EPISODE · Apr 29, 2026 · 4 MIN
Apr 29, 2026 · #41
from Security Brief Daily · host Security Brief Daily
Episode 41 — 29 Apr 2026 1. CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities... 2. Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854... 3. US reportedly charges Scattered Spider hacker arrested in Finland Source: Bleeping Computer A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. According to temporarily unsealed court records obtained by... 4. Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is... 5. LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure Source: The Hacker News In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The... 6. Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data Source: Bleeping Computer Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. Although the investigation is ongoing, Checkmarx believes that the access vector was the Trivy supply-chain attack attributed to the... 7. Broken VECT 2.0 ransomware acts as a data wiper for large files Source: Bleeping Computer Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered... 8. Video service Vimeo confirms Anodot breach exposed user data Source: Bleeping Computer Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. The video platform says that the threat actor accessed email addresses for some of its...
What this episode covers
Episode 41 — 29 Apr 2026 1. CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities... 2. Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854... 3. US reportedly charges Scattered Spider hacker arrested in Finland Source: Bleeping Computer A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. According to temporarily unsealed court records obtained by... 4. Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is... 5. LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure Source: The Hacker News In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The... 6. Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data Source: Bleeping Computer Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. Although the investigation is ongoing, Checkmarx believes that the access vector was the Trivy supply-chain attack attributed to the... 7. Broken VECT 2.0 ransomware acts as a data wiper for large files Source: Bleeping Computer Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered... 8. Video service Vimeo confirms Anodot breach exposed user data Source: Bleeping Computer Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. The video platform says that the threat actor accessed email addresses for some of its...
NOW PLAYING
Apr 29, 2026 · #41
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.