Daily Security Feed - 2026-04-29

Security Feed Digest (2026-04-29)

Hacker News: Best

• HERMES.md in commit messages causes requests to route to extra usage billing — Wed, 29 Apr 2026 18:54:31 +0000
• Copy Fail – CVE-2026-31431 — Wed, 29 Apr 2026 18:13:53 +0000
• Online age verification is the hill to die on — Wed, 29 Apr 2026 15:49:57 +0000
• Cursor Camp — Wed, 29 Apr 2026 15:39:43 +0000
• Mistral Medium 3.5 — Wed, 29 Apr 2026 15:17:46 +0000
• Zed 1.0 — Wed, 29 Apr 2026 14:34:19 +0000
• We need a federation of forges — Wed, 29 Apr 2026 14:00:59 +0000
• HashiCorp co-founder says GitHub ‘no longer a place for serious work’ — Wed, 29 Apr 2026 11:42:46 +0000
• Soft launch of open-source code platform for government — Wed, 29 Apr 2026 09:14:37 +0000
• Bugs Rust won’t catch — Wed, 29 Apr 2026 02:19:11 +0000
• How ChatGPT serves ads — Tue, 28 Apr 2026 23:54:14 +0000
• Before GitHub — Tue, 28 Apr 2026 21:17:40 +0000
• OpenAI models coming to Amazon Bedrock: Interview with OpenAI and AWS CEOs — Tue, 28 Apr 2026 19:24:43 +0000
• Waymo in Portland — Tue, 28 Apr 2026 18:08:13 +0000
• GitHub RCE Vulnerability: CVE-2026-3854 Breakdown — Tue, 28 Apr 2026 16:15:43 +0000
• Warp is now open-source — Tue, 28 Apr 2026 15:58:30 +0000
• Who owns the code Claude Code wrote? — Tue, 28 Apr 2026 11:24:52 +0000
• An update on GitHub availability — Tue, 28 Apr 2026 10:05:03 +0000
• GitHub Copilot code review will start consuming GitHub Actions minutes — Tue, 28 Apr 2026 09:01:05 +0000

BleepingComputer

• Official SAP npm packages compromised to steal credentials — Wed, 29 Apr 2026 18:43:44 -0400
• Popular WordPress redirect plugin hid dormant backdoor for years — Wed, 29 Apr 2026 18:13:15 -0400
• Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining — Wed, 29 Apr 2026 16:50:35 -0400
• Hackers arrested for hijacking and selling 610,000 Roblox accounts — Wed, 29 Apr 2026 14:32:15 -0400
• cPanel, WHM emergency update fixes critical auth bypass bug — Wed, 29 Apr 2026 11:51:44 -0400
• European police dismantles €50 million crypto investment fraud ring — Wed, 29 Apr 2026 10:27:36 -0400
• Learning from the Vercel breach: Shadow AI & OAuth sprawl — Wed, 29 Apr 2026 09:05:14 -0400
• GitHub fixes RCE flaw that gave access to millions of private repos — Wed, 29 Apr 2026 08:41:17 -0400
• CISA orders feds to patch Windows flaw exploited as zero-day — Wed, 29 Apr 2026 06:29:31 -0400
• Microsoft says backend change broke Teams Free chat and calls — Wed, 29 Apr 2026 04:38:07 -0400

Darkreading

• Reverse Engineering With AI Unearths High-Severity GitHub Bug — Wed, 29 Apr 2026 20:08:17 GMT
• AI Finds 38 Security Flaws in Electronic Health Record Platform — Wed, 29 Apr 2026 19:32:42 GMT
• Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error — Wed, 29 Apr 2026 15:23:53 GMT
• Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities — Wed, 29 Apr 2026 13:00:00 GMT

The Hacker News

• SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack — Wed, 29 Apr 2026 21:56:00 +0530
• New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs — Wed, 29 Apr 2026 20:13:00 +0530
• Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks — Wed, 29 Apr 2026 17:32:00 +0530
• What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong) — Wed, 29 Apr 2026 17:00:00 +0530
• Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — Wed, 29 Apr 2026 15:07:00 +0530
• CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV — Wed, 29 Apr 2026 14:16:00 +0530
• LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure — Wed, 29 Apr 2026 11:04:00 +0530

데일리시큐 - 최근인기기사

• 북한 해킹그룹 블루노로프, 가짜 줌 회의로 가상화폐 임원 타깃 공격 — 2026-04-29 09:15:23
• 엔키화이트햇 주도 ‘D0kdo’, 국제 해킹방어대회 UMDCTF 2026 일반부 2위·종합 3위 달성 — 2026-04-29 09:56:00
• 체크포인트 리서치 “벡트 2.0 랜섬웨어, 대용량 파일 복구 불가능하게 파괴” — 2026-04-29 08:20:27
• “등본 발급 시도됐다” 주민센터 사칭 전화 주의…악성 앱 설치 유도 보이스피싱 확산 — 2026-04-29 08:27:15
• “AI 앱 통한 기업 데이터 유출 6배 늘어” — 2026-04-29 09:52:51
• 금융보안원, 디지털금융 보안 전략 세미나 개최…AI·디지털자산 신뢰 확보 논의 — 2026-04-29 11:10:23
• 티오리, AI 코드 분석 솔루션 ‘진트 코드’ 성과 공개…“AI 공격 대중화 전 방어 체계 구축해야” — 2026-04-29 08:31:44
• KISIA, 2026년 AI보안 기술개발 교육생 모집…악성코드·네트워크·개인정보 3개 과정 운영 — 2026-04-29 09:35:10
• 개인정보위, 새 개인정보 처리방침 지침 공개…AI 처리 기준도 반영 — 2026-04-29 09:28:49
• 100개국 고객 보유한 스마트미터 공급사 아이트론 해킹 당해…전력·수도 인프라 공급망 보안 불안 — 2026-04-29 17:31:34

보안뉴스 > SECURITY

• 케이사인, 52억 규모 국가 PQC 핵심기술개발사업 주관기관 선정 — Wed, 29 Apr 2026 17:53:00 +0900
• “에이전틱 AI·양자보안으로 도약”… 라온시큐어, 12억 규모 자사주 소각 — Wed, 29 Apr 2026 17:00:00 +0900
• 체크막스 사내 데이터 다크웹 노출… 3월 공급망 공격 여파 — Wed, 29 Apr 2026 16:52:00 +0900
• “방어의 핵심은 공격자의 시야”… 엔키화이트햇, ‘락드쉴즈 2026’서 K-보안 저력 입증 — Wed, 29 Apr 2026 16:08:00 +0900
• [배종찬의 보안 빅데이터] 스미싱 위협에 놓인 고유가 피해지원금 — Wed, 29 Apr 2026 16:04:00 +0900
• 아이원코리아, 배리어프리 출입 중심 통합 관제 기술 제시 — Wed, 29 Apr 2026 16:02:00 +0900
• 차세대 6G 네트워크는 ‘AI 네이티브’… 보안 패러다임도 바뀌어야 — Wed, 29 Apr 2026 15:18:00 +0900
• 자회사 품은 지란지교소프트, B2B 업무 환경 ‘인공지능 대전환’ 예고 — Wed, 29 Apr 2026 15:16:00 +0900
• [카드뉴스] 수 초 만에 보안벽 무력화… ‘복합 취약점 체이닝’으로 무장한 신종 AI 공격 — Wed, 29 Apr 2026 15:15:00 +0900
• KISIA, 2026년 AI보안 기술개발 교육과정 교육생 모집 — Wed, 29 Apr 2026 14:43:00 +0900