Solving The “What Is The Threat To OT Systems” Problem
Recently I wrote about the dichotomy between the reports and experts annually citing a big increase in the cyber threat to OT systems and the…
Author: Cybernoz
Huntress Managed ITDR (formerly MDR for Microsoft 365)
Since our inception, Huntress has had a guiding principle to protect the 99%. This ethos has led us to create products, features, and functionality that…
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is…
Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise
A critical remote code execution (RCE) vulnerability tracked as CVE-2026-3854 in GitHub’s internal git infrastructure that could have allowed any authenticated user to compromise backend…
Checkmarx Confirms Security Incident Involving GitHub Repository Exposure
Application security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar,…
New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords
Researchers from Forcepoint’s X-Labs team recently found a phishing campaign designed to steal login credentials from users. In this campaign, what grabbed researchers’ attention was…
FIDO Alliance wants to keep AI agents from going rogue on online payments
AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how…
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer…
Court of Appeal rejects Post Office Capture case delay request
The Court of Appeal has rejected the Post Office’s request for an extension to the time in which it must respond to an appeal against…
GitHub patches critical ‘git push’ remote code execution bug
Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed arbitrary remote code execution, following a report from Wiz…
Vimeo Confirms User and Customer Data Breach
Video hosting platform Vimeo has confirmed that hackers have stolen user and customer data following an attack involving a third-party vendor. According to Vimeo, hackers…
CVE-2026-3854 GitHub flaw enables remote code execution
CVE-2026-3854 GitHub flaw enables remote code execution Pierluigi Paganini April 28, 2026 Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push,…