Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Cybersecurity Brief: April 30, 2026
Multiple significant data breaches emerged today affecting millions of individuals across critical sectors. UK Biobank disclosed that half a million genetic, biological, and health records were offered for sale online in China, raising serious concerns about the protection of sensitive medical data. In the U.S., ADT faces a class action lawsuit after hackers compromised systems affecting 5.5 million customer accounts, while Amtrak confirmed an exposure linked to the ShinyHunters group impacting 2.1 million accounts containing customer names, emails, addresses, and support records. Critical infrastructure provider Itron, which manufactures energy and water measurement devices, also reported a cyberattack, though operations remained unaffected.
U.S. congressional leaders announced a joint investigation into national security risks posed by Chinese-developed AI models, focusing on cybersecurity vulnerabilities from low-cost, open-weight, and API-based systems. The investigation reflects growing concerns about AI's dual role in cybersecurity—both as an attack vector and defensive tool—a theme prominently featured at this week's Black Hat Asia conference. Meanwhile, CISA's ability to coordinate with the private sector faces significant disruption due to staff departures in its Stakeholder Engagement Division, creating what sources describe as a "standstill" in critical cyber partnerships. A new Resilience report confirms manufacturing remains the top global target for cyberattacks, with ransomware accounting for over 90% of total losses despite representing just 12% of claims.
Sources: Security Brief · Bloomberg Law · Fox News · Cybersecurity Dive · House Homeland Security Committee · The Economist · Federal News Network · Industrial Cyber
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Search Known Exploits
Search for CVEs by vendor to identify known exploited vulnerabilities in your environment
Upcoming Patch Due Dates
via Binding Operational Directive 22-01
(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.
Loading...
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
Why DeFi isn't dead despite massive exploits and $13 billion investor exodus
CoinDesk analysis explaining that while Kelp DAO's $292 million exploit triggered $13 billion in DeFi TVL losses, much of this was leveraged positions...
Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research
Chinese national Xu Zewei was extradited from Italy to face charges for his role in the HAFNIUM cyber espionage campaign that compromised more than 12...
Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims
Angelo Martino, a former ransomware negotiator, pleaded guilty to conspiring with BlackCat ransomware operators to extort U.S. companies by providing ...
Minnesota House passes crypto ATM ban
Security. Minnesota House passes crypto ATM ban. Photo: Adobe Stock. April ... If signed, Minnesota would become the third state to ban crypto ATMs .....
The Protocol: Mythos forces crypto industry to rethink security practices - CoinDesk
Also: Aave's $300 million recovery effort, crypto for AI agents, and Bitcoin proposal for Satoshi-linked tokens.
Why DeFi Isn't Dead Despite Massive Exploits and $13 Billion Investor Exodus
KelpDAO's $292 million exploit triggered $13 billion in DeFi TVL losses, but much of that was leveraged positions unwinding rather than real capital d...
Top 5 Crypto Hacks Since January 2026 — $600M and Counting
Comprehensive analysis of the largest cryptocurrency hacks in 2026, with April accounting for $606 million in losses including the $293 million Kelp D...
Medtronic says cyberattack on IT network has not disrupted operations
Medical device maker Medtronic confirms cyberattack on corporate IT systems did not affect products or operations.
Updated daily
