🐛 COMMON VULNERABILITIES AND EXPOSURES 18[−]
11 AprJeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI SecurityAI-Powered AppSec, OWASP Origins, and Anthropic's "Mythos" Model: Jeff Williams on What Changes Next Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integ…CYBERSECURITYTODAY.LIBSYN.COM
11 AprCVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in ResolverInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compileInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unixInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templatesInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfoInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfoInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodiesInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tarInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32281 Inefficient policy validation in crypto/x509Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/templateInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tlsInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32280 Unexpected work during chain building in crypto/x509Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compileInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/goInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
11 AprClaude and ChatGPT Exploited in Sweeping Cyber Campaign Against Government AgenciesIn a groundbreaking technical report released by Gambit Security researcher Eyal Sela, new details have emerged about a massive cyberattack targeting government infrastructure. A single threat actor successfully leveraged artificial intelligence platforms to breach nine Mexican g…GBHACKERS.COM
11 AprCitizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad DataHungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli c…THEHACKERNEWS.COM
11 AprOver 20,000 crypto fraud victims identified in international crackdownAn international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. [...]BLEEPINGCOMPUTER.COM
11 AprTwo different attackers poisoned popular open source tools - and showed us the future of supply chain compromisesubmitted by cm0002 to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/INFOSEC.PUB
🔥 INCIDENT REPORTING 2[−]
11 AprHWMonitor & CPU-Z users were exposed to malware through fake downloads after CPUID breachsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://alternativeto.net/news/2026/4/hwmonitor-and-cpu-z-users-were-exposed-to-malware-through-fake-downloads-after-cpuid-breach/INFOSEC.PUB
11 AprSecurity PSA: Popular Tools CPU-Z and HWMonitor Were Briefly Compromisedsubmitted by nemeski to cybersecurity 1 points | 0 comments https://www.techpowerup.com/348138/security-psa-popular-tools-cpu-z-and-hwmonitor-were-briefly-compromisedSH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 8[−]
11 AprCPUID site hijacked to serve malware instead of HWMonitor downloadssubmitted by cm0002 to cybersecurity 5 points | 0 comments https://www.theregister.com/2026/04/10/cpuid_site_hijacked/INFOSEC.PUB
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by Innerworld to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/INFOSEC.PUB
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by Innerworld to security 1 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/PROGRAMMING.DEV
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by Innerworld to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/SH.ITJUST.WORKS
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/INFOSEC.PUB
11 AprGoogle Locks Chrome Sessions to Devices to Stop Cookie TheftGoogle has officially launched a major security upgrade to protect users from session hijacking. Starting with Chrome version 146 for Windows users, Device Bound Session Credentials (DBSC) is now publicly available. This new feature aims to stop malware from stealing web cookies …GBHACKERS.COM
11 AprSupply chain nightmare: How Rust will be attacked and what we can do to mitigate the inevitablesubmitted by cm0002 to cybersecurity 1 points | 0 comments https://kerkour.com/rust-supply-chain-nightmareINFOSEC.PUB
11 AprAI Cybersecurity After Mythos: The Jagged Frontiersubmitted by cm0002 to cybersecurity 2 points | 0 comments https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontierINFOSEC.PUB
📡 INFOSEC NEWS 3[−]
11 AprJetzt patchen! Adobe veröffentlicht Notfall-Sicherheitsupdate für Acrobat ReaderAngreifer nutzen eine kritische Schwachstelle in Adobe Acrobat Reader aus. Nun ist ein Sicherheitspatch für macOS und Windows erschienen.HEISE.DE
11 AprEinzelhändler frustriert über strenge Regeln bei KI-KamerasEine Studie von Ibi Research und der DIHK zeigt: Händler setzen auf KI-Kameras, fühlen sich aber durch die DSGVO und mangelnde Strafverfolgung ausgebremst.HEISE.DE
11 AprUS-Regierung traf sich vor Mythos-Preview-Rollout mit KI-HerstellernVor dem Mythos-Preview-Rollout diese Woche sprachen Regierungsvertreter mit den großen KI-Herstellern. Derweil testen US-Banken die neue KI.HEISE.DE