Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Security
Vercel Hacked: Breach Is Bigger Than First Disclosed — Customer Data Stolen Before the Attack Even Started

Vercel Hacked: Breach Is Bigger Than First Disclosed — Customer Data Stolen Before the Attack Even Started

What began as a contained supply chain incident has quietly expanded into something far more serious. Vercel has updated its April 2026 security bull…
Pack2TheRoot Flaw Lets Root to Any Linux User — Ubuntu, Debian, Fedora at Risk

Pack2TheRoot Flaw Lets Root to Any Linux User — Ubuntu, Debian, Fedora at Risk

A newly disclosed vulnerability in a near-universal Linux component has handed any local, unprivileged user the keys to the entire system — no passwo…
Bitwarden CLI Hijacked to Steal Your AWS, GitHub, and SSH Secrets

Bitwarden CLI Hijacked to Steal Your AWS, GitHub, and SSH Secrets

If you installed Bitwarden's command-line password manager this month, your developer credentials — including cloud keys, SSH material, and GitHu…
Lovable Admits It Broke Its Own Security Fix — Exposed User Projects for 76 Days

Lovable Admits It Broke Its Own Security Fix — Exposed User Projects for 76 Days

Lovable has published a formal incident report admitting that a backend regression it introduced in February 2026 re-exposed the chat histories and s…
Hackers Poisoned Official Checkmarx KICS Docker Images to Steal Infrastructure Secrets

Hackers Poisoned Official Checkmarx KICS Docker Images to Steal Infrastructure Secrets

Security researchers have uncovered a significant supply chain attack targeting Checkmarx's KICS (Keeping Infrastructure as Code Secure) — a wide…
Lovable Left Thousands of Projects Exposed for 48 Days — And Still Hasn't Fixed It

Lovable Left Thousands of Projects Exposed for 48 Days — And Still Hasn't Fixed It

The vibe-coding platform Lovable.dev is sitting on a ticking data exposure bomb — and it's been ticking for 48 days. A security researcher going …
Vercel Hacked Through an AI Tool — And Your Google Workspace Could Be Next

Vercel Hacked Through an AI Tool — And Your Google Workspace Could Be Next

A third-party AI tool trusted by a single Vercel employee turned into the entry point for one of the most closely-watched cloud infrastructure breach…
Anthropic's MCP Design Flaw Enables Remote Code Execution Across 200,000+ AI Servers

Anthropic's MCP Design Flaw Enables Remote Code Execution Across 200,000+ AI Servers

A single architectural decision baked into Anthropic's Model Context Protocol has quietly turned the backbone of the AI agent ecosystem into a re…
PHP Composer Hit by Two Command Injection Flaws That Work Even Without Perforce Installed

PHP Composer Hit by Two Command Injection Flaws That Work Even Without Perforce Installed

If you use PHP's Composer package manager, stop what you're doing and run composer.phar selfupdate right now.  Two newly disclosed command i…
Apache Tomcat's Security Fix Opened the Door to Unauthenticated RCE

Apache Tomcat's Security Fix Opened the Door to Unauthenticated RCE

Sometimes the cure is worse than the disease. That is precisely what happened when Apache's developers patched a cryptographic weakness in Tomcat…
Kraken Refuses to Pay Criminal Extortionists After Two Insider Breaches Exposed 2,000 Client Accounts

Kraken Refuses to Pay Criminal Extortionists After Two Insider Breaches Exposed 2,000 Client Accounts

Crypto exchange Kraken is standing firm against an active extortion campaign after criminals — armed with recorded videos of internal support systems…
Critical Axios Flaw Enables Full Cloud Takeover

Critical Axios Flaw Enables Full Cloud Takeover

Axios, the JavaScript HTTP client powering over 100 million npm downloads every week, is under fire again — this time from a quietly lurking code-lev…
Adobe Acrobat Zero-Day CVE-2026-34621 Under Active Attack

Adobe Acrobat Zero-Day CVE-2026-34621 Under Active Attack

Adobe has confirmed that attackers have been quietly exploiting a critical zero-day vulnerability in Adobe Acrobat and Reader since at least December…
CPU-Z & HWMonitor Site Hacked to Push Malware

CPU-Z & HWMonitor Site Hacked to Push Malware

If you downloaded CPU-Z or HWMonitor from cpuid.com between April 9 and 10, 2026, you may have gotten far more than a hardware monitoring tool. The w…
React2DoS Flaw Can Crash Servers with One Request

React2DoS Flaw Can Crash Servers with One Request

A newly disclosed vulnerability in React Server Components can bring production servers to a complete halt using nothing more than a single, c…
Linux's Print System Has a Zero-Click Root Hole — and No Fix Yet

Linux's Print System Has a Zero-Click Root Hole — and No Fix Yet

If your Linux server runs a shared PostScript print queue, a remote attacker with no credentials whatsoever can — right now — execute arbitrary code …
Your Router Is Spying on You — And Russia's APT28 Is Behind It

Your Router Is Spying on You — And Russia's APT28 Is Behind It

Your home router may already be working for Russian military intelligence — and you'd have no idea. In a rare coordinated disclosure, both the UK…
Why Cloud and Endpoint Security Can’t Be Treated Separately Anymore

Why Cloud and Endpoint Security Can’t Be Treated Separately Anymore

Many companies still think about security in buckets. One team worries about laptops and employee devices. Another focuses on cloud workloads, storag…
Fortinet Rushes Emergency Patch After Zero-Day in FortiClient EMS Caught Mid-Exploitation

Fortinet Rushes Emergency Patch After Zero-Day in FortiClient EMS Caught Mid-Exploitation

A critical zero-day vulnerability in Fortinet's FortiClient Endpoint Management Server (EMS) was already being weaponized by attackers when resea…
Progress ShareFile Storage Zone Controller Hit With Critical Pre-Auth RCE Chain — Patch Now

Progress ShareFile Storage Zone Controller Hit With Critical Pre-Auth RCE Chain — Patch Now

Offensive security firm watchTowr has disclosed a critical two-vulnerability chain in Progress ShareFile's on-premises Storage Zone Controller (S…