Tech & Science
cPanel Issues Critical Security Patch; Namecheap Restricts Access
SAN FRANCISCO — cPanel released emergency security updates Tuesday to address a critical authentication vulnerability in its control panel software, prompting hosting provider Namecheap to block speci...
TeamPCP Threat Actors Compromise Official SAP npm Packages in Supply-Chain Attack
BERLIN — A group of threat actors known as TeamPCP has compromised multiple official SAP npm packages in a supply-chain attack designed to steal developer credentials and authentication tokens. The a...
Hackers Exploit Critical Vulnerability in LiteLLM to Access Sensitive Credentials
LONDON — Cybersecurity researchers have identified a critical SQL injection vulnerability in LiteLLM, an open-source library used to manage artificial intelligence API calls, that is being actively ex...
GitHub Addresses Critical Vulnerability Allowing Remote Code Execution via Git Push
SAN FRANCISCO — GitHub disclosed a critical remote code execution vulnerability on Monday that could have allowed attackers to access millions of repositories across the platform through a single git ...
GlassWorm Campaign Targets OpenVSX with 73 Malicious Extensions
LONDON (AP) — A sophisticated cyberattack campaign known as GlassWorm has infiltrated the OpenVSX ecosystem, deploying 73 malicious extensions designed to steal cryptocurrency wallets and developer cr...
Medtronic Confirms Data Breach After Hackers Claim 9 Million Records Stolen
MINNEAPOLIS — Medtronic confirmed Monday that its corporate IT systems were compromised in a cyberattack, following claims by a threat actor that more than 9 million records were stolen. The medical t...
Critical Linux Kernel Flaw 'Copy Fail' Allows Unprivileged Root Access
LONDON (AP) — A high-severity logic flaw in the Linux kernel, dubbed 'Copy Fail,' allows unprivileged attackers to gain root shell access by writing code to other files' memory, cybersecurity firm The...
Vimeo Confirms Data Breach Following Attack on Third-Party Vendor
NEW YORK — Vimeo confirmed Monday that hackers stole user and customer data following a cyberattack on a third-party analytics vendor, Anodot. The video hosting platform disclosed the breach after the...
Checkmarx Confirms Data Leak Following Supply Chain Attack
NEW YORK — Checkmarx confirmed on Sunday that data from its GitHub repository was posted on the dark web following a supply chain attack on March 23, 2026. The incident involved compromised workflows ...
Utility Software Firm Itron Reports Cybersecurity Breach
SEATTLE — Itron Inc., a major provider of utility software and hardware, disclosed on Saturday that an unauthorized third party gained access to its internal IT systems. The company, which serves elec...
Microsoft Releases Optional Windows 11 Update with 34 Fixes
REDMOND, Wash. (AP) — Microsoft Corp. released an optional cumulative update for Windows 11 on Thursday, introducing 34 changes aimed at improving system stability, security, and user experience. The ...
Anthropic Launches Claude Security to Combat AI-Driven Cyber Threats
SAN FRANCISCO — Anthropic released Claude Security on Wednesday, a new artificial intelligence tool designed to help enterprises identify and remediate cybersecurity vulnerabilities at an accelerated ...
Windows 11 Update Disrupts Backup Software for Major Vendors
LONDON (AP) — A critical security update released by Microsoft for Windows 11 has triggered widespread failures in backup software across multiple major vendors, disrupting data protection operations ...
High-Severity Linux Vulnerability 'Copy Fail' Disclosed by Researchers
LONDON — Cybersecurity researchers from Xint.io and Theori disclosed a critical security flaw in the Linux kernel on Wednesday that allows unprivileged users to escalate their access to root privilege...
Google, Cursor Patch Critical Security Flaws in AI Tools
SAN FRANCISCO (AP) — Google and Cursor on Wednesday patched critical security vulnerabilities in their artificial intelligence tools that could have allowed attackers to execute remote code on user sy...
Hackers Exploit Vulnerabilities in Qinglong Tool to Deploy Cryptominers
BEIJING — Hackers exploited two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers across China. The attack, detected ...
CISA Orders Federal Agencies to Patch Critical Windows Vulnerability Amid Zero-Day Attacks
WASHINGTON — The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive Tuesday ordering all U.S. federal agencies to immediately patch a critical Windows vulnerability ...
Microsoft Teams Free users face chat, call outage after backend update
Microsoft is working to resolve a service disruption affecting chat and call functionality for some users of the free version of Microsoft Teams. The outage stems from a recently deployed backend chan...
Threat Actors Exploit Robinhood Flaw to Inject Phishing Emails
SAN FRANCISCO — Threat actors exploited a vulnerability in Robinhood's account creation process to inject phishing emails designed to mimic legitimate login alerts, the financial technology company co...
Microsoft to End Support for Legacy TLS Protocols in Exchange Online by 2026
Microsoft announced Wednesday it will discontinue support for legacy Transport Layer Security (TLS) 1.0 and 1.1 connections for POP and IMAP email clients in Exchange Online, effective July 2026. The ...
Critical Vulnerability in Hugging Face LeRobot Allows Remote Code Execution
A critical security flaw in Hugging Face's open-source robotics framework, LeRobot, allows unauthenticated attackers to execute arbitrary code remotely, researchers disclosed on Monday. The vulnerabi...
Microsoft patches critical Entra ID flaw allowing privilege escalation
Microsoft has patched a critical security vulnerability in its Entra ID service that allowed attackers to escalate privileges and take over service principals through the Agent ID Administrator role. ...
Kaspersky Researcher Discovers Unpatched Windows Privilege Escalation Flaw
MOSCOW (AP) — A security researcher from Kaspersky has identified a new privilege escalation vulnerability in Microsoft Windows that allows attackers to gain System-level access without requiring a so...
AI Vulnerability Discovery Forces U.S. Financial Sector to Overhaul Security Protocols
WASHINGTON (AP) — Advanced artificial intelligence models are identifying software vulnerabilities at unprecedented speeds, compelling U.S. financial institutions to abandon traditional patch cycles i...
Microsoft Fixes Bug in Windows Security Warnings for Remote Desktop Files
Microsoft confirmed Monday that a software bug is causing newly introduced security warnings to display incorrectly when users open Remote Desktop (.rdp) files on certain Windows devices. The issue a...
BleepingComputer, Flare Team Up for Cyberattack Warning Webinar
NEW YORK — BleepingComputer announced Thursday it will host a live webinar on April 30, 2026, featuring cybersecurity experts from Flare and Tammy Harper to discuss identifying early warning signs of ...
Microsoft Investigates Global Outlook.com Outage
Microsoft is investigating a widespread outage affecting Outlook.com, leaving users unable to access their email accounts globally. The disruption began around midday UTC on Sunday, April 27, 2026, ca...
New Linux Vulnerability Allows Local Users to Gain Root Access
FRANKFURT — A newly discovered vulnerability in the PackageKit daemon, a core component of many Linux distributions, allows local users to escalate privileges and gain root access without authenticati...
Microsoft to Enable Passkey Support for Windows Devices in April 2026
Microsoft will begin rolling out passkey support for phishing-resistant passwordless authentication to Microsoft Entra-protected resources from Windows devices starting late April 2026. The update aim...
CISA Orders Federal Agencies to Patch Critical Zimbra Vulnerability Amid Active Exploitation
WASHINGTON (AP) — The Cybersecurity and Infrastructure Security Agency has issued an emergency directive ordering federal agencies to patch a critical vulnerability in Zimbra Collaboration Suite serve...