24Articles
5Categories
2026-04-05Date
πŸ› COMMON VULNERABILITIES AND EXPOSURES 16[βˆ’]
5 Apr KEVFortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMSFortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypas…THEHACKERNEWS.COM
5 AprCVE-2026-35414Information published.MSRC.MICROSOFT.COM
5 AprCVE-2026-23442 ipv6: add NULL checks for idev in SRv6 pathsInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-35535Information published.MSRC.MICROSOFT.COM
5 AprCVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`Information published.MSRC.MICROSOFT.COM
5 AprHackers exploit React2Shell in automated credential theft campaignHackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 3[βˆ’]
5 Apr36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent ImplantsCybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent im…THEHACKERNEWS.COM
5 Apr KEVNew FortiClient EMS flaw exploited in attacks, emergency patch releasedFortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
5 Apr KEVNew FortiClient EMS flaw exploited in attacks, emergency patch releasedFortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
πŸ•΅οΈ THREAT INTELLIGENCE 1[βˆ’]
5 AprWhatsApp malware campaign installs backdoorssubmitted by not_IO to securitynews 2 points | 0 comments https://www.heise.de/en/news/WhatsApp-malware-campaign-installs-backdoors-11244368.html it’s digital independence day! get your relatives off whatsappINFOSEC.PUB
πŸŽ™οΈ PODCASTS 1[βˆ’]
5 AprKiller robots are here. Now what? (Lock and Code S07E07)This week on the Lock and Code podcast, we speak with Peter Asaro about killer robots, how to stop them, and their obvious consequences.MALWAREBYTES.COM
πŸ“‘ INFOSEC NEWS 3[βˆ’]
5 AprTraffic violation scams switch to QR codes in new phishing textsScammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]BLEEPINGCOMPUTER.COM
5 Apr$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering OperationDrift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in …THEHACKERNEWS.COM