Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines
B (0:07)
these are the cybersecurity headlines for Thursday, April 30, 2026. I'm Sarah Lane Hackers arrested for selling Roblox Accounts Ukrainian authorities arrested three individuals for hijacking more than 610,000 Roblox accounts using info stealing malware display disguised as game enhancement tools. The attackers harvested credentials, sorted accounts by value, including at least 357 high value profiles and sold them through Russian platforms generating around $225,000. Police seized devices and cash during raids and the suspects now face up to 15 years in prison as investigators look for additional victims and accomplices. Microsoft's patch for a zero day falls short Microsoft and CISA warned that attackers are exploiting a zero click Windows shell flaw created by an incomplete fix for an earlier vulnerability used by Russian state backed group APT28. The bug allows credential theft via forced authentication, exposing net NTL MV2 hashes that can be used to access sensitive data and move laterally on networks. Even after Microsoft's February patches blocked the original remote code execution chain, CISA has added the flaw to its known exploited vulnerabilities list with a May 12 remediation deadline. US and China partner on Dubai scam takedown A joint US and Chinese law enforcement operation raided nine scam centers in Dubai, resulting in 276 arrests tied to cryptocurrency pig butchering schemes that defrauded American victims. Investigators traced the networks using data from meta financial records and blockchain analysis, leading to charges against several organizers accused of running front companies coordinating the scams. This is part of a broader US effort to combat cyber fraud which cost Americans $16 billion last year. Concerns remain over links between Chinese criminal groups and state aligned economic activity. Hackers exploit RCE flaws in Qinglong Attackers are exploiting two authentication bypass flaws in the Qing Lung Task Scheduler to achieve remote code execution and deploy crypto miners on exposed servers. The bugs stem from mismatches in routing and authentication logic, allowing unauthorized access to admin endpoints and enabling attackers to inject malicious commands that install high CPU mining processes disguised as legitimate system activity. Exploitation began before disclosure, and while initial patches were incomplete, a later fix addressed the root cause as infection spread across multiple environments. Huge thanks to our sponsor Guard Square, AI is speeding up development, but at what cost? While 96% of teams now use AI tools, 81% report that AI generated code has introduced new vulnerabilities into their mobile apps. In a world with automated threats, you need multi layered polymorphic security to stay ahead of the curve. Learn more@guardsquare.com reverse engineering unearths GitHub bug GitHub disclosed a high severity flaw that could let attackers with repository push access achieve remote code execution by injecting malicious metadata through unsanitized input. The issue was discovered by Wiz using an AI powered reverse engineering tool that analyzed closed source binaries, reducing what would have taken months to under 48 hours. GitHub patched cloud instances with with no evidence of exploitation, but many on premise enterprise server deployments remained vulnerable. Exchange Online Blocks old TLS versions Microsoft will start blocking TLS 1.0 and 1.1 connections to exchange online for POP3 and IMAP4 starting in July, fully ending support for the deprecated protocols. The move follows years of warnings with with most Traffic already using TLS 1.2 or higher, though legacy clients and devices that opted into older endpoints could still face disruptions. The change reflects broader industry efforts to phase out insecure encryption standards and unsurprisingly, Microsoft is pushing customers towards more modern protocols. Flaws found in Electronic Health Record Platform An AI driven scan of the open EMR platform uncovered 38 previously unknown vulnerabilities, including SQL injection, authorization bypass and XSS flaws that could enable database compromise, patient data theft and remote code execution. Security firm Aisle identified the issues in three months and provided fixes, all of which have now been patched. With OpenEMR integrating the AI tool into its development workflow, AI is accelerating vulnerability discovery but also increasing pressure on defenders to rapidly triage and remediate risks. SAP related NPM packages Compromised Multiple SAP related NPM packages were compromised in a supply chain attack that inserted credential stealing malware via malicious pre install scripts. The payload harvested developer credentials, cloud secrets and tokens, exfiltrating them through victim controlled GitHub repositories, while also self propagating by poisoning other packages and injecting malicious workflows. The attack exploited gaps in NPM's OIDC trusted publishing and introduced new persistent techniques targeting AI coding tools, with maintainers now releasing clean versions to replace the infected packages. Every organization wants to be able to recover from a ransomware attack, so why does no one seem to test properly for it? That is what we're trying to figure out on the latest episode of Defense In Depth. Look for the episode how do you know if your backups will survive a ransomware attack? Wherever you get your podcasts and if you have thoughts on the news from today or about our show in general. Be sure to reach out for feedbackisoseries.com we'd love to hear from you. I am Sarah Lane, reporting for the CISO series. You stay classy and safe out there.