Latest Cybersecurity News

The Hacker NewsApr 28, 20264m4

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

The Hacker News

The Hacker NewsApr 28, 20265m4

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, escalating gaming threats.

Vimeo Confirms User and Customer Data Breach

Vimeo Confirms User and Customer Data Breach

The ShinyHunters group is threatening to leak stolen files unless Vimeo agrees to pay a ransom.

The Mythos Moment: Enterprises Must Fight Agents with Agents

SecurityWeekApr 28, 20265m4

The Mythos Moment: Enterprises Must Fight Agents with Agents

Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era.

US reportedly charges Scattered Spider hacker arrested in Finland

BleepingComputer

Malware & Threats

US reportedly charges Scattered Spider hacker arrested in Finland

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective.

BleepingComputerApr 28, 20263m4

Webinar Today: A Step-by-Step Approach to AI Governance

Webinar Today: A Step-by-Step Approach to AI Governance

Join the webinar to explore a practical, multi-layered roadmap to transition from fragmented AI usage to a governed, scalable ecosystem.

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

Dark Reading

Dark ReadingApr 28, 20261m4

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

BleepingComputer

Malware & Threats

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository.

BleepingComputerApr 28, 20263m4

Robinhood Vulnerability Exploited for Phishing Attacks

Robinhood Vulnerability Exploited for Phishing Attacks

Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites.

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

The Hacker News

The Hacker NewsApr 28, 20265m4

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 destroys files over 131KB due to nonce flaw, launched December 2025, making ransom payments useless.

Alleged Chinese State Hacker Extradited to US

Alleged Chinese State Hacker Extradited to US

A member of Silk Typhoon, Xu Zewei is accused of launching cyberattacks against universities in the US.