Daily Security Feed - 2026-04-28

Security Feed Digest (2026-04-28)

Hacker News: Best

• Ghostty is leaving GitHub — Tue, 28 Apr 2026 19:44:52 +0000
• Claude.ai unavailable and elevated errors on the API — Tue, 28 Apr 2026 18:01:21 +0000
• Google and Pentagon reportedly agree on deal for ‘any lawful’ use of AI — Tue, 28 Apr 2026 15:49:22 +0000
• Your phone is about to stop being yours — Tue, 28 Apr 2026 15:21:00 +0000
• OpenAI CEO’s Identity Verification Company Announced Fake Bruno Mars Partnership — Tue, 28 Apr 2026 13:26:26 +0000
• UAE Leaves OPEC — Tue, 28 Apr 2026 13:13:54 +0000
• UAE to leave OPEC — Tue, 28 Apr 2026 13:02:01 +0000
• VibeVoice: Open-source frontier voice AI — Tue, 28 Apr 2026 11:56:04 +0000
• Localsend: An open-source cross-platform alternative to AirDrop — Tue, 28 Apr 2026 11:54:20 +0000
• Period tracking app, Flo, found to be selling user data to Meta — Tue, 28 Apr 2026 11:31:40 +0000
• An Update on GitHub Availability — Tue, 28 Apr 2026 10:05:03 +0000
• GTFOBins — Tue, 28 Apr 2026 06:27:39 +0000
• To my students — Mon, 27 Apr 2026 23:57:39 +0000
• Talkie: a 13B vintage language model from 1930 — Mon, 27 Apr 2026 21:55:48 +0000
• Is my blue your blue? (2024) — Mon, 27 Apr 2026 20:24:33 +0000
• Super ZSNES – GPU Powered SNES Emulator — Mon, 27 Apr 2026 17:50:10 +0000
• The woes of sanitizing SVGs — Mon, 27 Apr 2026 15:31:36 +0000

BleepingComputer

• Broken VECT 2.0 ransomware acts as a data wiper for large files — Tue, 28 Apr 2026 17:25:57 -0400
• Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw — Tue, 28 Apr 2026 17:07:23 -0400
• Video service Vimeo confirms Anodot breach exposed user data — Tue, 28 Apr 2026 15:04:22 -0400
• US reportedly charges Scattered Spider hacker arrested in Finland — Tue, 28 Apr 2026 11:39:52 -0400
• Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data — Tue, 28 Apr 2026 10:50:40 -0400
• Microsoft to deprecate legacy TLS in Exchange Online starting July — Tue, 28 Apr 2026 09:18:36 -0400
• Inside an OPSEC Playbook: How Threat Actors Evade Detection — Tue, 28 Apr 2026 08:50:58 -0400
• Microsoft: New Remote Desktop warnings may display incorrectly — Tue, 28 Apr 2026 05:51:26 -0400
• Microsoft asks iPhone users to reauthenticate after Outlook outage — Tue, 28 Apr 2026 04:37:12 -0400

Darkreading

• BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures — Tue, 28 Apr 2026 21:38:39 GMT
• NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later — Tue, 28 Apr 2026 20:38:59 GMT
• Feuding Ransomware Groups Leak Each Other’s Data — Tue, 28 Apr 2026 20:13:30 GMT
• Vidar Rises to Top of Chaotic Infostealer Market — Tue, 28 Apr 2026 19:07:16 GMT
• Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain — Tue, 28 Apr 2026 14:59:24 GMT

The Hacker News

• Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push — Tue, 28 Apr 2026 23:49:00 +0530
• Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign — Tue, 28 Apr 2026 23:09:00 +0530
• VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi — Tue, 28 Apr 2026 19:31:00 +0530
• Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About — Tue, 28 Apr 2026 17:28:00 +0530
• Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE — Tue, 28 Apr 2026 16:48:00 +0530
• After Mythos: New Playbooks For a Zero-Window Era — Tue, 28 Apr 2026 16:00:00 +0530
• Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks — Tue, 28 Apr 2026 13:27:00 +0530
• Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover — Tue, 28 Apr 2026 12:07:00 +0530
• Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 — Tue, 28 Apr 2026 11:20:00 +0530

데일리시큐 - 최근인기기사

• 정상 확장처럼 위장한 ‘GlassWorm’ 재확산…개발자 계정 탈취 우려 — 2026-04-28 08:49:30
• 보안기업 체크막스 개발 환경 뚫렸다…깃허브 저장소 통한 데이터 유출 의혹 — 2026-04-28 09:07:19
• 메드트로닉, 해킹 정황 확인…샤이니헌터스 ‘900만 건 탈취’ 주장 — 2026-04-28 09:49:48
• [특별기고] 한국 디지털자산기본법 시행을 앞두고: 가상자산사업자의 보안 인프라는 준비되어 있는가? — 2026-04-28 16:35:20
• 금융보안원, 3천여 개 금융회사 대상 ‘2026년 정보보호 상시평가’ 착수 — 2026-04-28 10:01:29
• 앤서스랩코리아, ‘2026 AI Day’ 성료… 실무 우수사례 시상 진행 — 2026-04-28 09:27:44
• 유스비, 법인 인증 자동화 솔루션 ‘eKYB’ 출시 — 2026-04-28 11:04:58
• 함께일하는재단, ‘소셜벤처 비즈니스 클리닉’ 통해 AI 도입 방향 제시 — 2026-04-28 10:25:14
• 中 해커, 미국 송환…코로나19 백신 정보 해킹 혐의 — 2026-04-28 18:03:32
• 마이크로소프트 엔트라 ID, AI 계정 관리자 권한서 권한 상승 위험 발견…패치 완료 — 2026-04-28 18:22:15