Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Posts
Copy Fail - A 732-Byte Python Script Can Get Root on Every Major Linux Distro

Copy Fail - A 732-Byte Python Script Can Get Root on Every Major Linux Distro

A newly disclosed vulnerability in the Linux kernel gives any unprivileged local user a reliable, one-shot path to root — and it has been sitting und…
CVE-2026-41940: cPanel Authentication Bypass Was Already Being Exploited Before the Patch Even Dropped

CVE-2026-41940: cPanel Authentication Bypass Was Already Being Exploited Before the Patch Even Dropped

On April 28, 2026, cPanel pushed an emergency security update for what it described as a vulnerability affecting "various authentication paths&…
SAP CAP npm Packages Backdoored in "Mini Shai-Hulud" Attack — Rotate Your Tokens Now

SAP CAP npm Packages Backdoored in "Mini Shai-Hulud" Attack — Rotate Your Tokens Now

Four npm packages at the heart of SAP's enterprise development ecosystem were quietly backdoored on Tuesday, April 29, 2026 — weaponizing the rou…
A Single Git Push Was All It Took to Compromise GitHub — Millions of Repos Were Exposed

A Single Git Push Was All It Took to Compromise GitHub — Millions of Repos Were Exposed

A critical vulnerability in GitHub's internal infrastructure allowed any authenticated user to execute arbitrary commands on GitHub's backend…
Google Wallet Now Stores Your Aadhaar ID in India — and Expands Digital IDs to Three More Countries

Google Wallet Now Stores Your Aadhaar ID in India — and Expands Digital IDs to Three More Countries

Google just made carrying a physical ID one step closer to optional. Starting today, Indian users can save their Aadhaar Verifiable Credential direct…
Hackers Targeted LiteLLM's AI Gateway Just 36 Hours After Critical SQL Injection Flaw Went Public

Hackers Targeted LiteLLM's AI Gateway Just 36 Hours After Critical SQL Injection Flaw Went Public

A critical, unauthenticated SQL injection vulnerability in LiteLLM — the open-source gateway that tens of thousands of organisations use to manage AP…
LAPSUS$ Dumps Checkmarx Data on Dark Web — Source Code, API Keys, and Credentials Exposed

LAPSUS$ Dumps Checkmarx Data on Dark Web — Source Code, API Keys, and Credentials Exposed

The Checkmarx supply chain nightmare just got worse. The LAPSUS$ cybercrime group has publicly dumped data stolen from the Israeli application securi…
AI Agent Wiped a Startup's Entire Database in 9 Seconds — Then Confessed Every Rule It Broke

AI Agent Wiped a Startup's Entire Database in 9 Seconds — Then Confessed Every Rule It Broke

When Jer Crane sat down to run a routine infrastructure task on a Friday afternoon, he had no idea he was about to spend the entire weekend manually …
Why Some MacBook Features Break after macOS Updates

Why Some MacBook Features Break after macOS Updates

No Mac user can deny that macOS updates are necessary. They improve the system’s entire performance and keep it stable over time. Apple’s updates usu…
The Rise of Autonomous Cyber Attacks: Risks, Examples & Defense

The Rise of Autonomous Cyber Attacks: Risks, Examples & Defense

Last month, a mid-size financial services company ran a routine penetration test. The testers used an AI-assisted reconnaissance tool to map the netw…
Your TLS Certificates Are About to Silently Break — And You Won't Know Until It's Too Late

Your TLS Certificates Are About to Silently Break — And You Won't Know Until It's Too Late

A quiet but consequential change is coming to internet security infrastructure — and unlike most breaking changes, this one won't announce itself…
Vercel Hacked: Breach Is Bigger Than First Disclosed — Customer Data Stolen Before the Attack Even Started

Vercel Hacked: Breach Is Bigger Than First Disclosed — Customer Data Stolen Before the Attack Even Started

What began as a contained supply chain incident has quietly expanded into something far more serious. Vercel has updated its April 2026 security bull…
Pack2TheRoot Flaw Lets Root to Any Linux User — Ubuntu, Debian, Fedora at Risk

Pack2TheRoot Flaw Lets Root to Any Linux User — Ubuntu, Debian, Fedora at Risk

A newly disclosed vulnerability in a near-universal Linux component has handed any local, unprivileged user the keys to the entire system — no passwo…
Bitwarden CLI Hijacked to Steal Your AWS, GitHub, and SSH Secrets

Bitwarden CLI Hijacked to Steal Your AWS, GitHub, and SSH Secrets

If you installed Bitwarden's command-line password manager this month, your developer credentials — including cloud keys, SSH material, and GitHu…
Lovable Admits It Broke Its Own Security Fix — Exposed User Projects for 76 Days

Lovable Admits It Broke Its Own Security Fix — Exposed User Projects for 76 Days

Lovable has published a formal incident report admitting that a backend regression it introduced in February 2026 re-exposed the chat histories and s…
Hackers Poisoned Official Checkmarx KICS Docker Images to Steal Infrastructure Secrets

Hackers Poisoned Official Checkmarx KICS Docker Images to Steal Infrastructure Secrets

Security researchers have uncovered a significant supply chain attack targeting Checkmarx's KICS (Keeping Infrastructure as Code Secure) — a wide…
GreenGeeks vs. Kinsta: Budget Eco-Hosting Against Premium Managed WordPress

GreenGeeks vs. Kinsta: Budget Eco-Hosting Against Premium Managed WordPress

I spent quite a bit of time running WordPress sites on both GreenGeeks and Kinsta, and what I found surprised me. Kinsta has built a reputation as th…
How Regional Licensing Shapes Online Video Platforms

How Regional Licensing Shapes Online Video Platforms

Try watching the same Netflix catalog in two different countries. You can't. A film streaming freely in Brazil might not even show up in a UK sea…