@securebulletin.com@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Navigating the cyber sea with knowledge
Site URL: securebulletin.com
Feed URL: securebulletin.com/feed
Posts: 30
Followers: 1
BlueNoroff Deploys AI Deepfake Zoom Lures and Fileless PowerShell to Drain Crypto Wallets Across 20+ Countries
Published: April 29, 2026 09:51
North Korea's BlueNoroff subgroup has launched a sophisticated global campaign targeting cryptocurrency and Web3 executives, using AI-generated deepfake Zoom meetings, ClickFix clipboard injection, and fileless PowerShell implants that operate entirely in…
cPanel Emergency Patch: Critical Authentication Bypass Threatens Millions of Hosted Websites
Published: April 29, 2026 09:50
cPanel has issued emergency security patches across all supported versions to address a critical authentication vulnerability in cPanel and WHM that could allow attackers to bypass login mechanisms and gain root-level server control. The flaw was confirmed…
Critical GitHub RCE Vulnerability CVE-2026-3854 Exposed Millions of Repositories to Cross-Tenant Access
Published: April 29, 2026 09:12
Wiz researchers used AI-augmented reverse engineering to uncover CVE-2026-3854, a critical RCE flaw in GitHub's internal git infrastructure that could have enabled any authenticated user to execute code on backend servers and access millions of private…
APT28 Exploits Windows 0-Click Flaw CVE-2026-32202 to Steal NTLM Hashes via Defender SmartScreen Bypass
Published: April 29, 2026 09:11
Russian state-sponsored APT28 is actively exploiting CVE-2026-32202, a zero-click Windows Shell vulnerability that bypasses Defender SmartScreen and silently exfiltrates Net-NTLMv2 credential hashes. Microsoft patched the flaw in April 2026 Patch Tuesday…
Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware
Published: April 28, 2026 16:36
Threat actors are using fake GitHub repositories impersonating the leaked Anthropic Claude Code source to deliver a Rust dropper that installs both the Vidar infostealer (v18.7) and GhostSocks proxy malware. The campaign is part of a broader rotating-lure…
ClickUp’s Hardcoded API Key Has Silently Leaked 959 Corporate and Government Emails for 15 Months
Published: April 28, 2026 16:35
A hardcoded API key in ClickUp's public JavaScript file exposed 959 corporate and government email addresses for over 15 months after responsible disclosure in January 2025. Affected organizations include Fortinet, Home Depot, Mayo Clinic, and multiple…
Microsoft Defender “RedSun” Zero-Day (CVE-2026-33825): Unpatched Exploit Grants Full SYSTEM Access
Published: April 28, 2026 10:30
An unpatched zero-day dubbed RedSun (CVE-2026-33825) actively exploits a flaw in Windows Defender's cloud file rollback mechanism to grant attackers full SYSTEM privileges. A public PoC has been available since April 16 and threat actors are actively…
Critical CVSS 9.8 Flaw in CrowdStrike LogScale Lets Unauthenticated Attackers Read Server Files
Published: April 28, 2026 08:22
CrowdStrike has issued an emergency advisory for CVE-2026-40050, a CVSS 9.8 unauthenticated path-traversal flaw in LogScale that lets remote attackers read arbitrary files from the server filesystem. Self-hosted deployments must patch immediately.
Pack2TheRoot: Critical Linux Privilege Escalation Flaw in PackageKit Affects 12+ Years of Releases (CVE-2026-41651)
Published: April 28, 2026 08:02
Deutsche Telekom's Red Team has disclosed Pack2TheRoot (CVE-2026-41651), a critical local privilege escalation flaw in the PackageKit daemon affecting all major Linux distributions across 12+ years of releases, allowing any unprivileged user to gain full…
ShinyHunters Claims Udemy Data Breach: 1.4 Million User Records at Risk as Ransom Deadline Expires
Published: April 28, 2026 07:59
ShinyHunters has claimed a breach of Udemy affecting 1.4 million user records, setting a "Pay or Leak" ransom deadline of April 27, 2026. Udemy has not yet issued an official statement as cybersecurity researchers monitor the group's dark web leak site for…
Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
Published: April 28, 2026 07:58
Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a compromised GitHub Actions workflow, injecting credential-stealing malware as part of the ongoing Checkmarx supply chain…
GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace
Published: April 27, 2026 09:50
Aikido Security has identified 73 new GlassWorm "sleeper" extensions on the Open VSX marketplace, marking a dangerous escalation in a supply chain campaign targeting developers through hidden malicious code embedded in VS Code-compatible editor extensions.
State-Sponsored UAT-4356 Deploys FIRESTARTER Backdoor on Cisco Firepower Devices via Chained N-Day Vulnerabilities
Published: April 26, 2026 08:27
Cisco Talos has uncovered an active espionage campaign by state-sponsored group UAT-4356, which chains two Cisco Firepower FXOS vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to deploy the FIRESTARTER backdoor — a stealthy implant that intercepts…
CISA Adds Two Actively Exploited SimpleHelp Vulnerabilities to KEV Catalog — May 8 Patch Deadline
Published: April 26, 2026 08:24
CISA has added two chained vulnerabilities in SimpleHelp remote support software — CVE-2024-57726 (missing authorization) and CVE-2024-57728 (path traversal) — to its KEV catalog after confirming active exploitation. Organizations have until May 8, 2026 to…
ADT Confirms Data Breach: ShinyHunters Claims 10 Million Records Stolen via Vishing Attack
Published: April 26, 2026 08:22
Home security giant ADT Inc. has confirmed a data breach following a ShinyHunters claim of stealing over 10 million records. The group used a vishing attack to compromise an employee Okta SSO account and access Salesforce data, with an April 27 leak…
PhantomRPC: Unpatched Windows RPC Flaw Enables SYSTEM-Level Privilege Escalation on All Windows Versions
Published: April 26, 2026 08:21
Kaspersky researchers have revealed PhantomRPC, an unpatched architectural flaw in the Windows RPC runtime that allows local privilege escalation to SYSTEM level via five distinct attack paths. Microsoft has declined to issue a CVE or patch, classifying…
Kali Linux 2026.1 Released: Eight New Hacking Tools, Kernel 6.18, and Enhanced Mobile Pentesting
Published: April 25, 2026 19:10
Kali Linux 2026.1 has been released with eight new hacking tools including AdaptixC2, Atomic-Operator, and MetasploitMCP, alongside the Linux 6.18 kernel, enhanced Samsung S10 wireless support, and Claude AI integration for AI-assisted penetration testing.
Microsoft Confirms Windows Server 2025 Domain Controllers Enter Reboot Loops After April 2026 Patch
Published: April 25, 2026 19:09
Microsoft has confirmed that the April 2026 cumulative update KB5082063 causes Windows Server 2025 domain controllers to enter reboot loops, with some systems also failing to install the update. IT admins should pause DC patching immediately and prepare…
Microsoft’s April 2026 Update Adds New RDP Security Warnings to Protect Against Phishing via .rdp Files
Published: April 25, 2026 12:28
Microsoft's April 2026 Patch Tuesday introduces new multi-layer warning dialogs in Windows Remote Desktop Connection, designed to protect users from phishing attacks that weaponize .rdp files — a technique previously exploited by Russian state group…
Microsoft Patch Tuesday April 2026: 168 Vulnerabilities Fixed Including Actively Exploited SharePoint Zero-Day
Published: April 25, 2026 12:28
Microsoft's April 2026 Patch Tuesday fixes a record 168 vulnerabilities, including an actively exploited SharePoint zero-day (CVE-2026-32201) and a publicly disclosed Microsoft Defender privilege escalation flaw. Security teams should patch immediately.
Threat Group UNC6692 Breaches Enterprise Networks via Microsoft Teams Impersonation and SNOW Malware Suite
Published: April 24, 2026 18:21
The newly identified threat group UNC6692 is compromising enterprise networks by impersonating IT helpdesk staff on Microsoft Teams, deploying a modular three-component malware suite called SNOW, and leveraging AWS S3 and Heroku for command-and-control —…
Hackers Abuse SS7 and Diameter Protocols to Track Mobile Users Worldwide
https://securebulletin.com/hackers-abuse-ss7-and-diameter-protocols-to-track-mobile-users-worldwide/
Published: April 24, 2026 18:20
Citizen Lab researchers have uncovered two sophisticated threat actors, STA1 and STA2, exploiting legacy SS7 and 4G Diameter telecom protocols to silently track high-value mobile users across the globe. The attacks require no malware on the target's device…
North Korean IT Worker Scheme: How DPRK Operatives Infiltrate Companies to Fund Weapons Programs
Published: April 24, 2026 09:01
A Team Cymru investigation has exposed the technical infrastructure behind North Korea's long-running fake IT worker scheme, revealing how state-sponsored operatives use stolen identities, commercial VPNs, and U.S.-based laptop farms to fraudulently earn…
Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend
Published: April 24, 2026 09:01
JFrog Security researchers have uncovered a malicious npm package, js-logger-pack, that uses Hugging Face as both a malware delivery network and an exfiltration backend for stolen data. The cross-platform implant establishes persistence, harvests…
Lotus Wiper: New Destructive Malware Targets Venezuelan Energy Sector in Geopolitically Motivated Attack
Published: April 23, 2026 15:00
A newly discovered wiper dubbed Lotus Wiper has been deployed against energy and utilities targets in Venezuela. Masquerading as HCL Domino components and triggered via a NETLOGON flag file, it destroys data irrecoverably — with no ransom note in sight.
Checkmarx KICS Docker Hub Repo Hijacked: Trojanized Images and VS Code Extensions Harvest Developer Secrets
Published: April 23, 2026 14:59
Attackers overwrote official Checkmarx KICS tags on Docker Hub and weaponized its VS Code extensions to deploy a credential stealer that exfiltrates GitHub tokens, AWS keys, SSH keys, and cloud credentials to a typo-squatted endpoint.
Apple Patches iOS Notification Flaw (CVE-2026-28950) That Let the FBI Read Deleted Signal Messages
Published: April 23, 2026 14:59
Apple has shipped iOS 26.4.2 to fix CVE-2026-28950, a notification-logging flaw that let forensic investigators recover Signal message previews long after the app was uninstalled. Signal has praised Apple for acting quickly after the 404 Media disclosure.
Vercel Confirms OAuth Supply Chain Breach Linked to Context.ai Compromise; ShinyHunters Claims Responsibility
Published: April 23, 2026 14:58
Vercel has disclosed an internal breach caused by a compromised Context.ai OAuth token harvested via Lumma Stealer. A limited set of customer accounts had non-sensitive environment variables exposed, and ShinyHunters is now attempting to sell allegedly…
Apache ActiveMQ Classic CVE-2026-34197: 13-Year-Old Vulnerability Now Under Active Exploitation, CISA Issues Federal Patch Mandate
Published: April 23, 2026 09:00
A high-severity deserialization flaw in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) that has existed for 13 years is now being actively exploited in the wild. CISA has added it to its Known Exploited Vulnerabilities catalog and mandated federal…
Booking.com Notifies Customers of Data Breach Exposing Reservation Details and Personal Information
Published: April 22, 2026 13:13
Booking.com has notified customers of a data breach that exposed personal information including full names, addresses, phone numbers, email addresses, and detailed reservation data. The breach originated from a third-party system and security experts warn…