Cybersecurity News | Daily Recap [29 Apr 2026]

Fraud & Law Enforcement

• European police dismantled a €50 million crypto investment scam ring, arresting 10 suspects who ran fake trading call centers in Tirana and used remote-access tools to steal and launder victim funds – Crypto Ring

Critical Vulnerabilities

• LiteLLM was hit by a critical SQL injection flaw (CVE-2026-42208) that was exploited days after disclosure to expose API keys and credentials, with version 1.83.7 released to fix it – LiteLLM Fix, LiteLLM Exploit
• GitHub patched a critical command-injection bug (CVE-2026-3854) that let an authenticated user trigger RCE with a single git push, affecting GitHub.com and GitHub Enterprise Server – GitHub RCE
• CISA and Microsoft warned that CVE-2026-32202, a zero-click Windows Shell flaw linked to APT28, is being actively exploited to steal Net-NTLMv2 hashes – Windows Zero-Day, Active Exploit
• OpenEMR was found to contain 39 vulnerabilities including 38 CVEs, with issues spanning SQL injection, auth bypass, and possible RCE against protected medical data – OpenEMR Bugs

Supply Chain & Breaches

• Checkmarx confirmed data theft after a Trivy supply-chain attack and related LAPSUS$ leak exposed source code, employee data, API keys, and credentials from its KICS project – Checkmarx Breach, LAPSUS$ Leak
• Vimeo said attackers accessed vendor-linked databases and exposed technical data, video metadata, and some email addresses after a breach tied to ShinyHunters and threatened Snowflake/BigQuery data exfiltration – Vimeo Breach, Anodot Exposure

Ransomware & Infostealers

• VECT 2.0 ransomware is effectively destroying files larger than 131 KB across Windows, Linux, and ESXi, making recovery impossible and turning the strain into a de facto data wiper – VECT 2.0, VECT Wiper
• Coinbase Cartel has extorted 100+ organizations by using stolen Infostealer credentials like RedLine, Lumma, and Vidar to access cloud and file-sharing services without encrypting systems – Coinbase Cartel
• 0APT and KryBit leaked each other’s data in a ransomware feud, exposing fake victim claims and useful IOCs for defenders – Ransomware Feud
• Cyber insurance claims data showed ransomware drove 90% of incurred losses in manufacturing, while misconfigured MFA (26%) and unpatched software (13%) were major failure points – Insurance Data

Threat Actors & Espionage

• Handala, an Iran-linked group, targeted US troops in Bahrain with WhatsApp threats, custom malware, wipers, and Telegram-based C2 tied to influence and intelligence operations – Handala Threat
• BlueNoroff used fake Zoom calls with AI avatars and stolen webcam footage to lure crypto executives into malware infections and credential theft – BlueNoroff Lure
• Scattered Spider saw another arrest-linked development as US authorities reportedly charged a suspect previously detained in Finland – Scattered Spider

Exposure & Infrastructure Risk

• Forescout found about 1.8 million RDP and 1.6 million VNC servers exposed online, including hundreds with unauthenticated access to ICS/OT systems and over 19,000 vulnerable to BlueKeep – RDP/VNC Risk

AI, Security Tech & Policy

• Anthropic’s Claude Mythos preview showed agentic AI can autonomously find and exploit flaws, prompting calls for defenders to use “agents with agents” while the US government weighs a cautious rollout – Mythos Risk, Federal Review
• Microchip expanded its Trust Shield line with PQC-ready root-of-trust and secure boot controllers to support secure firmware, attestation, and compliance goals – Microchip PQC
• Kaseya launched an agentic IT platform that automates ticketing, threat containment, backup validation, and security workflows through Kaseya Intelligence – Kaseya AI
• NGA said it is accelerating an AI-driven workforce overhaul while trying to move fast without undermining secure intelligence practices – NGA AI

Patch Tuesday & Product Updates

• Chrome 147 and Firefox 150 rolled out security updates, while Microsoft Teams Free suffered a backend-related outage affecting chat and calls – Browser Updates, Teams Outage

Leadership & Governance

• Rep. Delia Ramirez became the top House cybersecurity Democrat, with a focus on CISA staffing, national security risks, and oversight after incidents like SolarWinds – Ramirez Role

Cybersecurity News | Daily Recap – hendryadrian.com