matlock.ca // THREAT INTELLIGENCE

124Articles

8Categories

2026-04-07Date

🚨

CISA Alerts Defenders to Actively Exploited Fortinet Zero-Day VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that t…

KEVGBHACKERS.COM — 07 Apr 2026

🐛

50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE

GBHACKERS.COM — 07 Apr 2026

🐛

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

THEHACKERNEWS.COM — 07 Apr 2026

🐛

CVE-2026-35386

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-31407 netfilter: conntrack: add missing netlink policy validations

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-35388

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-35387

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-35385

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

CVE-2026-31408 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

MSRC.MICROSOFT.COM — 07 Apr 2026

🐛

Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed

KEVGBHACKERS.COM — 07 Apr 2026

🐛

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

THEHACKERNEWS.COM — 07 Apr 2026

🐛

Max severity Flowise RCE vulnerability now exploited in attacks

BLEEPINGCOMPUTER.COM — 07 Apr 2026

🐛

AL26-007 - Vulnerability impacting Fortinet FortiClientEMS - CVE-2026-35616

CYBER.GC.CA — 2026-04-07

🐛

Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw

CSOONLINE.COM — 07 Apr 2026

⚠️

North Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New Allegations

CYBERSECURITYTODAY.LIBSYN.COM — 07 Apr 2026

⚠️

Windows Defender 0-Day Published Online, Giving Attackers Potential Full Access

GBHACKERS.COM — 07 Apr 2026

⚠️

Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware

GBHACKERS.COM — 07 Apr 2026

⚠️

172: SuperBox

DARKNETDIARIES.COM — 07 Apr 2026

⚠️

Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns

GBHACKERS.COM — 07 Apr 2026

⚠️

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

THEHACKERNEWS.COM — 07 Apr 2026

⚠️

Life imprisonment for Cambodian scam compound operators – but will it make a difference?

BITDEFENDER.COM — 07 Apr 2026

⚠️

The rise of proactive cyber: Why defense is no longer enough

CSOONLINE.COM — 07 Apr 2026

⚠️

The noisy tenants: Engineering fairness in multi-tenant SIEM solutions

CSOONLINE.COM — 07 Apr 2026

⚠️

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - ASW #377

YOUTUBE.COM — 2026-04-07

⚠️

Critical Android Flaw Allows Zero-Interaction Denial-of-Service Attacks

GBHACKERS.COM — 07 Apr 2026

⚠️

Hong Kong Police Can Force You to Reveal Your Encryption Keys

SCHNEIER.COM — 2026-04-07

⚠️

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

THEHACKERNEWS.COM — 07 Apr 2026

⚠️

Supply chain security is now a board-level issue: Here’s what CSOs need to know

CSOONLINE.COM — 07 Apr 2026

⚠️

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

SH.ITJUST.WORKS — 7 Apr 2026

⚠️

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

SECURITYWEEK.COM — 07 Apr 2026

⚠️

Hackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 Hours

GBHACKERS.COM — 07 Apr 2026

⚠️

Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks

CSOONLINE.COM — 07 Apr 2026

⚠️

Fake Gemini npm Package Steals AI Tool Tokens

GBHACKERS.COM — 07 Apr 2026

⚠️

GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access

GBHACKERS.COM — 07 Apr 2026

⚠️

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

THEHACKERNEWS.COM — 07 Apr 2026

⚠️

Zero‑click Grafana AI attack can enable enterprise data exfiltration

CSOONLINE.COM — 07 Apr 2026

⚠️

Campaign Mode: Because Your SOC Team Has a Life

KNOWBE4.COM — 07 Apr 2026

⚠️

Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published

GBHACKERS.COM — 07 Apr 2026

⚠️

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

THEHACKERNEWS.COM — 07 Apr 2026

⚠️

CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code Execution

GBHACKERS.COM — 07 Apr 2026

⚠️

GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

SECURITYWEEK.COM — 07 Apr 2026

⚠️

Trump administration plans to cut cybersecurity agency’s budget by $700 million

TECHCRUNCH.COM — 07 Apr 2026

⚠️

Why Your Automated Pentesting Tool Just Hit a Wall

BLEEPINGCOMPUTER.COM — 07 Apr 2026

⚠️

Severe StrongBox Vulnerability Patched in Android

SECURITYWEEK.COM — 07 Apr 2026

⚠️

One Click Took Down the Supply Chain

YOUTUBE.COM — 2026-04-07

⚠️

Critical Flowise Vulnerability in Attacker Crosshairs

SECURITYWEEK.COM — 07 Apr 2026

⚠️

Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins

BLEEPINGCOMPUTER.COM — 07 Apr 2026

⚠️

Milking the last drop of Intego - Time for Windows to get its LPE

QUARKSLAB.COM — 2026-04-07

⚠️

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

THEHACKERNEWS.COM — 07 Apr 2026

⚠️

A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)

ISC.SANS.EDU — 07 Apr 2026

⚠️

5 steps to strengthen supply chain security and improve cyber resilience

CSOONLINE.COM — 07 Apr 2026

⚠️

5 ways to strengthen identity security and improve attack resilience

CSOONLINE.COM — 07 Apr 2026

⚠️

5 practical steps to strengthen attack resilience with attack surface management

KEVCSOONLINE.COM — 07 Apr 2026

⚠️

AI Found and Exploited Bugs Automatically

YOUTUBE.COM — 2026-04-07

⚠️

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

CISECURITY.ORG — 07 Apr 2026

⚠️

Hackers exploit critical flaw in Ninja Forms WordPress plugin

BLEEPINGCOMPUTER.COM — 07 Apr 2026

⚠️

What Anthropic Glasswing reveals about the future of vulnerability discovery

CSOONLINE.COM — 07 Apr 2026

⚠️

What we learned about TEE security from auditing WhatsApp's Private Inference

TRAILOFBITS.COM — 07 Apr 2026

⚠️

ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild

ANY.RUN — 07 Apr 2026

📢

White House Seeks to Slash CISA Funding by $707 Million

SECURITYWEEK.COM — 07 Apr 2026

📢

Fortinet security advisory (AV26-313)

CYBER.GC.CA — 2026-04-07

📢

Android security advisory – April 2026 monthly rollup (AV26-314)

CYBER.GC.CA — 2026-04-07

📢

Microsoft Edge security advisory (AV26-315)

CYBER.GC.CA — 2026-04-07

📢

IBM security advisory (AV26-316)

CYBER.GC.CA — 2026-04-07

📢

Ubuntu security advisory (AV26-317)

CYBER.GC.CA — 2026-04-07

📢

Red Hat security advisory (AV26-318)

CYBER.GC.CA — 2026-04-07

📢

VMware security advisory (AV26-319)

CYBER.GC.CA — 2026-04-07

📢

Iranian hackers are targeting American critical infrastructure, U.S. agencies warn

TECHCRUNCH.COM — 07 Apr 2026

📢

Erlang security advisory (AV26-320)

CYBER.GC.CA — 2026-04-07

📢

Hitachi security advisory (AV26-321)

CYBER.GC.CA — 2026-04-07

📢

Dell security advisory (AV26-322)

CYBER.GC.CA — 2026-04-07

📢

[Control systems] CISA ICS security advisories (AV26–324)

CYBER.GC.CA — 2026-04-07

📢

Mozilla security advisory (AV26-323)

CYBER.GC.CA — 2026-04-07

🔥

Weekly Update 498

TROYHUNT.COM — 07 Apr 2026

🔥

German Police Unmask REvil Ransomware Leader

SECURITYWEEK.COM — 07 Apr 2026

🔥

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack

SECURITYWEEK.COM — 07 Apr 2026

🔥

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

SH.ITJUST.WORKS — 7 Apr 2026

🔥

The Hidden Cost of Recurring Credential Incidents

THEHACKERNEWS.COM — 07 Apr 2026

🔥

Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts

GBHACKERS.COM — 07 Apr 2026

🔥

New GPUBreach attack enables system takeover via GPU rowhammer

SH.ITJUST.WORKS — 7 Apr 2026

🔥

The dangers of telehealth: data breaches, phishing, and spam | Kaspersky official blog

KASPERSKY.COM — 07 Apr 2026

🔥

German authorities identify REvil and GandCrab ransomware bosses

SH.ITJUST.WORKS — 7 Apr 2026

🔥

AI for Human Risk Management Shift to Adaptive Behavior Based Training

KNOWBE4.COM — 07 Apr 2026

🔥

Russia Hacked Routers to Steal Microsoft Office Tokens

KREBSONSECURITY.COM — 07 Apr 2026

🔥

Snowflake customers hit in data theft attacks after SaaS integrator breach

BLEEPINGCOMPUTER.COM — 07 Apr 2026

🔥

FBI: Americans lost a record $21 billion to cybercrime last year

BLEEPINGCOMPUTER.COM — 07 Apr 2026

🔥

Support platform breach exposes Hims & Hers customer data

MALWAREBYTES.COM — 07 Apr 2026

🕵️

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

THEHACKERNEWS.COM — 07 Apr 2026

🕵️

ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)

ISC.SANS.EDU — 07 Apr 2026

🕵️

Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers

GBHACKERS.COM — 07 Apr 2026

🕵️

Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack

SECURITYWEEK.COM — 07 Apr 2026

🕵️

New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images

GBHACKERS.COM — 07 Apr 2026

🕵️

Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign

GBHACKERS.COM — 07 Apr 2026

🕵️

Fake Installers Spread RATs, Monero Miners in Ongoing Malware Campaign

GBHACKERS.COM — 07 Apr 2026

🕵️

Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows

GBHACKERS.COM — 07 Apr 2026

🕵️

FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense

LASTWATCHDOG.COM — 07 Apr 2026

🕵️

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

SH.ITJUST.WORKS — 7 Apr 2026

🕵️

Guardarian Users Targeted With Malicious Strapi NPM Packages - SecurityWeek

SH.ITJUST.WORKS — 7 Apr 2026

🕵️

BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics

GBHACKERS.COM — 07 Apr 2026

🕵️

Webinar Today: Why Automated Pentesting Alone Is Not Enough

SECURITYWEEK.COM — 07 Apr 2026

🕵️

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

MICROSOFT.COM — 07 Apr 2026

🕵️

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

TRENDMICRO.COM — 07 Apr 2026

🕵️

CyberheistNews Vol 16 #14 [Heads Up] Clever Hackers Use Custom Fonts to Bypass AI Defenses

KNOWBE4.COM — 07 Apr 2026

🕵️

The New Rules of Engagement: Matching Agentic Attack Speed

SECURITYWEEK.COM — 07 Apr 2026

🕵️

Trent AI Emerges From Stealth With $13 Million in Funding

SECURITYWEEK.COM — 07 Apr 2026

🕵️

Bounty Available (>$2,000) for QubesOS BusKill package

SH.ITJUST.WORKS — 7 Apr 2026

🕵️

Russian government hackers broke into thousands of home routers to steal passwords

TECHCRUNCH.COM — 07 Apr 2026

🕵️

Bounty Available (>$2,000) for QubesOS BusKill package

PROGRAMMING.DEV — 7 Apr 2026

🕵️

US warns of Iranian hackers targeting critical infrastructure

BLEEPINGCOMPUTER.COM — 07 Apr 2026

🕵️

Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks

SECURITYWEEK.COM — 07 Apr 2026

🕵️

Cthullu, BlueHammer, NK, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland - SWN #570

YOUTUBE.COM — 2026-04-07

🕵️

The AI Chip War Explained

YOUTUBE.COM — 2026-04-07

🕵️

As breakout time accelerates, prevention-first cybersecurity takes center stage

WELIVESECURITY.COM — 07 Apr 2026

🕵️

Palo Alto Networks at Nutanix .NEXT 2026

PALOALTONETWORKS.COM — 07 Apr 2026

🕵️

Building AI defenses at scale: Before the threats emerge

AWS.AMAZON.COM — 07 Apr 2026

🌐

Supply chain integrity risk assessments: Evaluation criteria (ITSAP.10.071)

CYBER.GC.CA — 2026-04-07

📡

Cybersecurity in the Age of Instant Software

SCHNEIER.COM — 2026-04-07

📡

Anthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiative

TECHCRUNCH.COM — 07 Apr 2026

📡

Cloudflare targets 2029 for full post-quantum security

CLOUDFLARE.COM — 07 Apr 2026

📡

Traffic violation scams swap links for QR codes to steal your card details

MALWAREBYTES.COM — 07 Apr 2026