persistent access and sensitive information harvesting from compromised systems.

fromInfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Attackers view developer workstations as critical access points, targeting them to infiltrate software supply chains.

Anthropic's Mythos is moving between governments faster than regulators

Anthropic's Mythos cybersecurity model faces conflicting government interests regarding its access and usage among state actors and private sectors.

FBI Warns of Surge in Hacker-Enabled Cargo Theft

Cyber-enabled cargo theft is surging, with hackers targeting brokers and carriers using sophisticated methods.

Software development

fromDevOps.com

Anthropic Brings AI-Powered Security Scanning to Enterprise Teams With Claude Security - DevOps.com

Claude Security enables security teams to scan codebases for vulnerabilities and generate patches efficiently, enhancing remediation processes.

Anthropic Claude Security available to all Enterprise customers

Claude Security is now in public beta for Enterprise customers, scanning code for vulnerabilities and suggesting targeted patches using the Claude Opus 4.7 model.

#supply-chain-attacks

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

more#supply-chain-attacks

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.

Cryptocurrency

fromnews.bitcoin.com

Pentagon Eyes Bitcoin Infrastructure as Strategic Asset, Hegseth Says

Bitcoin is integrated into classified U.S. Defense Department efforts to enhance national security and counter China.

The most severe Linux threat to surface in years catches the world flatfooted

A critical Linux vulnerability allows unprivileged users to gain root access, posing severe risks to data centers and personal devices.

Why recovery speed matters when the homeland is the cyber battlefield

Cyberattacks are now a constant threat to essential services and military readiness, requiring a shift in defense strategies to anticipate and recover from disruptions.

FBI: China's hacker-for-hire ecosystem 'out of control'

Motivated by profit, this network of private companies and contractors in China cast a wide net to identify vulnerable computers, exploit those computers, and then identify information that it could sell directly or indirectly to the PRC government.

Information security

AI Fuels 'Industrial' Cybercrime as Time-to-Exploit Shrinks to Hours

Industrialized cybercrime utilizes AI and automation for efficient, sophisticated attacks, necessitating defenders to adopt similar technologies for effective countermeasures.

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

fromAxios

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

fromAxios

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

World politics

fromFortune

For years, the risk Jamie Dimon was most concerned about was geopolitics. His answer has shifted | Fortune

Geopolitical tensions and cybersecurity risks are the greatest threats to the global economy, according to Jamie Dimon.

SonicWall Urges Immediate Patching of Firewall Vulnerabilities

SonicWall urges immediate firmware updates for three vulnerabilities in Gen 6, 7, and 8 firewalls to maintain security.

fromTNW | Opinion

Why cybersecurity leaders are losing control in the age of AI threats

AI-driven threats are increasing, and effective cybersecurity relies on leadership clarity, AI integration, and workforce awareness.

Women in technology

fromAbove the Law

ILTA EVOLVE: Sometimes Less Is More - A Focus On Leadership - Above the Law

Smaller, focused conferences like ILTA EVOLVE enhance interaction and address critical topics such as cybersecurity, GenAI, and leadership in legal tech.

fromTNW | Government-Policy

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking

Vulnerabilities in EnOcean's SmartServer IoT platform allow remote attackers to hack building management systems.

Chinese spy group caught lurking in Poland, Asia networks

A China-linked threat group infiltrated critical networks in multiple countries, using advanced techniques and tools for long-term access and espionage.

EU data protection

China threatens the EU with broad retaliation

China warns the EU of retaliation against its Cybersecurity Act that could exclude Chinese firms from critical infrastructure.

fromTNW | Government-Policy

Chinese spy group caught lurking in Poland, Asia networks

A China-linked threat group infiltrated critical networks in multiple countries, using advanced techniques and tools for long-term access and espionage.

EU data protection

China threatens the EU with broad retaliation

China warns the EU of retaliation against its Cybersecurity Act that could exclude Chinese firms from critical infrastructure.

more#china

fromThe Verge

OpenAI's new security model is for 'critical cyber defenders' only

OpenAI is launching GPT-5.5-Cyber for select cyber defenders, not for public access, to enhance cybersecurity measures.

fromWIRED

Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim

Stalkerware enables secret surveillance of individuals, leading to severe privacy violations and potential data breaches of sensitive information.

'Copy Fail' Logic Flaw in Linux Kernel Enables System Takeover

A high-severity logic bug in the Linux kernel allows unprivileged attackers to obtain root shell access.

fromInfoQ

Meta's Approach to Migrating their Systems to Post-Quantum Cryptography

Meta is migrating to post-quantum cryptography to protect against quantum computing threats, using a five-level maturity model to track progress.

European startups

mnemonic opens Dutch Security Operations Centre (SOC) and relocates to new office in Utrecht

mnemonic will open a new Security Operations Centre in the Netherlands on 1 May to enhance local SOC services for the Benelux market.

Finance company stored their DB credentials in spreadsheet

Sensitive information was inadequately protected in a publicly accessible SharePoint folder, highlighting significant security flaws in a fintech startup's practices.

fromIT Brew

Does the agentic era signal the end of cybersecurity perimeters?

Agentic AI complicates cybersecurity by enabling synthetic identities and unsupervised workflows, challenging traditional perimeter defenses.

Deliverability

Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails

Robinhood users received phishing emails that appeared legitimate, exploiting a flaw in the account creation process to steal login credentials.

Microsoft patch fell short. New Windows flaw exploited

Attackers exploit a zero-click Windows flaw, CVE-2026-32202, exposing sensitive information on vulnerable systems.

US politics

fromwww.housingwire.com

ICE's Courtenay Dunn outlines deregulatory housing priorities

Elimination of fraud, waste, and abuse is crucial for lowering costs in housing and energy sectors.

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Checkmarx and Bitwarden were compromised in a supply chain attack linked to TeamPCP, highlighting vulnerabilities in security tools.

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Checkmarx and Bitwarden were compromised in a supply chain attack linked to TeamPCP, highlighting vulnerabilities in security tools.

more#supply-chain-attack

CISA flags data-theft bug in NSA-built OT networking tool

CISA warns of a vulnerability in GrassMarlin that could expose sensitive information due to insufficient XML parsing hardening.

fromSecuritymagazine

Ransomware Responsible for 90% of Manufacturing Cyber Losses

Manufacturing sector faces significant cyber risks, with ransomware causing 90% of financial losses despite being only 12% of claims.

Privacy technologies

fromZDNET

These two critical Mac security features are off by default - how to turn them on and why you should

A Firewall and Stealth Mode are essential for securing Macs against network vulnerabilities.

Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry | TechCrunch

Sri Lanka is investigating missing payments and cyber thefts linked to hackers targeting its financial systems.

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

A critical SQL injection vulnerability in LiteLLM was exploited shortly after disclosure, allowing unauthorized access to sensitive database information.

DevOps

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Exposure management platforms vary in effectiveness, and security leaders need to evaluate them based on their ability to reduce actual risk.

Hundreds of Internet-Facing VNC Servers Expose ICS/OT

Millions of RDP and VNC servers are exposed online, with significant risks to industrial control systems and operational technology.

Iranian Cyber Group Handala Targets US Troops in Bahrain

Handala targeted US troops in Bahrain with an influence campaign on WhatsApp, claiming surveillance and imminent drone attacks.

Non-profit's GoDaddy nightmare and the IT chaos that ensued

GoDaddy is investigating claims of unauthorized domain transfer without proper authentication, leading to significant downtime for a client.

#github

fromThe Verge

Information security

GitHub rushed to fix a critical vulnerability in less than six hours

Information security

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

fromThe Verge

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

A critical vulnerability in GitHub allows remote code execution via a single 'git push' command due to improper input sanitization.

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA added two vulnerabilities to its KEV catalog due to active exploitation, impacting ConnectWise ScreenConnect and Microsoft Windows.

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

A critical SQL injection vulnerability in BerriAI's LiteLLM package is actively exploited within 36 hours of disclosure, allowing unauthorized database access.

Pentagon launches cyber apprenticeship program

"This program is a critical investment in our people and the bedrock of our national security," Marci McCarthy, the DOD CIO's director of external engagements, said in a statement. "The Cyber RAP provides a direct pathway for dedicated individuals to join our mission, securing the vital networks, infrastructure, and weapon systems that our Warfighters depend on every single day."

Washington DC

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

CFOs and boards must understand cybersecurity risks in financial terms, which can be achieved through insurance data and analysis.

fromAxios