Critical Cybersecurity Vulnerabilities and Major Hacks Report - April 28, 2026

CybersecTuesday, April 28, 2026

50 articles analyzed by AI / 135 total

Key points

0:00 / 0:00

•In late April 2026, multiple critical remote code execution vulnerabilities were disclosed across major platforms including Windows Shell (CVE-2026-32202), GitHub (CVE-2026-3854), Hugging Face LeRobot (CVE-2026-25874), and Nessus Agent on Windows. These flaws have high CVSS scores ranging from 8.7 to 9.3, posing significant risk to enterprise and cloud environments, with some already actively exploited or remaining unpatched.[Google News - Cybersecurity][The Hacker News RSS][The Hacker News RSS][Google News - Cybersecurity]
•Citrix’s XenServer/Hypervisor is affected by a total of 89 vulnerabilities, including five critical issues with CVSS scores of up to 9.9, as revealed by researchers in April 2026. This disclosure shines a light on the considerable security challenges faced by virtualization infrastructures that host enterprise workloads.[Reddit /r/netsec]
•A newly identified privilege escalation technique called PhantomRPC affects all tested Windows versions, including Server editions from 2022 and 2025. Published by Kaspersky, this attack vector abuses Windows RPC runtime’s failure to validate high-privileged servers, enabling attackers with SeImpersonatePrivilege to execute SYSTEM-level code.[Google News - Cybersecurity]
•The VECT 2.0 ransomware strain poses a critical threat by irreversibly destroying files larger than 131KB on Windows, Linux, and ESXi platforms due to a fundamental encryption flaw, as warned in April 2026. This destructive behavior complicates recovery efforts for impacted organizations, marking a dangerous evolution in ransomware tactics.[Google News - Cybersecurity]
•International law enforcement actions continue to combat cybercrime, exemplified by the extradition of Xu Zewei, affiliated with the Chinese Silk Typhoon state-sponsored hacking group, to the U.S. in April 2026. He faces charges related to cyber intrusions targeting COVID-19 research conducted during the pandemic period.[The Hacker News RSS]
•Microsoft addressed a significant security flaw in Entra ID's Agent ID Administrator role that could allow privilege escalation and service principal takeover. The patching of this vulnerability in April 2026 reflects ongoing efforts to tighten cloud identity security amid increasing threats targeting privileged accounts.[The Hacker News RSS]
•Cybercriminal activity targeting digital currencies remains a top concern as North Korean-linked hackers successfully stole $290 million in cryptocurrency assets. This heist highlights the growing scale and sophistication of nation-state-associated cybercrime groups engaging in financially motivated cyberattacks worldwide.[Google News - Cybersecurity]

Relevant articles

WARNING: Windows Shell Flaw CVE-2026-32202 Actively Exploited - LinkedIn

9/10

A critical Windows Shell vulnerability identified as CVE-2026-32202 is actively exploited in the wild, potentially affecting numerous Windows systems. Microsoft has confirmed this active exploitation as of late April 2026 and recommends immediate patching to mitigate security risks.

Google News - Cybersecurity · 4/28/2026, 4:12:04 PM

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

9/10

Researchers disclosed CVE-2026-3854, a critical remote code execution flaw on GitHub with a CVSS score of 8.7. This vulnerability allows exploitation via a single Git push affecting both GitHub.com and Enterprise Server versions.

The Hacker News RSS · 4/28/2026, 6:19:00 PM

89 vulnerabilities in XAPI (Citrix XenServer/Hypervisor) - 3x CVSS 9.9, 2x CVSS 9.1

9/10

Security researchers have identified 89 vulnerabilities in XAPI, used by Citrix XenServer/Hypervisor, including three critical flaws scoring 9.9 and two scoring 9.1 on the CVSS scale. The disclosure occurred in April 2026 and highlights significant security risks for virtualization platforms.

Reddit /r/netsec · 4/24/2026, 7:07:31 PM

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

9/10

A critical unpatched remote code execution vulnerability, CVE-2026-25874, was discovered in Hugging Face's LeRobot platform, with a CVSS score of 9.3. The flaw remains unpatched as of April 28, 2026, exposing users to significant risk.

The Hacker News RSS · 4/28/2026, 11:18:00 AM

DDoS Cyber Attack makes eBay lose $200m per Day - Cybersecurity Insiders

8/10

Kaspersky disclosed PhantomRPC, a privilege escalation technique affecting all tested Windows versions, including Server 2022 and 2025. The flaw exploits a lack of server validation in Windows RPC runtime, enabling attackers with SeImpersonatePrivilege to impersonate SYSTEM-level clients.

Google News - Cybersecurity · 4/28/2026, 3:33:36 PM

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi - The Hacker News

8/10

The VECT 2.0 ransomware irreversibly destroys files larger than 131KB on Windows, Linux, and ESXi systems due to a critical encryption flaw. Reported in April 2026, this malware poses a severe threat to enterprise data security and recovery efforts.

Google News - Cybersecurity · 4/28/2026, 2:01:00 PM

Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges - CyberSecurityNews

8/10

A vulnerability in the Nessus Agent on Windows allows arbitrary code execution with SYSTEM privileges. Disclosed in late April 2026, this issue presents a significant security risk for environments using this widely employed security agent.

Google News - Cybersecurity · 4/28/2026, 9:28:18 AM

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

8/10

Xu Zewei, a Chinese national linked to the Silk Typhoon hacking group, was extradited from Italy to the U.S. on charges of cyberattacks targeting COVID-19 research. Arrested in Italy in July 2025, he is alleged to have participated in state-sponsored cyber operations.

The Hacker News RSS · 4/28/2026, 7:57:00 AM

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

8/10

Microsoft patched a privilege escalation flaw in Entra ID related to the Agent ID Administrator role, which previously enabled service principal takeover attacks. The vulnerability was disclosed and addressed in April 2026 based on Silverfort's research.

The Hacker News RSS · 4/28/2026, 6:37:00 AM

North Korean-linked hackers heist $290M in crypto - Escudo Digital

8/10

North Korean-linked hackers executed a cryptocurrency theft totaling $290 million, demonstrating the increased scale and sophistication of state-affiliated cybercrime groups targeting digital assets globally as of April 2026.

Google News - Cybersecurity · 4/28/2026, 5:20:03 AM