MATLOCK.CA
133Articles
8Categories
2026-04-02Date
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2026-3502  TrueConf Client Download of Code Without Integrity Check Vulnerability  This type of…
KEVCISA.GOV — Thu, 02 Apr 26 1
πŸ›
Symantec DLP Agent Flaw Exposed Systems to Privilege Escalation Attacks
GBHACKERS.COM — 02 Apr 2026
πŸ›
Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass
GBHACKERS.COM — 02 Apr 2026
πŸ›
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control of Drones
GBHACKERS.COM — 02 Apr 2026
πŸ›
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution
GBHACKERS.COM — 02 Apr 2026
πŸ›
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-4046 iconv crash due to assertion failure with untrusted input
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-33554
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnace
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-33216 NATS has MQTT plaintext password disclosure
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
KEVGBHACKERS.COM — 02 Apr 2026
πŸ›
Cybersecurity in the age of instant software
CSOONLINE.COM — 02 Apr 2026
πŸ›
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
ISC.SANS.EDU — 02 Apr 2026
πŸ›
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
THEHACKERNEWS.COM — 02 Apr 2026
πŸ›
Cisco fixes critical IMC auth bypass present in many products
CSOONLINE.COM — 02 Apr 2026
πŸ›
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5289 Use after free in Navigation
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5286 Use after free in Dawn
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5287 Use after free in PDF
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5285 Use after free in WebGL
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5284 Use after free in Dawn
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5281 Use after free in Dawn
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5280 Use after free in WebCodecs
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5279 Object corruption in V8
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5292 Out of bounds read in WebCodecs
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5290 Use after free in Compositing
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5277 Integer overflow in ANGLE
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5274 Integer overflow in Codecs
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5273 Use after free in CSS
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5272 Heap buffer overflow in GPU
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
Chromium: CVE-2026-5291 Inappropriate implementation in WebGL
MSRC.MICROSOFT.COM — 02 Apr 2026
πŸ›
vSphere and BRICKSTORM Malware: A Defender's Guide
CLOUD.GOOGLE.COM — 02 Apr 2026
πŸ›
ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 02 Apr 2026
πŸ›
ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 02 Apr 2026
πŸ›
ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 02 Apr 2026
πŸ›
VU#951662: MuPDF by Artifex contains integer overflow vulnerability.
KB.CERT.ORG — 2026-04-02
⚠️
AfterPack: Claude Code's Source Didn't Leak. It Was Already Public for Years.
PROGRAMMING.DEV — 2 Apr 2026
⚠️
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
THEHACKERNEWS.COM — 02 Apr 2026
⚠️
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
Apple Releases iOS 18.7.7 Update to Defend Against DarkSword Exploit
GBHACKERS.COM — 02 Apr 2026
⚠️
NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users
GBHACKERS.COM — 02 Apr 2026
⚠️
Possible US Government iPhone Hacking Tool Leaked
SCHNEIER.COM — 2026-04-02
⚠️
Hackers exploit TrueConf zero-day to push malicious software updates
SH.ITJUST.WORKS — 2 Apr 2026
⚠️
The State of Trusted Open Source Report
THEHACKERNEWS.COM — 02 Apr 2026
⚠️
Cisco Patches Critical and High-Severity Vulnerabilities
SECURITYWEEK.COM — 02 Apr 2026
⚠️
EvilTokens abuses Microsoft device code flow for account takeovers
CSOONLINE.COM — 02 Apr 2026
⚠️
Akira-Style Ransomware Campaign Hits Windows Users Across South America
GBHACKERS.COM — 02 Apr 2026
⚠️
Matrix Protocol Surveillance and Forensic Analysis Suite
SH.ITJUST.WORKS — 2 Apr 2026
⚠️
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
ICE says it bought Paragon’s spyware to use in drug trafficking cases
TECHCRUNCH.COM — 02 Apr 2026
⚠️
Apple Rolls Out DarkSword Exploit Protection to More Devices
SECURITYWEEK.COM — 02 Apr 2026
⚠️
US Bans All Foreign-Made Consumer Routers
SCHNEIER.COM — 2026-04-02
⚠️
Critical Vulnerability in Claude Code Emerges Days After Source Leak
SECURITYWEEK.COM — 02 Apr 2026
⚠️
Google Workspace’s continuous approach to mitigating indirect prompt injections
SECURITY.GOOGLEBLOG.COM — 2026-04-02
⚠️
Claude Code leak used to push infostealer malware on GitHub
BLEEPINGCOMPUTER.COM — 02 Apr 2026
⚠️
Risks, emerging when developing or using open-source software
KASPERSKY.COM — 02 Apr 2026
⚠️
What Is A Router? (And all things AI) - PSW #920
YOUTUBE.COM — 2026-04-02
⚠️
AI Configures Vulnerabilities for You
YOUTUBE.COM — 2026-04-02
⚠️
Multiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code Execution
CISECURITY.ORG — 02 Apr 2026
⚠️
Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 02 Apr 2026
⚠️
SightHouse: Automated function identification
QUARKSLAB.COM — 2026-04-02
⚠️
Apple expands β€œDarkSword” patches to iOS 18.7.7
MALWAREBYTES.COM — 02 Apr 2026
πŸ“’
FBI Warns Chinese Mobile Apps Could Expose User Data to Cyberattacks
GBHACKERS.COM — 02 Apr 2026
πŸ“’
Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents
SECURITYWEEK.COM — 02 Apr 2026
πŸ“’
Progress security advisory (AV26-310)
CYBER.GC.CA — 2026-04-02
πŸ“’
Cesanta security advisory (AV26-311)
CYBER.GC.CA — 2026-04-02
πŸ“’
Drift loses $280 million as hackers seize Security Council powers
BLEEPINGCOMPUTER.COM — 02 Apr 2026
πŸ“’
OpenSSH security advisory (AV26-312)
CYBER.GC.CA — 2026-04-02
πŸ“’
Drift loses $280 million North Korean hackers seize Security Council powers
BLEEPINGCOMPUTER.COM — 02 Apr 2026
πŸ“’
Four security principles for agentic AI systems
AWS.AMAZON.COM — 02 Apr 2026
πŸ”₯
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
GBHACKERS.COM — 02 Apr 2026
πŸ”₯
Mercor Hit by LiteLLM Supply Chain Attack
SECURITYWEEK.COM — 02 Apr 2026
πŸ”₯
UK manufacturers under cyber fire with 80% reporting attacks β€’ The Register
SH.ITJUST.WORKS — 2 Apr 2026
πŸ”₯
250,000 Affected by Data Breach at Nacogdoches Memorial Hospital
SECURITYWEEK.COM — 02 Apr 2026
πŸ”₯
Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm
GBHACKERS.COM — 02 Apr 2026
πŸ”₯
Mercor confirms security incident tied to LiteLLM supply chain attack | The Record from Recorded Future News
SH.ITJUST.WORKS — 2 Apr 2026
πŸ”₯
Medtech giant Stryker fully operational after data-wiping attack
BLEEPINGCOMPUTER.COM — 02 Apr 2026
πŸ”₯
Crypto platform Drift suspends services after millions stolen in security incident | The Record from Recorded Future News
SH.ITJUST.WORKS — 2 Apr 2026
πŸ”₯
Threat actor abuse of AI accelerates from tool to cyberattack surface
MICROSOFT.COM — 02 Apr 2026
πŸ”₯
Telehealth giant Hims & Hers says its customer support system was hacked
TECHCRUNCH.COM — 02 Apr 2026
πŸ•΅οΈ
ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
ISC.SANS.EDU — 02 Apr 2026
πŸ•΅οΈ
News Alert: TAC Security surpasses 10,000 customers, scaling global VM and AppSec platform
LASTWATCHDOG.COM — 02 Apr 2026
πŸ•΅οΈ
Linx Security Raises $50 Million for Identity Security and Governance
SECURITYWEEK.COM — 02 Apr 2026
πŸ•΅οΈ
Remcos RAT Attack Uses Obfuscated Scripts, Trusted Windows Tools
GBHACKERS.COM — 02 Apr 2026
πŸ•΅οΈ
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
GBHACKERS.COM — 02 Apr 2026
πŸ•΅οΈ
TA416 Broadens Europe Spy Campaign With Web Bugs and Malware
GBHACKERS.COM — 02 Apr 2026
πŸ•΅οΈ
New ZAP PTK Add-On Converts Browser Security Findings Into Native ZAP Alerts
GBHACKERS.COM — 02 Apr 2026
πŸ•΅οΈ
Sophisticated CrystalX RAT Emerges
SECURITYWEEK.COM — 02 Apr 2026
πŸ•΅οΈ
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
THEHACKERNEWS.COM — 02 Apr 2026
πŸ•΅οΈ
RFQ Malware Campaign Uses DOCX, RTF, JS, and Python
GBHACKERS.COM — 02 Apr 2026
πŸ•΅οΈ
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign
GBHACKERS.COM — 02 Apr 2026
πŸ•΅οΈ
New CrystalRAT malware adds RAT, stealer and prankware features
SH.ITJUST.WORKS — 2 Apr 2026
πŸ•΅οΈ
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
THEHACKERNEWS.COM — 02 Apr 2026
πŸ•΅οΈ
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
SH.ITJUST.WORKS — 2 Apr 2026
πŸ•΅οΈ
WhatsApp malware campaign uses malicious VBS files to gain persistent access | CSO Online
SH.ITJUST.WORKS — 2 Apr 2026
πŸ•΅οΈ
Infrsatructure Attacks With Physical Consequences Down 25%
SH.ITJUST.WORKS — 2 Apr 2026
πŸ•΅οΈ
Chinese Hackers Target European Governments in Espionage Campaigns - Infosecurity Magazine
SH.ITJUST.WORKS — 2 Apr 2026
πŸ•΅οΈ
The Risk of Negative Self-Talk
YOUTUBE.COM — 2026-04-02
πŸ•΅οΈ
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
SECURITYWEEK.COM — 02 Apr 2026
πŸ•΅οΈ
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
MICROSOFT.COM — 02 Apr 2026
πŸ•΅οΈ
How to Prevent Phishing Emails by Reducing Human Risk
KNOWBE4.COM — 02 Apr 2026
πŸ•΅οΈ
From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence
ANY.RUN — 02 Apr 2026
🌐
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
THEHACKERNEWS.COM — 02 Apr 2026
🌐
How we caught the Axios supply chain attack
ELASTIC.CO — 02 Apr 2026
🌐
Hooked on Linux: Rootkit Detection Engineering
ELASTIC.CO — 02 Apr 2026
🌐
Malwarebytes Privacy VPN receives full third-party audit
MALWAREBYTES.COM — 02 Apr 2026
πŸ“‘
Microsoft links Classic Outlook issue to email delivery problems
BLEEPINGCOMPUTER.COM — 02 Apr 2026
πŸ“‘
Critical Cisco IMC auth bypass gives attackers Admin access
BLEEPINGCOMPUTER.COM — 02 Apr 2026
πŸ“‘
Suggested organizational security and privacy control and activity profile β€” Medium impact (ITSP.10.033-01)
CYBER.GC.CA — 2026-04-02
πŸ“‘
Bulletin de sΓ©curitΓ© WatchGuard (AV26-309)
CYBER.GC.CA — 2026-04-02
πŸ“‘
Residential proxies evaded IP reputation checks in 78% of 4B sessions
BLEEPINGCOMPUTER.COM — 02 Apr 2026
πŸ“‘
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
TECHCRUNCH.COM — 02 Apr 2026
πŸ“‘
Latin America and the Caribbean Cybercrime Landscape
RECORDEDFUTURE.COM — 02 Apr 2026
πŸ“‘
Prioritizing Alerts Triage with Higher-Order Detection Rules
ELASTIC.CO — 02 Apr 2026