📰 DAILY THREAT BRIEFING
Wednesday, April 29, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 29, 2026.

  1. BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
    — Dark Reading

    The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurre…
  2. Broken VECT 2.0 ransomware acts as a data wiper for large files
    — Bleeping Computer

    Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroy…
  3. Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
    — Bleeping Computer

    Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vu…
  4. NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
    — Dark Reading

    Chris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made,…
  5. Feuding Ransomware Groups Leak Each Other's Data
    — Dark Reading

    When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware op…
  6. Video service Vimeo confirms Anodot breach exposed user data
    — Bleeping Computer

    Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent brea…
  7. Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
    — The Hacker News

    Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that…
  8. Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
    — The Hacker News

    A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players w…
  9. VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
    — The Hacker News

    Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical fla…
  10. HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
    — SANS ISC

    This weekend, we saw a few requests to our honeypot that included an "X-Vercel-Set-Bypass-Cookie" header. A sample request:
  11. ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. TeamPCP Supply Chain Campaign: Update 008 – 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
    — SANS ISC

    This update succeeds TeamPCP Supply Chain Campaign Update 007, published April 8, 2026, which left …

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (5991 in last 30 days).
Critical: 0 · High: 6 · Medium: 5 · Low: 5. View full dashboard →

  1. CVE-2026-42167
    — CVSS 8.1 (HIGH)

    mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands…
  2. CVE-2026-7319
    — CVSS 7.3 (HIGH)

    A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation …
  3. CVE-2026-7318
    — CVSS 5.9 (MEDIUM)

    A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path traversal. Attacking local…
  4. CVE-2026-7317
    — CVSS 5.0 (MEDIUM)

    A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache …
  5. CVE-2026-7316
    — CVSS 7.3 (HIGH)

    A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the ar…
  6. CVE-2026-7315
    — CVSS 7.3 (HIGH)

    A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument fil…
  7. CVE-2026-7314
    — CVSS 7.3 (HIGH)

    A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in pa…
  8. CVE-2026-7306
    — CVSS 5.6 (MEDIUM)

    A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of…
  9. CVE-2026-7305
    — CVSS 6.3 (MEDIUM)

    A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the componen…
  10. CVE-2026-7303
    — CVSS 3.7 (LOW)

    A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Ex…
  11. CVE-2026-7297
    — CVSS 2.4 (LOW)

    A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation of the argument Name…
  12. CVE-2026-7296
    — CVSS 2.4 (LOW)

    A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument first_name results i…
  13. CVE-2026-41649
    — CVSS 7.7 (HIGH)

    Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both `collectionId` …
  14. CVE-2026-33467
    — CVSS 5.9 (MEDIUM)

    Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted regis…
  15. CVE-2026-7295
    — CVSS 2.4 (LOW)

    A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation of the argument Name leads t…
  16. CVE-2026-7294
    — CVSS 2.4 (LOW)

    A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation of the argument Name c…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 29, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com