← Latest brief

Security news.

·Morning Brief

Today's security brief highlights critical vulnerabilities and active exploitation, with CISA ordering federal agencies to patch a Windows zero-day and adding two more flaws to its KEV catalog. GitHub also addressed a severe RCE flaw affecting millions of private repositories, while a critical SQL injection in LiteLLM is being actively exploited.

BLEEPINGZERO-DAY
Apr 29READ

CISA orders feds to patch Windows flaw exploited as zero-day

CISA has mandated federal agencies patch a Windows vulnerability actively exploited in zero-day attacks.

THNEXPLOIT
Apr 29READ

LiteLLM CVE-2026-422208 SQL Injection Exploited within 36 Hours of Disclosure

A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package is under active exploitation just 36 hours after disclosure.

BLEEPINGRCE
Apr 29READ

GitHub fixes RCE flaw that gave access to millions of private repos

GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories.

THNVULN
Apr 29READ

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel released security updates to address a critical authentication vulnerability affecting all supported versions, urging immediate updates.

SECURITYWEEKSUPPLY CHAIN
Apr 29READ

Checkmarx Confirms Data Stolen in Supply Chain Attack

Checkmarx confirmed that data was exfiltrated from its GitHub environment on March 30, following a supply chain attack.

DARK READING
Apr 29READ

Lotus Wiper Attack Targeted Venezuelan Energy Firms, Utilities

A new analysis reveals the Lotus Wiper malware used sophisticated living-off-the-land techniques for widespread data deletion against Venezuelan energy firms.

SECURITYWEEK
Apr 29READ

Hundreds of Internet-Facing VNC Servers Expose ICS/OT

Forescout identified tens of thousands of exposed RDP and VNC servers, with hundreds directly exposing Industrial Control Systems/Operational Technology environments.

SECURITYWEEK
Apr 29READ

Chrome 147, Firefox 150 Security Updates Rolling Out

Google Chrome 147 and Firefox 150 are rolling out with security updates addressing critical and high-severity vulnerabilities.

Generated twice daily from public security RSS feeds. Informational only.