{ "count": 50, "stories": [ { "title": "From Pirated Software to Full Access to FIFA: Tracing the 2026 World Cup Infostealer Pipeline", "summary": "A malicious pipeline involving pirated software is being used to distribute infostealers, potentially compromising sensitive data related to the FIFA 2026 World Cup.", "severity": "high", "category": "malware", "tags": "infostealer, pirated software, FIFA", "original_url": "https://flare.io/learn/resources/blog/2026-world-cup-infostealer-pipeline", "published": "Wed, 29 Apr 2026 13:00:03 +0000", "published_date": "2026-04-29", "source": "https://flare.io/learn/resources/blog/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Researchers Track 2.9 Billion Compromised Credentials", "summary": "Researchers have tracked 2.9 billion compromised credentials, with infostealers identified as the primary access vector for attacks in 2025, highlighting the ongoing threat of credential theft.", "severity": "high", "category": "breach", "tags": "compromised credentials,infostealers", "original_url": "https://www.infosecurity-magazine.com/news/29-billion-compromised-credentials/", "published": "Wed, 29 Apr 2026 13:00:00 GMT", "published_date": "2026-04-29", "source": "https://www.infosecurity-magazine.com/rss/news/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Silverfort Secures AI Agents on Google Cloud in Runtime with Agent Gateway Integration", "summary": "Silverfort's integration with Google Cloud aims to secure AI agents by providing enhanced authentication and monitoring capabilities, addressing potential security gaps in cloud environments.", "severity": "medium", "category": "cloud", "tags": "AI, Google Cloud, security", "original_url": "https://www.silverfort.com/blog/silverfort-secures-ai-agents-on-google-cloud-in-runtime-with-agent-gateway-integration/", "published": "Wed, 29 Apr 2026 13:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.silverfort.com/blog/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Google", "product": "Google Cloud" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 9.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "GitHub fixes RCE flaw that gave access to millions of private repos", "summary": "GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories, posing a significant risk to the confidentiality and integrity of sensitive code.", "severity": "critical", "category": "vulnerability", "tags": "GitHub,RCE,private repositories", "original_url": "https://www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/", "published": "Wed, 29 Apr 2026 08:41:17 -0400", "published_date": "2026-04-29", "source": "https://www.bleepingcomputer.com/feed/, https://www.cyber.gc.ca/api/cccs/rss/v1/get?feed=alerts_advisories&lang=en", "merged_from": 2, "cve_ids": [ "CVE-2026-3854" ], "mitre_techniques": [], "affected_products": [ { "vendor": "GitHub", "product": "GitHub" } ], "cves": [ { "cve_id": "CVE-2026-3854", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 23.0, "nerdie_tier": "MODERATE", "nerdie_emoji": "\ud83d\udfe2" }, { "title": "Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect", "summary": "The article explores the rapidly evolving 2026 threat landscape, highlighting the challenges defenders face in keeping pace with emerging threats.", "severity": "info", "category": "research", "tags": "threat landscape,cybersecurity trends", "original_url": "https://www.rapid7.com/blog/post/it-security-experts-2026-threat-landscape-moving-faster-than-defenders", "published": "Wed, 29 Apr 2026 12:27:35 GMT", "published_date": "2026-04-29", "source": "https://blog.rapid7.com/rss/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Cursor AI Extension Flaw Exposes Developer Tokens to Credential Theft", "summary": "A high-severity vulnerability in the Cursor AI-powered development environment, dubbed 'CursorJacking,' exposes developer tokens to credential theft, posing a risk to software integrity.", "severity": "high", "category": "vulnerability", "tags": "Cursor,AI,credential theft", "original_url": "https://gbhackers.com/cursor-ai-extension-flaw-exposes-developer-tokens/", "published": "Wed, 29 Apr 2026 12:14:56 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "LayerX", "product": "Cursor" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Hundreds of Internet-Facing VNC Servers Expose ICS/OT", "summary": "Forescout identified tens of thousands of exposed RDP and VNC servers, which could be exploited to target industrial control systems and operational technology, posing a risk to critical infrastructure.", "severity": "high", "category": "iot", "tags": "VNC,RDP,ICS,OT", "original_url": "https://www.securityweek.com/hundreds-of-internet-facing-vnc-servers-expose-ics-ot/", "published": "Wed, 29 Apr 2026 12:03:40 +0000", "published_date": "2026-04-29", "source": "https://www.securityweek.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Modern Defensible Architecture: Resilience for the Australian Federal Government", "summary": "Wiz enables Australian government agencies to implement Modern Defensible Architecture with real-time context, zero trust enforcement, and comprehensive cloud visibility.", "severity": "info", "category": "policy", "tags": "Modern Defensible Architecture,cloud security,zero trust", "original_url": "https://www.wiz.io/blog/modern-defensible-architecture-australian-federal-government", "published": "Wed, 29 Apr 2026 12:00:03 GMT", "published_date": "2026-04-29", "source": "https://www.wiz.io/feed/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Wiz", "product": "Cloud Security Solutions" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Cursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers\u2019 Machines", "summary": "A high-severity vulnerability in the Cursor AI coding environment allows attackers to execute arbitrary code on developers' machines, raising concerns about AI-assisted development security.", "severity": "high", "category": "vulnerability", "tags": "Cursor AI, code execution, AI security", "original_url": "https://gbhackers.com/cursor-ai-coding-agent-vulnerability/", "published": "Wed, 29 Apr 2026 11:50:40 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Cursor", "product": "Cursor AI coding environment" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks", "summary": "CISA warns of a critical vulnerability, CVE-2024-1708, in ConnectWise ScreenConnect that is actively being exploited, urging immediate action to mitigate the threat.", "severity": "critical", "category": "vulnerability", "tags": "CISA, ConnectWise, CVE-2024-1708", "original_url": "https://gbhackers.com/cisa-warns-of-connectwise-screenconnect-flaw/", "published": "Wed, 29 Apr 2026 11:35:56 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [ "CVE-2024-1708" ], "mitre_techniques": [], "affected_products": [ { "vendor": "ConnectWise", "product": "ScreenConnect" } ], "cves": [ { "cve_id": "CVE-2024-1708", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)", "summary": "The article discusses the challenges security teams face in assessing whether closing vulnerabilities actually improves safety, highlighting the need for context in vulnerability management.", "severity": "info", "category": "general", "tags": "vulnerability management,security assessment", "original_url": "https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html", "published": "Wed, 29 Apr 2026 17:00:00 +0530", "published_date": "2026-04-29", "source": "https://www.tenable.com/blog/feed, https://feeds.feedburner.com/TheHackersNews", "merged_from": 2, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 8.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "U.S. Charges Suspected Scattered Spider Member Over Cyber Intrusions", "summary": "U.S. authorities have charged a suspected member of the Scattered Spider cybercriminal group, highlighting ongoing efforts to combat cyber intrusions and criminal activities.", "severity": "medium", "category": "apt", "tags": "Scattered Spider, cybercrime, law enforcement", "original_url": "https://gbhackers.com/u-s-charges-suspected-scattered-spider-member/", "published": "Wed, 29 Apr 2026 11:23:58 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 9.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Checkmarx Confirms Data Stolen in Supply Chain Attack", "summary": "Checkmarx confirms a data breach resulting from a supply chain attack, where hackers exfiltrated data from their GitHub environment, highlighting the risks associated with third-party dependencies.", "severity": "high", "category": "breach", "tags": "supply chain attack, Checkmarx, GitHub", "original_url": "https://www.securityweek.com/checkmarx-confirms-data-stolen-in-supply-chain-attack/", "published": "Wed, 29 Apr 2026 11:03:03 +0000", "published_date": "2026-04-29", "source": "https://www.securityweek.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Checkmarx", "product": "GitHub environment" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Extending Ruzzy with LibAFL", "summary": "The extension of Ruzzy with LibAFL enhances fuzzing capabilities, offering improved performance and security testing for software developers.", "severity": "info", "category": "research", "tags": "fuzzing, LibAFL, Ruzzy", "original_url": "https://blog.trailofbits.com/2026/04/29/extending-ruzzy-with-libafl/", "published": "Wed, 29 Apr 2026 07:00:00 -0400", "published_date": "2026-04-29", "source": "https://blog.trailofbits.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Scam-checking just got a lot easier: Malwarebytes is now in Claude", "summary": "Malwarebytes' integration into Claude enhances scam-checking capabilities, providing users with tools to identify and avoid scams effectively.", "severity": "info", "category": "general", "tags": "Malwarebytes, scam-checking, Claude", "original_url": "https://www.malwarebytes.com/blog/product/2026/04/scam-checking-just-got-a-lot-easier-malwarebytes-is-now-in-claude", "published": "Wed, 29 Apr 2026 10:52:29 GMT", "published_date": "2026-04-29", "source": "https://malwarebytes.com/blog/feed", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "GitHub Fixes Critical RCE Bug CVE-2026-3854 Within Hours of Discovery", "summary": "GitHub quickly addressed a critical remote code execution (RCE) vulnerability, CVE-2026-3854, demonstrating the importance of rapid response to security threats.", "severity": "critical", "category": "vulnerability", "tags": "RCE, GitHub, CVE-2026-3854", "original_url": "https://thecyberexpress.com/cve-2026-3854-rce-github-enterprise-server/", "published": "2026-04-29T09:51:54+00:00", "published_date": "2026-04-29", "source": "https://www.csoonline.com/feed/, https://cvefeed.io/rssfeed/newsroom.atom", "merged_from": 2, "cve_ids": [ "CVE-2026-3854", "CVE-2026-3008", "CVE-2025-68668" ], "mitre_techniques": [], "affected_products": [ { "vendor": "GitHub", "product": "GitHub platform" } ], "cves": [ { "cve_id": "CVE-2026-3854", "cvss_score": null, "cvss_severity": null, "description": null }, { "cve_id": "CVE-2026-3008", "cvss_score": null, "cvss_severity": null, "description": null }, { "cve_id": "CVE-2025-68668", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 23.0, "nerdie_tier": "MODERATE", "nerdie_emoji": "\ud83d\udfe2" }, { "title": "GitHub Under Attack: How Small Exposures Snowball into Large\u2011Scale Compromises", "summary": "Recent observations indicate a surge in attacks targeting GitHub repositories, highlighting the risk of small vulnerabilities leading to large-scale compromises.", "severity": "high", "category": "vulnerability", "tags": "GitHub,code repositories,attacks", "original_url": "https://www.truesec.com/hub/blog/github-under-attack", "published": "Wed, 29 Apr 2026 07:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.cyber.gc.ca/api/cccs/rss/v1/get?feed=alerts_advisories&lang=en, https://www.truesec.com/hub/blog/feed", "merged_from": 2, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 18.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Fedora Linux 44 ships with GNOME 50 and KDE Plasma 6.6", "summary": "Fedora Linux 44 has been released with updated desktop environments and system changes, though no specific security implications are mentioned.", "severity": "info", "category": "general", "tags": "Fedora Linux,GNOME,KDE Plasma", "original_url": "https://www.helpnetsecurity.com/2026/04/29/fedora-linux-44-released/", "published": "Wed, 29 Apr 2026 06:48:13 +0000", "published_date": "2026-04-29", "source": "https://www.helpnetsecurity.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "CISA Warns of Windows Shell Zero-Day Exploited in Attacks", "summary": "CISA has issued an alert about a critical zero-day vulnerability in Windows Shell, CVE-2026-32202, which is actively exploited in attacks, necessitating immediate attention and mitigation.", "severity": "critical", "category": "vulnerability", "tags": "CISA,Windows Shell,zero-day", "original_url": "https://gbhackers.com/cisa-warns-of-windows-shell-zero-day/", "published": "Wed, 29 Apr 2026 06:28:24 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [ "CVE-2026-32202" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Microsoft", "product": "Windows" } ], "cves": [ { "cve_id": "CVE-2026-32202", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Critical GitHub Vulnerability Exposed Millions of Repositories", "summary": "A critical remote code execution vulnerability in GitHub's platform exposed millions of repositories to potential exploitation, highlighting significant security risks for developers and organizations using GitHub.", "severity": "critical", "category": "vulnerability", "tags": "GitHub, RCE, repositories, security", "original_url": "https://www.securityweek.com/critical-github-vulnerability-exposed-millions-of-repositories/", "published": "Wed, 29 Apr 2026 06:27:49 +0000", "published_date": "2026-04-29", "source": "https://www.securityweek.com/feed/", "merged_from": 1, "cve_ids": [ "CVE-2026-3854" ], "mitre_techniques": [], "affected_products": [ { "vendor": "GitHub", "product": "GitHub.com" }, { "vendor": "GitHub", "product": "GitHub Enterprise Server" } ], "cves": [ { "cve_id": "CVE-2026-3854", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi", "summary": "Vect 2.0 Ransomware-as-a-Service is expanding its attacks across Windows, Linux, and ESXi platforms, posing a significant threat to hybrid infrastructures.", "severity": "high", "category": "ransomware", "tags": "Vect 2.0,RaaS,multi-platform", "original_url": "https://gbhackers.com/vect-2-0-raas-expands/", "published": "Wed, 29 Apr 2026 06:11:50 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "cPanel Releases Emergency Patch for Critical Authentication Flaw", "summary": "cPanel has released an emergency patch to address a critical authentication flaw, urging web hosting administrators to update immediately to prevent potential exploitation.", "severity": "critical", "category": "patch", "tags": "cPanel, authentication flaw, emergency patch", "original_url": "https://gbhackers.com/cpanel-releases-emergency-patch/", "published": "Wed, 29 Apr 2026 05:53:16 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "cPanel", "product": "cPanel and WHM" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Microsoft Confirms Remote Desktop Warning Issue After April Update", "summary": "Microsoft has confirmed an issue with Remote Desktop Protocol (RDP) connections in Windows 11 following the April 2026 update, potentially exposing systems to security risks despite intended hardening measures.", "severity": "high", "category": "vulnerability", "tags": "Microsoft, RDP, Windows 11, Patch Tuesday", "original_url": "https://gbhackers.com/microsoft-confirms-remote-desktop-warning-issue/", "published": "Wed, 29 Apr 2026 05:45:19 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Microsoft", "product": "Windows 11 version 26H1" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure", "summary": "A critical SQL injection vulnerability in BerriAI's LiteLLM package, tracked as CVE-2026-42208, was exploited within 36 hours of disclosure, highlighting the rapid exploitation of newly disclosed vulnerabilities.", "severity": "critical", "category": "vulnerability", "tags": "SQL injection, LiteLLM, BerriAI", "original_url": "https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html", "published": "Wed, 29 Apr 2026 11:04:00 +0530", "published_date": "2026-04-29", "source": "https://feeds.feedburner.com/TheHackersNews", "merged_from": 1, "cve_ids": [ "CVE-2026-42208" ], "mitre_techniques": [], "affected_products": [ { "vendor": "BerriAI", "product": "LiteLLM" } ], "cves": [ { "cve_id": "CVE-2026-42208", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "The Exchange Online security controls organizations keep getting wrong", "summary": "Organizations often misconfigure Exchange Online security settings, highlighting the importance of understanding the Shared Responsibility Model to better protect data, identities, and configurations.", "severity": "medium", "category": "policy", "tags": "Exchange Online, security controls, Microsoft, cloud", "original_url": "https://www.helpnetsecurity.com/2026/04/29/scott-schnoll-microsoft-exchange-online-security/", "published": "Wed, 29 Apr 2026 05:30:58 +0000", "published_date": "2026-04-29", "source": "https://www.helpnetsecurity.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Microsoft", "product": "Exchange Online" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 9.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "BlueNoroff Deploys Fileless PowerShell in AI-Generated Zoom Lure Campaign", "summary": "The BlueNoroff group has launched a campaign using AI-generated deepfakes and fileless PowerShell malware to target cryptocurrency executives, successfully breaching a North American Web3 company.", "severity": "critical", "category": "apt", "tags": "BlueNoroff, PowerShell, AI, cryptocurrency", "original_url": "https://gbhackers.com/ai-generated-zoom-lure/", "published": "Wed, 29 Apr 2026 05:17:21 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "CVE-2026-35155 - Dell iDRAC10 Insufficiently Protected Credentials and Race Condition Vulnerability", "summary": "A vulnerability in Dell iDRAC10 involving insufficiently protected credentials and a race condition poses security risks to affected systems, requiring immediate attention.", "severity": "high", "category": "vulnerability", "tags": "Dell, iDRAC10, credentials, race condition", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-35155", "published": "2026-04-29T05:16:04.523000+00:00", "published_date": "2026-04-29", "source": "https://cvefeed.io/rssfeed/latest.atom", "merged_from": 1, "cve_ids": [ "CVE-2026-35155" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Dell", "product": "iDRAC10" } ], "cves": [ { "cve_id": "CVE-2026-35155", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "CVE-2026-21023 - Android PackageManagerService Data Authenticity Verification Bypass", "summary": "CVE-2026-21023 describes a vulnerability in Android's PackageManagerService that allows local attackers to bypass data authenticity verification, potentially leading to unauthorized access or manipulation of data.", "severity": "high", "category": "vulnerability", "tags": "Android,PackageManagerService,data authenticity", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-21023", "published": "2026-04-29T05:16:04.070000+00:00", "published_date": "2026-04-29", "source": "https://cvefeed.io/rssfeed/latest.atom", "merged_from": 1, "cve_ids": [ "CVE-2026-21023" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Google", "product": "Android" } ], "cves": [ { "cve_id": "CVE-2026-21023", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution", "summary": "A critical remote code execution vulnerability in GitHub's infrastructure, identified as CVE-2026-3854, allows authenticated users to execute arbitrary commands on backend servers, posing significant security risks.", "severity": "critical", "category": "vulnerability", "tags": "GitHub, RCE, Wiz Research, infrastructure", "original_url": "https://gbhackers.com/github-com-and-enterprise-server-vulnerability/", "published": "Wed, 29 Apr 2026 05:07:25 +0000", "published_date": "2026-04-29", "source": "https://gbhackers.com/feed/", "merged_from": 1, "cve_ids": [ "CVE-2026-3854" ], "mitre_techniques": [], "affected_products": [ { "vendor": "GitHub", "product": "GitHub.com and Enterprise Server" } ], "cves": [ { "cve_id": "CVE-2026-3854", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "\ud83c\udff4\u200d\u2620\ufe0f Incransom has just published a new victim : https://www.fulcrumre.com/", "summary": "The ransomware group Incransom has published a new victim, Fulcrum Real Estate, claiming to have exfiltrated 2TB of company data, highlighting the ongoing threat of ransomware attacks on businesses.", "severity": "high", "category": "ransomware", "tags": "Incransom,2TB,data breach,real estate", "original_url": "https://www.ransomware.live/id/aHR0cHM6Ly93d3cuZnVsY3J1bXJlLmNvbS9AaW5jcmFuc29t", "published": "Wed, 29 Apr 2026 02:23:08 +0000", "published_date": "2026-04-29", "source": "https://www.ransomware.live/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Fulcrum Real Estate", "product": "Company Data" } ], "cves": [], "curated_blob": "curated_20260429_033008.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)", "summary": "The ISC Stormcast podcast provides updates on recent cybersecurity events and trends, serving as a valuable resource for professionals seeking to stay informed about the latest threats and security practices.", "severity": "info", "category": "general", "tags": "ISC,Stormcast,podcast,cybersecurity", "original_url": "https://isc.sans.edu/diary/rss/32932", "published": "Wed, 29 Apr 2026 02:00:02 GMT", "published_date": "2026-04-29", "source": "https://isc.sans.edu/rssfeed_full.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_033008.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "CVE-2026-40560 - Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence", "summary": "CVE-2026-40560 highlights a vulnerability in Starman for Perl that allows HTTP Request Smuggling due to improper header precedence, which could be exploited to bypass security controls or manipulate web traffic.", "severity": "medium", "category": "vulnerability", "tags": "Perl,Starman,HTTP Request Smuggling", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-40560", "published": "2026-04-29T00:16:03.927000+00:00", "published_date": "2026-04-29", "source": "https://cvefeed.io/rssfeed/latest.atom", "merged_from": 1, "cve_ids": [ "CVE-2026-40560" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Starman", "product": "Starman" } ], "cves": [ { "cve_id": "CVE-2026-40560", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 9.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jira", "summary": "Snyk and Atlassian have integrated to provide intelligent remediation for Jira, transforming security tickets into precise fixes and streamlining vulnerability resolution.", "severity": "info", "category": "patch", "tags": "Snyk,Atlassian,Jira,remediation", "original_url": "https://snyk.io/blog/atlassian-integration-intelligent-remediation-jira/", "published": "Wed, 29 Apr 2026 00:00:00 GMT", "published_date": "2026-04-29", "source": "https://snyk.io/blog/feed/", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Snyk", "product": "Snyk Studio AI" }, { "vendor": "Atlassian", "product": "Jira" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "[webapps] HAX CMS 24.x - Stored Cross-Site Scripting (XSS)", "summary": "A stored cross-site scripting (XSS) vulnerability has been identified in HAX CMS 24.x, which could allow attackers to execute malicious scripts in the context of a user's browser session.", "severity": "medium", "category": "vulnerability", "tags": "XSS, HAX CMS, web security", "original_url": "https://www.exploit-db.com/exploits/52526", "published": "Wed, 29 Apr 2026 00:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.exploit-db.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "HAX", "product": "HAX CMS 24.x" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 9.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "[webapps] Craft CMS 5.6.16 - RCE", "summary": "A remote code execution (RCE) vulnerability in Craft CMS 5.6.16 could allow attackers to execute arbitrary code on affected systems, posing a significant security risk.", "severity": "high", "category": "vulnerability", "tags": "RCE, Craft CMS, web security", "original_url": "https://www.exploit-db.com/exploits/52525", "published": "Wed, 29 Apr 2026 00:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.exploit-db.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Craft", "product": "Craft CMS 5.6.16" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "[local] GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation", "summary": "A remote privilege escalation vulnerability in GNU InetUtils 2.6's Telnetd service could allow attackers to gain elevated privileges on affected systems.", "severity": "high", "category": "vulnerability", "tags": "privilege escalation, GNU InetUtils, Telnetd", "original_url": "https://www.exploit-db.com/exploits/52524", "published": "Wed, 29 Apr 2026 00:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.exploit-db.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "GNU", "product": "InetUtils 2.6" } ], "cves": [], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "[webapps] Xibo CMS 4.3.0 - RCE via SSTI", "summary": "Xibo CMS version 4.3.0 is vulnerable to remote code execution via server-side template injection, posing a significant security risk.", "severity": "critical", "category": "vulnerability", "tags": "RCE, SSTI, Xibo CMS", "original_url": "https://www.exploit-db.com/exploits/52516", "published": "Wed, 29 Apr 2026 00:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.exploit-db.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Xibo", "product": "CMS 4.3.0" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "[local] Fedora - Local Privilege Escalation", "summary": "A local privilege escalation vulnerability has been identified in Fedora, potentially allowing attackers to gain elevated access on affected systems.", "severity": "high", "category": "vulnerability", "tags": "privilege escalation, Fedora", "original_url": "https://www.exploit-db.com/exploits/52515", "published": "Wed, 29 Apr 2026 00:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.exploit-db.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Fedora", "product": "Fedora" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "[webapps] LangChain Core 1.2.4 - SSTI/RCE", "summary": "LangChain Core version 1.2.4 is susceptible to remote code execution through server-side template injection, representing a critical security flaw.", "severity": "critical", "category": "vulnerability", "tags": "RCE, SSTI, LangChain Core", "original_url": "https://www.exploit-db.com/exploits/52514", "published": "Wed, 29 Apr 2026 00:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.exploit-db.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "LangChain", "product": "Core 1.2.4" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "[local] Atlona ATOMERX21 - Authenticated Command Injection", "summary": "Atlona ATOMERX21 devices are affected by an authenticated command injection vulnerability, which could allow attackers to execute arbitrary commands.", "severity": "high", "category": "vulnerability", "tags": "command injection, Atlona, ATOMERX21", "original_url": "https://www.exploit-db.com/exploits/52513", "published": "Wed, 29 Apr 2026 00:00:00 +0000", "published_date": "2026-04-29", "source": "https://www.exploit-db.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Atlona", "product": "ATOMERX21" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Git Push to Root: AI-Augmented Research Uncovers Critical GitHub RCE (CVE-2026-3854)", "summary": "A critical remote code execution vulnerability (CVE-2026-3854) has been discovered in GitHub, allowing attackers to potentially execute arbitrary code on affected systems, posing significant security risks to repositories hosted on the platform.", "severity": "critical", "category": "vulnerability", "tags": "GitHub,RCE,AI-Augmented,security", "original_url": "https://securityonline.info/github-internal-infrastructure-rce-cve-2026-3854-wiz-research/", "published": "2026-04-28T23:57:41+00:00", "published_date": "2026-04-28", "source": "https://cvefeed.io/rssfeed/newsroom.atom", "merged_from": 1, "cve_ids": [ "CVE-2026-3854" ], "mitre_techniques": [], "affected_products": [ { "vendor": "GitHub", "product": "GitHub" } ], "cves": [ { "cve_id": "CVE-2026-3854", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_033008.json", "nerdie_score": 19.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "CVE-2026-7363 - \"Google Chrome Canvas Use-After-Free Vulnerability\"", "summary": "CVE-2026-7363 is a use-after-free vulnerability in Google Chrome's Canvas on Linux and ChromeOS, allowing remote attackers to execute arbitrary code, posing significant security risks.", "severity": "critical", "category": "vulnerability", "tags": "Google Chrome,Canvas,use-after-free", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-7363", "published": "2026-04-28T23:16:23.773000+00:00", "published_date": "2026-04-28", "source": "https://cvefeed.io/rssfeed/latest.atom", "merged_from": 19, "cve_ids": [ "CVE-2026-7363" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Google", "product": "Chrome" } ], "cves": [ { "cve_id": "CVE-2026-7363", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 35.0, "nerdie_tier": "MODERATE", "nerdie_emoji": "\ud83d\udfe2" }, { "title": "CVE-2026-7361 - Google Chrome iOS Use-After-Free Heap Corruption", "summary": "A use-after-free vulnerability (CVE-2026-7361) in Google Chrome for iOS could allow remote attackers to exploit heap corruption, potentially leading to arbitrary code execution.", "severity": "high", "category": "vulnerability", "tags": "Google Chrome,iOS,use-after-free", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-7361", "published": "2026-04-28T23:16:23.680000+00:00", "published_date": "2026-04-28", "source": "https://www.cyber.gc.ca/api/cccs/rss/v1/get?feed=alerts_advisories&lang=en, https://cvefeed.io/rssfeed/latest.atom", "merged_from": 9, "cve_ids": [ "CVE-2026-7361" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Google", "product": "Chrome iOS" } ], "cves": [ { "cve_id": "CVE-2026-7361", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_133037.json", "nerdie_score": 30.0, "nerdie_tier": "MODERATE", "nerdie_emoji": "\ud83d\udfe2" }, { "title": "CVE-2026-7343 - Google Chrome Use After Free in Views on Windows", "summary": "CVE-2026-7343 describes a use-after-free vulnerability in Google Chrome's Views on Windows, which could allow remote attackers to execute arbitrary code, compromising system security.", "severity": "critical", "category": "vulnerability", "tags": "Google Chrome,Views,use-after-free", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-7343", "published": "2026-04-28T23:16:21.883000+00:00", "published_date": "2026-04-28", "source": "https://cvefeed.io/rssfeed/latest.atom, https://www.cyber.gc.ca/api/cccs/rss/v1/get?feed=alerts_advisories&lang=en", "merged_from": 2, "cve_ids": [ "CVE-2026-7343" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Google", "product": "Chrome" } ], "cves": [ { "cve_id": "CVE-2026-7343", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 23.0, "nerdie_tier": "MODERATE", "nerdie_emoji": "\ud83d\udfe2" }, { "title": "CVE-2026-42167 - ProFTPD mod_sql Remote Code Execution Vulnerability", "summary": "A remote code execution vulnerability (CVE-2026-42167) has been identified in ProFTPD's mod_sql module, allowing attackers to execute arbitrary code via crafted usernames, which could lead to unauthorized access and control over affected FTP servers.", "severity": "high", "category": "vulnerability", "tags": "ProFTPD,RCE,mod_sql,FTP", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-42167", "published": "2026-04-28T23:16:20.610000+00:00", "published_date": "2026-04-28", "source": "https://cvefeed.io/rssfeed/severity/high.atom", "merged_from": 1, "cve_ids": [ "CVE-2026-42167" ], "mitre_techniques": [], "affected_products": [ { "vendor": "ProFTPD", "product": "mod_sql" } ], "cves": [ { "cve_id": "CVE-2026-42167", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_033008.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "CVE-2026-41446 - WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints", "summary": "CVE-2026-41446 involves remote code execution vulnerabilities in Snap One WattBox 800 and 820 series due to undisclosed diagnostic HTTP endpoints, potentially allowing attackers to gain control over affected devices.", "severity": "high", "category": "vulnerability", "tags": "Snap One,WattBox,RCE", "original_url": "https://cvefeed.io/vuln/detail/CVE-2026-41446", "published": "2026-04-28T22:16:49.623000+00:00", "published_date": "2026-04-28", "source": "https://cvefeed.io/rssfeed/severity/high.atom", "merged_from": 1, "cve_ids": [ "CVE-2026-41446" ], "mitre_techniques": [], "affected_products": [ { "vendor": "Snap One", "product": "WattBox 800 & 820 Series" } ], "cves": [ { "cve_id": "CVE-2026-41446", "cvss_score": null, "cvss_severity": null, "description": null } ], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Why Sharing a Screenshot Can Get You Jailed in the UAE", "summary": "The legal framework in the UAE allows for arrests over online content, including sharing screenshots, which raises concerns about privacy and freedom of expression.", "severity": "medium", "category": "policy", "tags": "UAE, online content, privacy, legal", "original_url": "https://www.wired.com/story/why-sharing-a-screenshot-can-get-you-jailed-in-the-uae/", "published": "Tue, 28 Apr 2026 17:49:00 +0000", "published_date": "2026-04-28", "source": "https://www.wired.com/feed/category/security/latest/rss", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 9.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign", "summary": "The Brazilian cybercrime group LofyGang has resurfaced with a campaign targeting Minecraft players using malware disguised as a hack tool, posing significant risks to user data and security.", "severity": "high", "category": "malware", "tags": "Minecraft, LofyStealer, Brazil, cybercrime", "original_url": "https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html", "published": "Tue, 28 Apr 2026 23:09:00 +0530", "published_date": "2026-04-28", "source": "https://feeds.feedburner.com/TheHackersNews", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [ { "vendor": "Minecraft", "product": "Minecraft" } ], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "Open is Not Costless: Reclaiming Sustainable Infrastructure", "summary": "Sonatype discusses the importance of sustainable infrastructure in open-source projects, highlighting the hidden costs associated with maintaining open systems.", "severity": "info", "category": "general", "tags": "Sonatype,open-source,sustainable infrastructure", "original_url": "https://www.sonatype.com/blog/open-is-not-costless-reclaiming-sustainable-infrastructure", "published": "Tue, 28 Apr 2026 17:34:25 GMT", "published_date": "2026-04-28", "source": "https://blog.sonatype.com/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 4.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" }, { "title": "\ud83c\udff4\u200d\u2620\ufe0f Worldleaks has just published a new victim : Mediaworks Kft", "summary": "Worldleaks has published Mediaworks Kft as a new victim, indicating ongoing ransomware activities targeting various organizations.", "severity": "high", "category": "ransomware", "tags": "Worldleaks,Mediaworks Kft,victim", "original_url": "https://www.ransomware.live/id/TWVkaWF3b3JrcyBLZnRAd29ybGRsZWFrcw==", "published": "Tue, 28 Apr 2026 17:27:35 +0000", "published_date": "2026-04-28", "source": "https://www.ransomware.live/rss.xml", "merged_from": 1, "cve_ids": [], "mitre_techniques": [], "affected_products": [], "cves": [], "curated_blob": "curated_20260429_073149.json", "nerdie_score": 14.0, "nerdie_tier": "LOW", "nerdie_emoji": "\u26aa" } ], "stats": { "total": 50, "critical": 14, "high": 21, "medium": 6, "low": 0, "info": 9, "today": 50, "sources": 26, "lastUpdated": "2026-04-29T14:10:02.156393+00:00" } }