Google

Cybersecurity roundup for 2026-04-27 to 2026-05-03. 10 CVE advisories, 5 breach reports, 5 threat news stories.

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]

TeamPCP supply chain campaign resumed after a 26-day pause with three concurrent compromises (Checkmarx KICS, Bitwarden CLI, xinference PyPI). A new self-propagating npm worm, CanisterSprawl, has also been identified.

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since lat

Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. [...]

A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. [...]

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

A previously undocumented set of 23 iOS exploits named 'Coruna' has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. [...]

Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. [...]

Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. [...]