The FBI issued a public service announcement Wednesday warning that cyber-enabled cargo theft has surged 60% to $725 million in losses across the US and Canada in 2025. The pattern: criminals phish freight brokers and carriers via spoofed emails, install remote-monitoring software like ScreenConnect or Pulseway, then post fraudulent listings on freight load boards under the broker's identity. Real shippers respond, hand over high-value cargo, and the load is diverted to criminal-controlled drivers. The average theft is now $273,990 - a 36% jump from 2024. Cargo theft also funds drug trafficking and money laundering, not just direct resale.
Attackers compromised four official SAP npm packages on Wednesday and replaced them with versions that quietly steal developer credentials when installed. The packages - mbt, @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service - are SAP's open-source tools for cloud application development. Anyone who ran 'npm install' between 09:55 and 12:14 UTC on April 29 had their machine grab GitHub tokens, npm credentials, and AWS, Azure, and GCP secrets, then dump them into public GitHub repositories on the victim's own account. The same attackers (TeamPCP) hit Trivy, Checkmarx, and Bitwarden earlier this year. The malware skips Russian-language systems entirely.
Update on the GitHub flaw covered yesterday: Wiz, who found the bug, published its full disclosure showing 88% of self-hosted GitHub Enterprise Servers were still unpatched at public disclosure on April 28. The bug let any user with push access to one repository run code on the GitHub server itself with a single 'git push'. On GitHub.com, the same bug exposed millions of public and private repositories belonging to other users sharing the same storage node. GitHub.com was patched within 75 minutes, but Enterprise Server installs need patching manually. Wiz found the bug using AI-augmented reverse engineering on closed-source GitHub binaries.
A WordPress security researcher found a backdoor that's been quietly running on 70,000 websites for five years. The Quick Page/Post Redirect plugin had a hidden self-updater added in 2020 that pointed not to WordPress.org but to anadnet[.]com, an attacker-controlled domain. In March 2021 that updater silently delivered a tampered version of the plugin - replacing the real plugin with one that included a passive backdoor. The backdoor only triggers for visitors who aren't logged in (so site owners never see it firing) and was used to inject SEO spam into pages served to Google's crawler. WordPress.org pulled the plugin pending review.
North Korea's Famous Chollima group (also called Void Dokkaebi) is using Anthropic's Claude Opus to write malicious npm packages and slip them into developer environments. ReversingLabs found the group had registered a fake Florida LLC, set up a real-looking developer firm, and used Claude to add a package called @validate-sdk/v2 as a dependency to a legitimate-looking utility SDK. When developers installed the parent package, the dependency executed code that stole their cryptocurrency wallet credentials. The campaign progressed from simple JavaScript info-stealers (5KB) to full Node.js executables (85MB) bundling Claude-generated deception code.
Aisle, an AI-driven application security firm, ran its analyzer over OpenEMR's source code and found 38 previously unknown vulnerabilities, including two with maximum severity (CVSS 10.0). OpenEMR is the open-source electronic health records system used by 100,000 healthcare providers serving 200 million patients. The two critical bugs let attackers reach into patient databases without logging in: CVE-2026-24898 lets any unauthenticated visitor receive the medical practice's API tokens by sending a single POST request, and CVE-2026-24908 is a SQL injection in the patient REST API. OpenEMR has now patched all 38.
Researchers at Theori and Xint disclosed Copy Fail yesterday, a Linux kernel bug introduced in 2017 that lets any unprivileged user with shell access become root in seconds. The exploit is a 732-byte Python script that works without version-specific tweaks on every major Linux distribution since 2017 - Ubuntu, Amazon Linux, RHEL, SUSE. Unlike previous kernel bugs (Dirty Cow, Dirty Pipe), Copy Fail has no race condition and no per-kernel offsets. It also leaves no trace on disk because it only modifies the in-memory page cache. The bug was found using AI-assisted reverse engineering and has been hiding in the open for nearly nine years.
SonicWall released emergency firmware updates for Gen 6, Gen 7, and Gen 8 firewalls after CrowdStrike's research team disclosed three SonicOS flaws on April 29. The worst is CVE-2026-0204 (CVSS 8.0), a weak authentication bug in the management interface that lets an attacker on an adjacent network reach management functions without logging in - and from there change firewall rules, disable security protections, or open new holes. The other two are post-authentication: CVE-2026-0205 is a path traversal that breaks out of restricted directories, and CVE-2026-0206 is a buffer overflow that crashes the firewall. No public exploits yet.
LiteLLM, the popular open-source gateway used to centralize API access for OpenAI, Anthropic, and other AI providers, has a critical pre-authentication SQL injection bug that attackers started exploiting just 36 hours after the security advisory went public. The flaw lets anyone who can reach the proxy port read all the API keys stored inside - including master keys, virtual keys, and provider credentials. The bug was in the bearer-token check: the token was concatenated into a SQL query instead of passed as a parameter. Sysdig saw the first attack at 04:24 UTC on April 26, hitting three tables that hold the most valuable secrets.
Researchers disclosed CVE-2026-3854, a critical GitHub Enterprise Server flaw that lets anyone with push access execute arbitrary commands on the GitHub server with a single git push. The bug is in how Enterprise Server handles repository hooks during push operations - a crafted commit message or filename bypasses the sanitization that normally prevents shell injection. GitHub patched it last week, but self-hosted instances need to apply the patch manually, and telemetry shows most haven't yet. Anyone with developer-level access to a vulnerable Enterprise Server can take over the entire instance, then pivot into every repository and CI/CD secret it hosts.
TrustStrike Labs