Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [30 Apr 2026]

admin
Cybersecurity News | Daily Recap [30 Apr 2026]
Daily Recap, critical supply-chain flaws in Gemini CLI and SAP npm could enable host RCE, token theft, and secret-stealing malware in CI/CD and developer environments. Daily Recap, a WordPress redirect plugin used by over 70,000 sites hid a dormant backdoor for five years while a separate GitHub flaw exposed millions of private repositories. #GeminiCLI #SAPnpm #WordPressBackdoor #GitHubRCE #cPanelZeroDay #CopyFail #Qinglong #PromptMink #SandhillsMedical #Roblox #Dubai #CryptoScamRaid #VercelBreach

Supply Chain

  • Gemini CLI and SAP npm packages were hit by critical supply-chain flaws that could enable host RCE, token theft, and secret-stealing malware in CI/CD and developer environments. – Gemini CLI, Google Fixes, SAP npm, Mini Shai-Hulud
  • A malicious WordPress redirect plugin used by more than 70,000 sites hid a dormant backdoor for 5 years, while a separate GitHub flaw exposed millions of private repositories before being fixed. – WordPress Backdoor, GitHub RCE

Vulnerabilities

  • A critical cPanel/WHM authentication bypass was exploited as a zero-day, prompting emergency patches for hosting servers and accounts. – cPanel Zero-Day, cPanel Fix
  • The LinuxCopy Fail” flaw (CVE-2026-31431) can give local attackers root on major distros via a tiny page-cache write, with PoC code already public. – Copy Fail
  • Qinglong task-scheduler auth-bypass bugs (CVE-2026-3965, CVE-2026-4047) were actively abused to drop cryptominers on developer servers before full fixes landed. – Qinglong Exploit

Cloud & Identity

  • AI agents, shadow apps, and OAuth sprawl are creating new identity risks, with attackers using autonomous workflows to map Active Directory and seize admin access in minutes. – AI Identity Risk, Exposure Validation, OAuth Sprawl
  • Vercel-style shadow AI integrations show how third-party OAuth bridges can become persistent entry points into enterprise SaaS environments. – Vercel Breach

Extortion & Fraud

  • International police dismantled 9 crypto scam centers in Dubai and arrested 276 suspects tied to pig-butchering schemes and large-scale investment fraud. – Crypto Scam Raid, Dubai Takedown
  • Attackers hijacked and sold more than 610,000 Roblox accounts, including at least 357 elite accounts, using info-stealing malware disguised as a game enhancer. – Roblox Theft
  • Sandhills Medical reported a ransomware breach affecting 170,000 people, underscoring continued pressure on healthcare targets. – Sandhills Breach

Policy & Regulation

  • The U.S. House renewed Section 702 surveillance authority for 3 years, while the European Commission accused Meta of failing child-safety obligations under the Digital Services Act. – Section 702, Meta Probe
  • Lawmakers are debating whether data centers should be treated as critical infrastructure amid AI-driven growth and attacks, with concerns spanning Amazon Web Services, Azure, and Google Cloud. – Data Centers

Threat Intelligence

  • A new DPRK-linked campaign dubbed PromptMink used AI-inserted npm malware, fake firms, typosquatting, and RATs to steal credentials and crypto-wallet data. – PromptMink
  • Fresh research shows new public assets are often scanned within minutes and can be compromised within 24 hours, making continuous external attack-surface monitoring essential. – First 24 Hours

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint