Cybersecurity Update: AI-Driven Threats, Critical Vulnerabilities, and Ransomware Attacks - April 29, 2026

CybersecWednesday, April 29, 2026

50 articles analyzed by AI / 142 total

Key points

0:00 / 0:00

•The Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited vulnerabilities in ConnectWise ScreenConnect and Microsoft Windows to its KEV catalog on April 29, 2026, emphasizing an ongoing and urgent threat landscape. These flaws are currently exploited, requiring immediate attention from users and administrators of these platforms.[The Hacker News RSS][Google News - Cybersecurity]
•A critical SQL injection vulnerability in LiteLLM (CVE-2026-42208) was exploited within a mere 36 hours after being publicly disclosed. This rapid exploitation timeline demonstrates the critical importance for organizations using LiteLLM to apply security patches swiftly to avoid potential breaches.[The Hacker News RSS]
•Researchers uncovered a supply chain attack targeting SAP npm packages including SafeDep and Wiz, utilizing credential-stealing malware known as 'Mini Shai-Hulud'. This attack highlights persistent dangers in software supply chains, with attackers stealing user credentials to compromise systems.[The Hacker News RSS][Reddit /r/netsec]
•North Korean threat actors launched a sophisticated campaign using AI-inserted npm malware, fake firms, and RATs, including attacks against Anthropic’s Claude Opus Large Language Model. Discovered in April 2026, this reflects a new level of AI-enhanced persistent cyber threats from nation-state actors.[The Hacker News RSS][Google News - Cybersecurity][Google News - Cybersecurity]
•A critical authentication vulnerability affecting all supported versions of cPanel was disclosed, necessitating immediate updates to prevent unauthorized access. This vulnerability poses serious risks to web hosting servers globally, highlighting the importance of timely patch management.[The Hacker News RSS]
•MITRE and RunSafe Security reported rising cyber risks targeting medical devices as adoption of AI, cloud computing, and post-quantum cryptography increases. This has led to heightened attacks on medical devices, prompting calls for improved cybersecurity standards and procurement policies in the healthcare sector.[Google News - Cybersecurity][Google News - Cybersecurity][Google News - Cybersecurity][Google News - Cybersecurity]
•The ShinyHunters ransomware group attacked Vimeo and Carnival Corporation, underscoring the persistent impact of ransomware on entertainment and travel sectors. These incidents demonstrate the ongoing financial and operational risk posed by ransomware threat actors worldwide.[Google News - Cybersecurity]
•Phishing attacks capable of bypassing Multi-Factor Authentication (MFA) are increasing, representing a serious threat to organizational security. This trend undermines the protective value of MFA and requires enhanced detection and training to safeguard corporate systems.[Google News - Cybersecurity]
•Cybercriminals are exploiting autonomous AI agents to automate complex cyberattacks in real-time, as discussed in a February 2026 webinar. This emerging AI-powered offensive capability complicates defensive cybersecurity measures, requiring novel security responses.[The Hacker News RSS]
•HackerOne introduced 'h1 Validation' in April 2026 to tackle the growing wave of AI-driven security vulnerabilities. This initiative aims to enhance vulnerability validation and response, helping organizations manage risks associated with AI-enhanced threat vectors.[Google News - Cybersecurity]

Relevant articles

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

9/10

The Cybersecurity and Infrastructure Security Agency (CISA) added two actively exploited security flaws affecting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog on April 29, 2026. These vulnerabilities are currently under active exploitation, signaling heightened cybersecurity risks for relevant organizations.

The Hacker News RSS · 4/29/2026, 8:46:00 AM

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

9/10

A critical SQL injection vulnerability in LiteLLM, designated CVE-2026-42208, was exploited within just 36 hours of its public disclosure. This rapid exploitation underlines the urgent necessity for timely patching to prevent attackers from leveraging this flaw.

The Hacker News RSS · 4/29/2026, 5:34:00 AM

SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware

8/10

Cybersecurity researchers revealed a supply chain attack compromising SAP npm packages, including SafeDep and Wiz, using credential-stealing malware dubbed 'Mini Shai-Hulud'. This malware targets user credentials and highlights ongoing risks in trusted software supply chains.

The Hacker News RSS · 4/29/2026, 4:26:00 PM

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

8/10

A new wave of cyberattacks linked to North Korea employs AI-inserted npm malware, fake firms, and Remote Access Trojans (RATs). This campaign, discovered by cybersecurity experts on April 29, 2026, included malware targeting Anthropic's Claude Opus Large Language Model, illustrating advanced persistent threat tactics.

The Hacker News RSS · 4/29/2026, 2:43:00 PM

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

8/10

On April 29, 2026, cPanel disclosed a critical authentication vulnerability affecting all supported versions of its web hosting control panel software. Immediate server updates are required to prevent unauthorized access, making this a pressing vulnerability for web administrators.

The Hacker News RSS · 4/29/2026, 9:37:00 AM

MITRE flags rising cyber risks as medical devices adopt AI, cloud and post-quantum technologies - Industrial Cyber

8/10

MITRE reported increasing cybersecurity risks tied to medical devices adopting AI, cloud technologies, and post-quantum cryptography. This trend raises concerns about the security of emerging medical technologies and the need for advanced protection strategies.

Google News - Cybersecurity · 4/29/2026, 8:31:38 AM

ShinyHunters Ransomware strikes Vimeo and Carnival Corporation - Cybersecurity Insiders

8/10

The ShinyHunters ransomware group launched attacks on Vimeo and Carnival Corporation, impacting organizations in the entertainment and travel sectors. These attacks, reported on April 29, 2026, demonstrate persistent ransomware threats across diverse industries.

Google News - Cybersecurity · 4/29/2026, 5:55:27 AM

Cybersecurity Firm Highlights Growing Risk of MFA-Bypass Phishing - TipRanks

8/10

A cybersecurity firm warned on April 29, 2026, about the rising risk of phishing attacks capable of bypassing Multi-Factor Authentication (MFA). These sophisticated phishing methods pose significant threats to organizational security, undermining MFA effectiveness.

Google News - Cybersecurity · 4/29/2026, 1:16:42 AM

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

7/10

A February 2026 webinar detailed how cybercriminals have started using autonomous AI agents to automate cyberattacks in real-time. This evolution enables faster, more sophisticated exploit campaigns, complicating defense efforts in cybersecurity.

The Hacker News RSS · 4/29/2026, 12:02:00 PM

HackerOne Launches h1 Validation to Tackle Rising Wave of AI-Driven Vulnerabilities - Cybersecurity Insiders

7/10

HackerOne launched 'h1 Validation' on April 29, 2026, a new initiative designed to address the rising wave of AI-driven vulnerabilities. This tool aims to enhance vulnerability management and improve security in increasingly AI-affected threat environments.

Google News - Cybersecurity · 4/29/2026, 4:29:59 AM