IT Security News Daily Summary 2026-04-29

159 posts were published in the last hour

• 21:36 : Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds
• 21:36 : Researchers built a chatbot that only knows the world before 1931
• 21:9 : What are the most common authentication methods?
• 21:9 : cPanel Vulnerability Exposes Servers to Takeover
• 21:9 : CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
• 21:9 : Survey Sees Rising Demand for Senior Cybersecurity Pros in Age of AI
• 20:34 : Researchers move in the right direction, develop powerful GPS interference alarm
• 20:34 : The Hidden Tax on Security: How Data Costs Are Eating Your Controls Budget
• 20:13 : Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails
• 20:13 : GitHub Flaw Enables Remote Code Execution With a Single Git Push
• 19:38 : Microsoft’s patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
• 19:38 : [un]prompted 2026 – Your Agent Works For Me Now
• 19:38 : Designing trust and safety into Amazon Bedrock powered applications
• 19:9 : CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology
• 19:9 : Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
• 19:5 : IT Security News Hourly Summary 2026-04-29 21h : 4 posts
• 18:32 : Why Financial Services Leaders Are Re-Evaluating Open Source for Database Change Management
• 18:7 : Lazarus Hackers Attacking macOS Users With ‘Mach-O Man’ Malware Kit
• 18:6 : SAP npm Packages Compromised to Harvest Developer and CI/CD Secrets
• 18:6 : SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
• 17:36 : New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks
• 17:36 : Adapting Zero Trust Principles to Operational Technology
• 17:36 : Randall Munroe’s XKCD ‘Star Formation’
• 17:36 : 8 best practices for CISOs conducting risk reviews
• 17:5 : A Mini Shai-Hulud Targeting the SAP Ecosystem
• 17:4 : How Do I Fix CrashLoopBackOff in Kubernetes (Step‑by‑Step)?
• 16:34 : Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen
• 16:34 : SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
• 16:9 : CISA flags data-theft bug in NSA-built OT networking tool
• 16:5 : IT Security News Hourly Summary 2026-04-29 18h : 7 posts
• 15:34 : [un]prompted 2026 – Total Recon: How We Discovered 1000s Of Open Agents In The Wild
• 15:34 : New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
• 15:34 : CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog
• 15:7 : Internet censorship index reveals Russia’s lead and widespread content blocking
• 15:7 : Tinder And Zoom Introduce World ID Iris Scanning To Verify Humans Amid Rising AI Fake Profiles
• 15:7 : Nvidia’s AI Launch Sparks Quantum Stock Surge, Minting Xanadu’s CEO a Billionaire
• 15:7 : Cursor Extension Flaw Exposes Developer API Keys
• 14:34 : Microsoft won’t patch PhantomRPC: Feature or bug?
• 14:34 : Cyber Briefing: 2026.04.29
• 14:9 : All supported cPanel versions hit by critical auth bug, now patched
• 14:9 : AppSec is dead, long live AI security
• 14:9 : The new rules of war have no rules
• 14:9 : Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
• 13:37 : Today’s Odd Web Requests, (Wed, Apr 29th)
• 13:37 : Kuse Web App Abused to Host Phishing Document
• 13:37 : Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit
• 13:37 : Microsoft won’t patch PhantomRPC: Feature or bug?
• 13:37 : Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
• 13:37 : SLOTAGENT Malware Uses API Hashing and Encrypted Strings to Hinder Reverse Engineering
• 13:37 : Cursor AI Coding Agent Vulnerability Allow Attackers to Execute Code on Developer’s Machine
• 13:36 : Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
• 13:36 : Oracle Risk Management Cloud vs SafePaaS: What you should evaluate
• 13:36 : Miggo Security Leverages AI to Apply Virtual Patches in Near Real Time
• 13:36 : Sevii Adds Ability to Dynamically Deploy AI Agents to Combat Cyberattacks
• 13:36 : Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
• 13:36 : State CISOs losing confidence in ability to manage cyber risks
• 13:7 : Brinker Introduces a Novel Approach to Deepfake Detection
• 13:7 : GitHub: Woah, a genuinely helpful AI-assisted bug report that isn’t total slop. Here, Wiz, take this wad of cash
• 13:7 : Hybrid Authentication Environments
• 13:7 : AI-Powered Legacy System Transformation: Solving Technical Debt & Integration Challenges
• 13:7 : Hackernoon | Why Cloud Monitoring Has Become K–12’s Most Critical Cyber Defense Tool
• 13:7 : Researchers Track 2.9 Billion Compromised Credentials
• 13:5 : IT Security News Hourly Summary 2026-04-29 15h : 17 posts
• 12:36 : Cursor AI Extension Flaw Exposes Developer Tokens to Credential Theft
• 12:35 : Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks
• 12:35 : Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks
• 12:35 : CISA Warns Microsoft Windows Shell 0-click Vulnerability Exploited in Attacks
• 12:35 : Vimeo Confirms Data Breach – Hackers Accessed Users Database
• 12:35 : Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection
• 12:35 : EU waves through open source age-check tool to keep kids safe online
• 12:35 : Hundreds of Internet-Facing VNC Servers Expose ICS/OT
• 12:35 : Protective Security in the NCSC CAF: A Practical Guide for UK SMEs
• 12:35 : Polymarket denies data breach claims
• 12:35 : Malwarebytes integrates with Claude for scam checks
• 12:35 : Meta Faces EU DSA Violations
• 12:34 : Canada proposes crypto ATM ban
• 12:34 : Pentagon launches cyber apprenticeship program
• 12:5 : CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks
• 12:5 : Cursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ Machines
• 12:5 : What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
• 11:32 : US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks
• 11:32 : U.S. Charges Suspected Scattered Spider Member Over Cyber Intrusions
• 11:32 : Checkmarx Confirms Data Stolen in Supply Chain Attack
• 11:32 : Data Privacy Leaks – The Drip, Drip, Drip of Exposure
• 11:10 : Scam-checking just got a lot easier: Malwarebytes is now in Claude
• 11:10 : Iranian Cyber Group Handala Targets US Troops in Bahrain
• 11:10 : Why Traditional IAM Is No Match for Agentic AI
• 11:10 : AI Usage Monitoring: How to See Everything Your Employees Are Doing with AI – FireTail Blog
• 11:10 : What Is IAM for Agentic AI? The New Perimeter of Trust in 2026
• 11:9 : AI Governance and Risk Insights for Enterprises | Kovrr
• 11:9 : Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
• 11:9 : Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
• 10:33 : Claude Mythos Has Found 271 Zero-Days in Firefox
• 10:33 : CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
• 10:33 : A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
• 10:9 : AI-powered honeypots: Turning the tables on malicious AI agents
• 10:9 : Share Prices Sag After Report Says OpenAI Missed Targets
• 10:9 : VECT 2.0 Ransomware Wipes Large Files Across Windows, Linux & ESXi
• 10:9 : GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
• 10:9 : New VECT 2.0 Ransomware Destroys Files Over 128 KB Across Windows, Linux, and ESXi
• 10:9 : New Vect 2.0 RaaS Operation Targets Windows, Linux, and ESXi Systems
• 10:9 : 38 Vulnerabilities Found in OpenEMR Medical Software
• 10:5 : IT Security News Hourly Summary 2026-04-29 12h : 8 posts
• 9:34 : EU Plans Competition Push For Cloud, AI
• 9:34 : Chrome 147, Firefox 150 Security Updates Rolling Out
• 9:34 : ISOP Disk Special Features
• 9:9 : Amazon Expands Cloud Deal With OpenAI
• 9:9 : US Halts Chip Gear Shipments To China’s Hua Hong
• 9:9 : Cursor AI IDE vulnerability allows code execution via hidden Git hooks
• 9:9 : Microchip expands Trust Shield with PQC-ready root of trust and secure boot controllers
• 9:9 : CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
• 8:34 : Top AI-Powered Vendor Risk Management Platforms for SaaS Companies in 2026
• 8:34 : Bad Bot Report 2026: The Internet Is No Longer Human and It’s Changing How Business Works
• 8:34 : amazeeClaw simplifies production deployment of AI agents with regional control
• 8:34 : DigitalOcean AI-Native Cloud unifies infrastructure, inference, and agents for production AI
• 8:34 : Kaseya agentic IT management unifies data and automates ticketing, security and backups
• 8:9 : Google In Pentagon Deal For Classified AI Work
• 8:9 : Vimeo Confirms Data Breach After Hackers Access User Database
• 8:9 : SLOTAGENT Malware Hides API Calls and Strings to Thwart Analysis
• 8:9 : ShinyHunters exploit Anodot incident to target Vimeo
• 8:9 : U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog
• 8:9 : cPanel Warns of Critical Authentication Flaw – Emergency Patch Released
• 8:9 : New BlueNoroff Campaign Uses Fileless PowerShell and AI-Generated Zoom Lures
• 8:9 : amazee.ai’s amazeeClaw simplifies production deployment of AI agents with regional control
• 7:34 : Met Police Federation Decries ‘Outrageous’ Palantir AI System
• 7:34 : LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection
• 7:34 : Eino’s agentic network observability platform enables real-time, AI-driven network insights
• 7:34 : Virtue AI PolicyGuard turns AI policies into enforceable runtime guardrails
• 7:34 : Agent payments, Russian phishing, LeRobot RCE flaw
• 7:14 : US Law Enforcement Agencies Aim at Romance Scam Centers in Southeast Asia
• 7:14 : Cornerstone Plans 65-Foot 5G Mast In York
• 7:14 : 30 ClawHub skills secretly turn AI agents into a crypto swarm
• 7:13 : Fedora Linux 44 ships with GNOME 50 and KDE Plasma 6.6
• 7:5 : IT Security News Hourly Summary 2026-04-29 09h : 8 posts
• 6:34 : Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi
• 6:34 : CISA Warns of Windows Shell Zero-Day Exploited in Attacks
• 6:34 : Critical GitHub Vulnerability Exposed Millions of Repositories
• 6:34 : Betting on Cybercrime – Prediction Markets and Hacking
• 6:5 : Microsoft Confirms Remote Desktop Warning Issue After April Update
• 6:5 : cPanel Releases Emergency Patch for Critical Authentication Flaw
• 6:5 : Purple Team
• 6:5 : The Exchange Online security controls organizations keep getting wrong
• 6:5 : LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
• 5:34 : BlueNoroff Deploys Fileless PowerShell in AI-Generated Zoom Lure Campaign
• 5:34 : AI prompt confidentiality and false citations worry researchers
• 5:14 : GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution
• 5:13 : Massive Python Supply Chain Hack, $2.1B Scam Losses, North Korea Targets Crypto Execs
• 4:38 : Product showcase: SimpleX Chat removes user identifiers from messaging
• 4:38 : Identity discovery: The overlooked lever in strategic risk reduction
• 2:32 : Post-Quantum Cryptographic Agility in Model Context Protocol Transport
• 2:11 : ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)
• 1:5 : How a Long-Lived API Credential Let an AI Agent Delete Production Data
• 22:34 : FIDO Alliance wants to keep AI agents from going rogue on online payments
• 22:8 : New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords
• 22:8 : 6 Best Intrusion Detection & Prevention Systems in 2026
• 22:8 : Best AI Deepfake and Scam Detection Tools for Security in 2026
• 22:8 : 7 Best Network Security Tools to Use in 2026
• 22:5 : IT Security News Hourly Summary 2026-04-29 00h : 4 posts
• 21:55 : IT Security News Daily Summary 2026-04-28