Risk
-
Google patches critical Gemini CLI flaw that could allow remote code execution
Google fixed a critical Gemini CLI flaw that could let attackers execute commands on host systems in headless CI workflows. The issue affected specific npm and GitHub Actions versions and required explicit folder trust after the update.
-
WordPress redirect plugin hid dormant backdoor for years
A WordPress redirect plugin installed on more than 70,000 sites hid a dormant backdoor for years, according to a technical analysis by Anchor. The issue involved a hidden update path and a tampered build from an external server.
-
Microsoft warns of exploited zero-click Windows flaw exposing sensitive data
Microsoft and CISA said attackers are exploiting CVE-2026-32202, a zero-click Windows flaw that can expose sensitive information. The issue stems from an incomplete fix for an earlier vulnerability linked to Russian espionage activity.
-
SAP-related npm packages hit by credential-stealing supply chain attack
SAP-related npm packages were compromised in an April 29 supply chain attack that inserted credential-stealing malware into four releases, affecting developer, GitHub, npm, cloud, and Kubernetes secrets, according to a technical analysis from Aikido Security.
-
North Korean hackers use AI to hide npm malware in Web3 supply chain
North Korean-linked hackers are using AI-generated code and layered npm packages to spread malware that steals cryptocurrency wallets and developer data, according to a technical analysis from ReversingLabs. The campaign has also expanded beyond npm to other platforms.
-
Europol-backed operation dismantles online fraud call centres in Albania
Europol-supported investigators have dismantled a Tirana-based online fraud network accused of causing at least EUR 50 million in losses. Ten people were arrested and cash, computers and phones were seized in coordinated raids.
-
cPanel patches authentication issue affecting supported versions
cPanel said it has patched an authentication issue affecting all supported versions of its control panel software. Namecheap temporarily blocked access to cPanel and WHM ports while it deployed the fix across its servers.
-
LiteLLM flaw exploited within 36 hours of public disclosure
LiteLLM’s CVE-2026-42208 SQL injection was exploited within 36 hours of disclosure, with attackers targeting database tables that store provider keys and runtime settings. The flaw affects versions 1.81.16 through 1.83.6.
-
Checkmarx says LAPSUS$ leaked data from stolen GitHub repository
Checkmarx said LAPSUS$ leaked 96GB of data stolen from its private GitHub repository after a March 23 compromise linked to a supply chain attack. The company said it has not found customer information so far.
-
VECT 2.0 ransomware flaw can make files unrecoverable, researchers say
Researchers say VECT 2.0 ransomware can permanently destroy files larger than 131,072 bytes on Windows, Linux and ESXi systems, making recovery impossible even for victims who pay. The group has only two listed victims so far.
