The Oracle Red Bull Racing Formula One team has implemented identity and access management automation tools to speed up operations while maintaining security across thousands of servers and team members. The new system reduced wind tunnel recovery time from one hour to just two minutes and centralized credential access for over one hundred service accounts, allowing engineers to quickly troubleshoot issues that previously required lengthy manual investigations. The improvements help the team protect proprietary car design secrets from competitors while maintaining the rapid pace essential to Formula One racing, where they're limited to just 500 hours annually for regulated wind tunnel testing.

Google and Mozilla have released major security updates for their browsers, with Chrome 147 patching thirty vulnerabilities including four critical use-after-free flaws that could allow arbitrary code execution, earning external researchers thirty thousand dollars in bug bounties. Firefox 150 addresses four security defects including critical memory safety bugs that Mozilla says could potentially be exploited to run malicious code, with fixes also rolling out to Firefox Extended Support Release versions.

Security researchers have discovered 38 vulnerabilities in OpenEMR, an open-source medical records platform used by over 100,000 healthcare providers worldwide to manage data for more than 200 million patients. The flaws, which have now been patched, included critical SQL injection bugs that could have allowed authenticated attackers to steal patient information, compromise databases, and execute malicious code on servers, though there's no evidence of real-world exploitation. Most vulnerabilities stemmed from authorization issues, with additional problems including cross-site scripting and path traversal flaws.

The Iranian cyber group Handala, linked to Iran's Ministry of Intelligence and Security, has launched an intimidation campaign targeting US troops stationed in Bahrain through WhatsApp messages claiming the service members are under surveillance and will soon face drone and missile attacks. The group, which has been active since 2008, recently published personal information of over 2,300 US Marines and has escalated its operations from attacking Israeli infrastructure to directly threatening US military personnel and institutions. The US government has posted a 10 million dollar reward for information leading to the identification and arrest of Handala members, following their disruptive attacks on organizations including medical technology giant Stryker and the personal Gmail account of FBI Director Kash Patel.

Checkmarx has confirmed that attackers stole 96 gigabytes of data during last month's supply chain attack on its KICS open source project, including source code, employee databases, API keys, and database credentials. The breach, attributed to the TeamPCP hacking group with potential ties to the Lapsus$ extortion gang, began when hackers compromised Checkmarx's GitHub environment through credentials stolen in the earlier Trivy attack and poisoned multiple plugins and workflows. Despite remediation efforts including revoking credentials and removing malicious packages, the attackers regained access in late April and published another round of malicious code, also compromising the popular Bitwarden command-line interface package.

Cybersecurity firm Forescout has discovered that hundreds of industrial control systems and operational technology environments are dangerously exposed to the internet through unsecured VNC and RDP servers. Their research found 670 VNC servers providing direct access to ICS and OT control panels without any authentication, with nearly 60,000 VNC servers total lacking password protection and over 19,000 RDP servers vulnerable to the notorious BlueKeep exploit. The threat is already active, as Russia-linked hackers and the Redheberg botnet have been actively targeting these exposed systems, with recent attacks on water facilities in Israel and a groundwater pumping station.

A critical SQL injection vulnerability in the open source AI gateway LiteLLM was exploited just 36 hours after being indexed in GitHub's advisory database on April 24th. The flaw, rated 9.3 out of 10 in severity, allowed unauthenticated attackers to access database tables containing API keys and provider credentials by sending a specially crafted authorization header during the proxy's key verification process. LiteLLM has released a patched version, and while the attacks were automated and precisely targeted, security firm Sysdig says the extracted credentials have not been abused so far.

CISA has added new ConnectWise and Windows vulnerabilities to its Known Exploited Vulnerabilities catalog, confirming they are being actively exploited in the wild. Federal agencies are now required to patch these flaws within a specified deadline to protect their networks. The additions highlight ongoing risks to both enterprise software and the Windows operating system, as threat actors continue to target known security weaknesses.

A critical authentication vulnerability has been identified in cPanel, prompting security experts to urge immediate server updates. The flaw represents a serious security risk that could allow unauthorized access to systems running the popular web hosting control panel. Administrators are being advised to patch their servers without delay to prevent potential exploitation of this authentication bypass vulnerability.

A new report from Zscaler ThreatLabz warns that VPNs have become a major vulnerability, with AI-powered attacks now moving so quickly through remote access points that they've effectively collapsed the window for human response. The research suggests that traditional VPN infrastructure is struggling to keep pace with AI-driven threats, making remote access one of the fastest routes to security breaches in modern enterprise networks.