25 updates from 9 sources:

BleepingComputer: CISA orders feds to patch Windows flaw exploited as zero-day
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-flaw-exploited-in-zero-day-attacks/

SecurityWeek: Iranian Cyber Group Handala Targets US Troops in Bahrain
https://www.securityweek.com/iranian-cyber-group-handala-targets-us-troops-in-bahrain/

🦠 Malwarebytes: Scam-checking just got a lot easier: Malwarebytes is now in Claude
https://www.malwarebytes.com/blog/product/2026/04/scam-checking-just-got-a-lot-easier-malwarebytes-is-now-in-claude

SecurityWeek: Checkmarx Confirms Data Stolen in Supply Chain Attack
https://www.securityweek.com/checkmarx-confirms-data-stolen-in-supply-chain-attack/

The Hacker News: What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html

Security Boulevard: Oracle Control Evidence: What Auditors Really Want You to Prove
https://securityboulevard.com/2026/04/oracle-control-evidence-what-auditors-really-want-you-to-prove/

The Hacker News: Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
https://thehackernews.com/2026/04/webinar-how-to-automate-exposure.html

SecurityWeek: Hundreds of Internet-Facing VNC Servers Expose ICS/OT
https://www.securityweek.com/hundreds-of-internet-facing-vnc-servers-expose-ics-ot/

Security Boulevard: Deploying SafePaaS in Oracle E‑Business Suite: A 90‑Day Blueprint to Continuous, Independent Control Monitoring
https://securityboulevard.com/2026/04/deploying-safepaas-in-oracle-e%e2%80%91business-suite-a-90%e2%80%91day-blueprint-to-continuous-independent-control-monitoring/

Security Boulevard: Deploying SafePaaS for Oracle ERP Cloud: A 90‑Day Blueprint to Strengthen Risk Management
https://securityboulevard.com/2026/04/deploying-safepaas-for-oracle-erp-cloud-a-90%e2%80%91day-blueprint-to-strengthen-risk-management/

Security Boulevard: AI-Powered Legacy System Transformation: Solving Technical Debt & Integration Challenges
https://securityboulevard.com/2026/04/ai-powered-legacy-system-transformation-solving-technical-debt-integration-challenges/

Security Boulevard: Hackernoon | Why Cloud Monitoring Has Become K–12’s Most Critical Cyber Defense Tool
https://securityboulevard.com/2026/04/hackernoon-why-cloud-monitoring-has-become-k-12s-most-critical-cyber-defense-tool/

Security Boulevard: Oracle Risk Management Cloud vs SafePaaS: What you should evaluate
https://securityboulevard.com/2026/04/oracle-risk-management-cloud-vs-safepaas-what-you-should-evaluate/

BleepingComputer: GitHub fixes RCE flaw that gave access to millions of private repos
https://www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/

darkreading: Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities
https://www.darkreading.com/cyber-risk/lotus-wiper-attack-targeted-venezuelan-energy-firms-utilities

Security Boulevard: Mastering agentic AI security through exposure management
https://securityboulevard.com/2026/04/mastering-agentic-ai-security-through-exposure-management/

Security Boulevard: Bluegrass, Banjos and Breaches: AI SOC Lessons for MSSPs
https://securityboulevard.com/2026/04/bluegrass-banjos-and-breaches-ai-soc-lessons-for-mssps/

Security Boulevard: Miggo Security Leverages AI to Apply Virtual Patches in Near Real Time
https://securityboulevard.com/2026/04/miggo-security-leverages-ai-to-apply-virtual-patches-in-near-real-time/

SecurityWeek: Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
https://www.securityweek.com/fresh-litellm-vulnerability-exploited-shortly-after-disclosure/

BleepingComputer: Learning from the Vercel breach: Shadow AI & OAuth sprawl
https://www.bleepingcomputer.com/news/security/learning-from-the-vercel-breach-shadow-ai-and-oauth-sprawl/

Security Boulevard: Sevii Adds Ability to Dynamically Deploy AI Agents to Combat Cyberattacks
https://securityboulevard.com/2026/04/sevii-adds-ability-to-dynamically-deploy-ai-agents-to-combat-cyberattacks/

Security News | TechCrunch: Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
https://techcrunch.com/2026/04/29/sri-lanka-discloses-another-missing-payment-days-after-hackers-stole-2-5m-from-its-finance-ministry/

🦠 Malwarebytes: Microsoft won’t patch PhantomRPC: Feature or bug?
https://www.malwarebytes.com/blog/news/2026/04/microsoft-wont-patch-phantomrpc-feature-or-bug

Red Canary: How AI can streamline your security testing
https://redcanary.com/blog/testing-and-validation/ai-security-testing/

The Record from Recorded Future News: Swiss police arrest 10 suspected members of Nigeria-linked crime group Black Axe
https://therecord.media/black-axe-switzerland-germany-cyber

#InfoSec #SecurityNews