Security news.
Today's security landscape is dominated by critical vulnerabilities in widely-used infrastructure and active exploitation campaigns. Healthcare, development tools, and server management platforms face urgent threats, while supply chain attacks continue to proliferate across npm and other package ecosystems.
38 Critical Flaws Found in OpenEMR Healthcare Platform
AI-discovered vulnerabilities in OpenEMR, used by 100,000+ healthcare providers, enable database compromise, remote code execution, and patient data theft.
cPanel/WHM Critical Authentication Bypass Patched
Emergency update fixes a critical vulnerability allowing unauthenticated access to control panels across all but the latest versions.
LiteLLM SQL Injection (CVE-2026-42208) Exploited Within 36 Hours
Critical SQL injection flaw in BerriAI's LiteLLM Python package (CVSS 9.3) is being actively exploited to modify underlying databases and access sensitive data.
SAP-Related npm Packages Compromised in Credential-Stealing Attack
Multiple SAP JavaScript packages infected with malware by the "mini Shai-Hulud" campaign, affecting developers across the ecosystem.
GitHub RCE Flaw (CVE-2026-3854) Exposed Millions of Private Repositories
Critical command injection vulnerability patched in March allowed authenticated users to achieve remote code execution via git push, potentially compromising millions of private repos.
CISA Orders Patch for Windows Zero-Day Under Active Exploitation
Federal agencies directed to immediately secure systems against a Windows vulnerability being exploited in the wild.
CISA Adds ConnectWise and Windows Flaws to KEV Catalog
CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and CVE-2026-32202 (Windows protection mechanism failure) added as actively exploited vulnerabilities.
Three Arrested for Hijacking 610,000 Roblox Accounts
Ukrainian police arrested cybercriminals who compromised over 610,000 gaming accounts and profited $225,000 from sales.