Apple Loses Bid To Pause App Store Fee Changes and Taylor Swift Deepfakes Fuel Scams On TikTok

GitHub Fixes RCE Flaw Affecting Millions Of Private Repositories

• GitHub patches remote code execution vulnerability.
• Flaw reportedly gave access to millions of private repos.
• Update prevents unauthorized code changes by attackers.

USA, Apr 29 (TNGB) – GitHub resolved a critical remote code execution vulnerability identified as CVE-2026-3854 that could have granted attackers full read and write access to millions of private repositories on its platform and Enterprise Server instances. Researchers at Wiz discovered the flaw in March through a malicious git push command and reported it via the bug bounty program. GitHub deployed fixes to its main service within six hours with no evidence of prior exploitation, while patches for Enterprise Server versions became available immediately. Chief Information Security Officer Alexis Wales confirmed telemetry showed only test activity triggered the issue.

Major code hosting platforms require constant vigilance against sophisticated attacks.

Why This Matters: A single unpatched flaw in core development infrastructure could have exposed proprietary code from the world’s largest enterprises to unauthorized parties.

Apple Loses Bid To Pause App Store Fee Changes

• Apple fails to pause App Store fee adjustments.
• Case now heads to Supreme Court for review.
• Epic Games lawsuit challenges payment policies.

USA, Apr 29 (TNGB) – Apple lost its request to pause App Store commission changes while the Epic Games antitrust case proceeds to the U.S. Supreme Court. The company sought to maintain existing payment structures during ongoing litigation over developer fees and alternative payment options. The Supreme Court review will determine long-term rules for how app marketplaces operate and monetize software distribution in the United States.

App store rules remain under intense legal and regulatory scrutiny worldwide.

Why This Matters: Supreme Court involvement in app store policies will set precedents affecting developer revenue models and consumer app pricing for years.

CISA Orders Federal Agencies To Patch Windows Zero Day Flaw

• CISA directs immediate patching of exploited Windows flaw.
• Vulnerability allegedly used in zero day attacks.
• Federal systems face elevated risk until updated.

USA, Apr 29 (TNGB) – The Cybersecurity and Infrastructure Security Agency added CVE-2026-32202, a zero-click NTLM hash leak vulnerability, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch Windows endpoints and servers by May 12. The flaw, left after an incomplete February fix for a related remote code execution issue, enables pass-the-hash attacks and was exploited by Russian APT28 actors against targets in Ukraine and Europe last December. Microsoft included the patch in its April 2026 update cycle.

Zero day exploits demand rapid response from both public and private sectors.

Why This Matters: Unpatched Windows systems in government networks remain attractive targets for sophisticated state-sponsored actors seeking credential access and lateral movement.

Digital ID Push Risks Erosion Of Online Anonymity

• Social media rules for under 16s may require ID scans.
• Biometric verification allegedly ends anonymous internet use.
• Free speech advocates warn of broader surveillance effects.

UK, Apr 29 (TNGB) – Proposed age verification requirements for social media users under 16 could extend to all internet users through mandatory biometric face scans or government ID uploads for full platform access. Advocacy groups argue the measures, intended to protect minors, would eliminate anonymous browsing and create centralized identity databases vulnerable to misuse. Critics say implementation would fundamentally alter online expression and privacy norms across digital spaces.

Anonymity serves as a foundation for open expression in digital environments.

Why This Matters: Mandatory identity verification for everyday internet use could normalize mass surveillance and reduce the space for private or dissenting online activity.

GoDaddy Transfers 27 Year Old Domain Without Security Checks

• Customer claims GoDaddy moved domain without verification.
• Transfer allegedly occurred despite long ownership history.
• Incident raises concerns over registrar security practices.

USA, Apr 29 (TNGB) – A long-time GoDaddy customer reported that the registrar transferred a 27-year-old domain name without completing standard security verification steps, raising alarms about potential hijacking risks. The incident occurred despite the domain’s extended registration history and the owner’s established account. Such lapses at major registrars can expose businesses and individuals to sudden loss of digital assets and email services.

Domain registrars hold critical responsibility for protecting long term asset ownership.

Why This Matters: Weak verification processes at domain providers can lead to rapid theft of established online identities and associated business operations.

Spotify Outage Disrupts Service For Many Users

• Spotify experiences widespread access issues.
• Users report inability to play music or use features.
• Company works to restore full functionality quickly.

USA, Apr 29 (TNGB) – Spotify suffered a significant outage on April 29 that prevented users worldwide from streaming music, accessing playlists, and using core app features. The disruption affected both mobile and desktop clients, with users reporting error messages and failed playback attempts lasting several hours. The company worked to restore service while monitoring regional impacts across its global user base.

Reliable access remains essential for subscription based entertainment platforms.

Why This Matters: Outages at dominant streaming services interrupt daily routines for hundreds of millions of paying subscribers and highlight single points of failure in digital media consumption.

EU Accuses Meta Of Failing To Protect Children On Platforms

• EU regulators claim Meta violates child safety laws.
• Facebook and Instagram allegedly allow underage access.
• Company faces potential fines up to 6 percent of revenue.

EU, Apr 29 (TNGB) – European Union regulators determined that Meta Platforms violates digital services rules by failing to adequately prevent children from accessing Facebook and Instagram accounts. The company lacks sufficient age verification and content controls, potentially exposing minors to harmful material. Officials warned Meta could face fines reaching six percent of global annual revenue if compliance failures continue.

Social media giants face increasing accountability for youth protection worldwide.

Why This Matters: Regulatory findings against major platforms can force costly system changes and set stricter standards for protecting young users across the European market.

European Police Dismantle 50 Million Euro Crypto Investment Fraud Ring

• Authorities break up major crypto investment scam.
• Fraud ring allegedly defrauded victims across Europe.
• Operation targeted fake investment schemes.

EUROPE, Apr 29 (TNGB) – European law enforcement agencies dismantled a criminal network that defrauded investors of approximately 50 million euros through fake cryptocurrency investment platforms and Ponzi-style schemes. The operation involved coordinated raids across multiple countries, resulting in arrests and asset seizures tied to the fraudulent platforms. Investigators linked the ring to sophisticated money laundering through digital assets.

Crypto fraud continues to evolve as digital assets gain mainstream adoption.

Why This Matters: Large-scale crypto fraud operations demonstrate how digital currencies can be weaponized for cross-border financial crime, requiring enhanced international policing.

Taylor Swift Deepfakes Fuel Scams On TikTok Platform

• Deepfake videos of Taylor Swift promote fraudulent schemes.
• Scammers allegedly use AI generated content for ads.
• Users warned to verify sources before engaging.

USA, Apr 29 (TNGB) – AI-generated deepfake videos featuring Taylor Swift have appeared in scam advertisements on TikTok promoting fake products, investment opportunities, and phishing links. The realistic clips trick viewers into clicking malicious content or sharing personal information. Platform moderators and cybersecurity researchers continue efforts to detect and remove such synthetic media at scale.

Celebrity deepfakes represent a growing vector for online deception and financial harm.

Why This Matters: Convincing celebrity deepfakes erode public trust in online video content and enable scalable financial scams targeting fans and casual viewers.