Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged…
Roblox hackers arrested, Microsoft 0-day falls short, Dubai scam takedown
Hackers arrested for selling Roblox accounts Microsoft’s patch for a 0-day falls short US & China partner on Dubai scam takedown Get the show notes here: https://cisoseries.com/cybersecurity-news-roblox-hackers-arrested-microsoft-0-day-falls-short-dubai-scam-takedown/ Thanks to our episode sponsor, Guardsqaure AI is speeding up development, but at…
IT Security News Hourly Summary 2026-04-30 09h : 5 posts
5 posts were published in the last hour 7:4 : O2 Looks To Boost Sunderland 5G Service 7:4 : Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 7:4 : A photon was teleported across…
O2 Looks To Boost Sunderland 5G Service
O2, Cornerstone apply to add more 5G antennas to rooftop base station at Sunderland Telephone Exchange to boost capacity This article has been indexed from Silicon UK Read the original article: O2 Looks To Boost Sunderland 5G Service
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor. This article has been indexed from Securelist Read the original article: Silver Fox uses the new ABCDoor…
A photon was teleported across 270 meters in stunning quantum breakthrough
Scientists have pulled off a first: teleporting a photon’s state between two separate quantum dots. This was done over a 270-meter open-air link, proving quantum information can travel between independent devices. The achievement marks a key step toward building quantum…
Identity Access Management Strategy for Non-Human Identities
Build an identity and access management strategy for non-human identities. Secure service accounts, workloads, and machine identities in the cloud. The post Identity Access Management Strategy for Non-Human Identities appeared first on Security Boulevard. This article has been indexed from…
Ukrainian Police Arrest Three Hackers Who Compromised 610,000 Roblox Accounts and Sold Them for $225,000
Ukrainian police in Lviv have arrested three people aged 19, 21, and 22 for hacking more than 610,000 Roblox accounts between October 2025 and January 2026. Thank you for being a Ghacks reader. The post Ukrainian Police Arrest Three Hackers…
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets
Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting…
SOC 2 Type 2 mapping to Secure SDLC Requirements
We started to talk about the SOC2 Type 2 certification and I feel that we neglected it a bit. I wrote a bit about SDLC, Secure SDLC in particular, but now it is time to bring them together. SOC 2…
Cursor AI Extension Access Developer Tokens Leads to Full Credential Compromise
A high-severity access-control vulnerability (CVSS 8.2) in Cursor, a widely used AI-powered coding environment. The flaw uncovered by LayerX has allowed any installed extension to access a developer’s API keys and session tokens secretly. This results in total credential compromise…
Security Researchers Uncover QEMU-Powered Evasion in Payouts King Ransomware
Several recent incidents of ransomware activity attributed to the Payouts King operation have highlighted a systematic shift toward virtualization-assisted intrusions, with attackers embedding QEMU as an execution layer within compromised systems. QEMU instances can be configured as reverse SSH…
ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks
A newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the issue…
SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls
SonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, manipulate restricted files, and intentionally…
Linux Kernel 0-Day “Copy Fail” Grants Root Access Across Major Distros Since 2017
Security researchers have disclosed a critical zero-day vulnerability in the Linux kernel dubbed “Copy Fail” (CVE-2026-31431), which allows unprivileged local users to gain root access. Using a tiny 732-byte Python script, attackers can exploit a logic flaw present in major…
Salesforce’s New “Headless 360” Lets AI Agents Run Its Platform
Salesforce has introduced what it describes as the most crucial architectural overhaul in its 27-year history, launching a new initiative called “Headless 360.” The update is designed to allow artificial intelligence agents to control and operate the company’s entire…
IT Security News Hourly Summary 2026-04-30 06h : 2 posts
2 posts were published in the last hour 4:5 : Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017 3:32 : Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities
Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017
A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017. Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was…
Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities
As the OpenClaw ecosystem continues to surge in popularity, more customers are deploying and utilizing these AI agents on a large scale. However, this growth has brought significant security challenges to the forefront, including over 33 documented CVE vulnerabilities, 288+…
Adaptive Security Leadership in an Expanding Threat Surface
Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply…
Udemy Data Breach – 1.4 Million Records Leaked by ShinyHunters
One of the world’s largest online learning platforms Udemy data breach. The cyber threat group ShinyHunters has claimed… The post Udemy Data Breach – 1.4 Million Records Leaked by ShinyHunters appeared first on Hackers Online Club. This article has been…
ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912, (Thu, Apr 30th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, April 30th, 2026…
KasadaIQ’s Q1 Insights: How AI Became Adversary Infrastructure
KasadaIQ’s Q1 2026 Threat Intelligence Report highlights a structural shift in automated threats: AI is now embedded across the adversary lifecycle. From large-scale account commoditization to verification bypass and AI agent exploitation, organizations face a rapidly evolving and industrialized threat…
Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch
Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched users. The post Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch appeared first on TechRepublic. This article has…