← Latest brief

Security news.

·Afternoon Brief

Today's security landscape is dominated by critical vulnerabilities in widely-used infrastructure and active exploitation campaigns. Healthcare, development tools, and server management platforms face urgent threats, while supply chain attacks continue to proliferate across npm and other package ecosystems.

DARK READINGVULN
Apr 29READ

38 Critical Flaws Found in OpenEMR Healthcare Platform

AI-discovered vulnerabilities in OpenEMR, used by 100,000+ healthcare providers, enable database compromise, remote code execution, and patient data theft.

BLEEPINGPATCH
Apr 29READ

cPanel/WHM Critical Authentication Bypass Patched

Emergency update fixes a critical vulnerability allowing unauthenticated access to control panels across all but the latest versions.

THNEXPLOIT
Apr 29READ

LiteLLM SQL Injection (CVE-2026-42208) Exploited Within 36 Hours

Critical SQL injection flaw in BerriAI's LiteLLM Python package (CVSS 9.3) is being actively exploited to modify underlying databases and access sensitive data.

THN
Apr 29READ

SAP-Related npm Packages Compromised in Credential-Stealing Attack

Multiple SAP JavaScript packages infected with malware by the "mini Shai-Hulud" campaign, affecting developers across the ecosystem.

BLEEPINGRCE
Apr 29READ

GitHub RCE Flaw (CVE-2026-3854) Exposed Millions of Private Repositories

Critical command injection vulnerability patched in March allowed authenticated users to achieve remote code execution via git push, potentially compromising millions of private repos.

BLEEPINGZERO-DAY
Apr 29READ

CISA Orders Patch for Windows Zero-Day Under Active Exploitation

Federal agencies directed to immediately secure systems against a Windows vulnerability being exploited in the wild.

THNKEV
Apr 29READ

CISA Adds ConnectWise and Windows Flaws to KEV Catalog

CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and CVE-2026-32202 (Windows protection mechanism failure) added as actively exploited vulnerabilities.

BLEEPINGBREACH
Apr 29READ

Three Arrested for Hijacking 610,000 Roblox Accounts

Ukrainian police arrested cybercriminals who compromised over 610,000 gaming accounts and profited $225,000 from sales.

Generated twice daily from public security RSS feeds. Informational only.