MATLOCK.CA
141Articles
10Categories
2026-04-15Date
🚨
Risky Business #833 -- The Great Mythos Freakout of 2026On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet CISA adds a 2009 Excel bug to the KEV list, u wot? Adobe also parties like it…
KEVRISKY.BIZ — 15 Apr 2026
🚨
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and …
KEVSECURITYAFFAIRS.COM — 15 Apr 2026
🐛
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
KEVCSOONLINE.COM — 15 Apr 2026
🐛
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
KEVSECURITYAFFAIRS.COM — 15 Apr 2026
🐛
CVE-2026-33555
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5194 wolfSSL ECDSA Certificate Verification
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5264 DTLS 1.3 ACK heap buffer overflow
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
Microsoft Warns of Actively Exploited SharePoint Server Zero-Day
KEVGBHACKERS.COM — 15 Apr 2026
🐛
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
MSRC.MICROSOFT.COM — 15 Apr 2026
🐛
Windows Active Directory Flaw Opens Door to Malicious Code Execution
GBHACKERS.COM — 15 Apr 2026
🐛
Copilot and Agentforce fall to form-based prompt injection tricks
CSOONLINE.COM — 15 Apr 2026
🐛
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
KEVTHEHACKERNEWS.COM — 15 Apr 2026
🐛
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
THEHACKERNEWS.COM — 15 Apr 2026
🐛
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
KEVSECURITYAFFAIRS.COM — 15 Apr 2026
🐛
Critical nginx UI tool vulnerability opens web servers to full compromise
CSOONLINE.COM — 15 Apr 2026
⚠️
Curity looks to reinvent IAM with runtime authorization for AI agents
CSOONLINE.COM — 15 Apr 2026
⚠️
North Korean Spies DM You On Facebook
CYBERSECURITYTODAY.LIBSYN.COM — 15 Apr 2026
⚠️
Top 10 Best Passwordless Authentication Solutions in 2026
GBHACKERS.COM — 15 Apr 2026
⚠️
13 Fragen gegen Drittanbieterrisiken
CSOONLINE.COM — 15 Apr 2026
⚠️
Microsoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-Day
KEVGBHACKERS.COM — 15 Apr 2026
⚠️
OpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware Analysis
GBHACKERS.COM — 15 Apr 2026
⚠️
Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions
GBHACKERS.COM — 15 Apr 2026
⚠️
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
CSOONLINE.COM — 15 Apr 2026
⚠️
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
THEHACKERNEWS.COM — 15 Apr 2026
⚠️
Hackers Exploit Hidden Microsoft 365 Mailbox Rules to Steal Sensitive Business Emails
GBHACKERS.COM — 15 Apr 2026
⚠️
PHP Composer flaws enable remote command execution via Perforce VCS
SECURITYAFFAIRS.COM — 15 Apr 2026
⚠️
The need for a board-level definition of cyber resilience
CSOONLINE.COM — 15 Apr 2026
⚠️
Credit Resources Vault: Why this credit email set off our scam alarms
MALWAREBYTES.COM — 15 Apr 2026
⚠️
The deepfake dilemma: From financial fraud to reputational crisis
CSOONLINE.COM — 15 Apr 2026
⚠️
April Patch Tuesday fixes two zero-days, including one under active attack
MALWAREBYTES.COM — 15 Apr 2026
⚠️
Hackers Abuse Google Cloud Storage to Slip Remcos RAT Past Email Filters
GBHACKERS.COM — 15 Apr 2026
⚠️
MuddyWater-Style Hackers Probe 12,000+ Systems Ahead of Middle East
GBHACKERS.COM — 15 Apr 2026
⚠️
Unlocking foundational visibility for cyber-physical systems with OT vulnerability management
TENABLE.COM — 15 Apr 2026
⚠️
Top 10 Best Application Security Testing Companies in 2026
GBHACKERS.COM — 15 Apr 2026
⚠️
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities - SecurityWeek
SH.ITJUST.WORKS — 15 Apr 2026
⚠️
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
SH.ITJUST.WORKS — 15 Apr 2026
⚠️
wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update Now!
SH.ITJUST.WORKS — 15 Apr 2026
⚠️
EFF urges state probe into Google over undisclosed data sharing with ICE
CYBERINSIDER.COM — 15 Apr 2026
⚠️
Patch Tuesday notes: Microsoft addresses two zero-days.
THECYBERWIRE.COM — 15 Apr 2026
⚠️
Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days
TECHREPUBLIC.COM — 15 Apr 2026
⚠️
A heavy patch Tuesday lands.
THECYBERWIRE.COM — 15 Apr 2026
⚠️
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying
GRAHAMCLULEY.COM — 15 Apr 2026
📋
Fortinet Fixes 11 Security Flaws Affecting FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager
GBHACKERS.COM — 15 Apr 2026
📋
Microsoft Rolls Out KB5083769 Update for Windows 11 24H2 and 25H2
GBHACKERS.COM — 15 Apr 2026
📢
Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness
ANY.RUN — 15 Apr 2026
📢
Michigan’s New Bill Takes Aim at AI Employee Surveillance
TECHREPUBLIC.COM — 15 Apr 2026
📢
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
THEHACKERNEWS.COM — 15 Apr 2026
📢
Google, Microsoft, Meta Accused of Tracking Users Even After Privacy Opt-Out
GBHACKERS.COM — 15 Apr 2026
📢
Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
TECHCRUNCH.COM — 15 Apr 2026
🔥
'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison
SH.ITJUST.WORKS — 15 Apr 2026
🔥
JanaWare Ransomware Hits Turkish Users via Customized Adwind RAT
GBHACKERS.COM — 15 Apr 2026
🔥
Not All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast - BSW #443
YOUTUBE.COM — 2026-04-15
🔥
Trusted WordPress Plugins Hijacked in 8-Month Stealth Backdoor Campaign
GBHACKERS.COM — 15 Apr 2026
🔥
Comcast’s $117.5M Breach Settlement: Up to 30M People May Qualify
TECHREPUBLIC.COM — 15 Apr 2026
🔥
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
ISC.SANS.EDU — 15 Apr 2026
🕵️
ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)
ISC.SANS.EDU — 15 Apr 2026
🕵️
Dragon Boss Solutions Supply Chain Attack Exposes 25,000+ Endpoints
GBHACKERS.COM — 15 Apr 2026
🕵️
FUNNULL Scam Network Resurfaces With 175+ Rotating Domains Worldwide
GBHACKERS.COM — 15 Apr 2026
🕵️
Agentic LLM Browsers Open New Front in Prompt Injection, Data Theft
GBHACKERS.COM — 15 Apr 2026
🕵️
Fiverr exposes sensitive data via public URLs indexed by Google
CYBERINSIDER.COM — 15 Apr 2026
🕵️
Get This Fast and Powerful Lenovo ThinkPad for $1,000 Off
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Defense in Depth, Medieval Style
SCHNEIER.COM — 2026-04-15
🕵️
Your AI Hiring Tools Are Now a Civil Rights Liability in Illinois
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Google Uses Rust-Based Firmware in Pixel 10 Modem to Improve Memory Safety
GBHACKERS.COM — 15 Apr 2026
🕵️
The n8n n8mare: How threat actors are misusing AI workflow automation
TALOSINTELLIGENCE.COM — 15 Apr 2026
🕵️
Top 10 Best API Security Providers Protecting Web Apps in 2026
GBHACKERS.COM — 15 Apr 2026
🕵️
Google Photos Fixes Android Image Editing Tool: Here’s What Changed
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
This $60 AI Assistant Aims to Consolidate Your Daily Work Tools
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Why CSOs Fail the Business
YOUTUBE.COM — 2026-04-15
🕵️
Dependency cooldowns turn you into a free-rider
PROGRAMMING.DEV — 15 Apr 2026
🕵️
Testing reveals Claude Mythos's offensive capabilities and limits - Help Net Security
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
Malicious Chrome Extensions Campaign Exposes User Data - Infosecurity Magazine
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
WhatsApp New Update Lets You Chat Without Sharing Your Phone Number
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Microsoft Takes Over Key Stargate Site in Latest OpenAI Pullback
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Kraken Exchange Faces Extortion After Insider Recorded System Footage
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
SH.ITJUST.WORKS — 15 Apr 2026
🕵️
Google to penalize “back button hijacking” starting June 2026
CYBERINSIDER.COM — 15 Apr 2026
🕵️
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
THEHACKERNEWS.COM — 15 Apr 2026
🕵️
AI Zuckerberg Runs the Company
YOUTUBE.COM — 2026-04-15
🕵️
Cybersecurity Looks Like Proof of Work Now
PROGRAMMING.DEV — 15 Apr 2026
🕵️
Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
YouTube Will Show Fewer Livestream Ads During Purchases and Chat Spikes
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
SS&C Intralinks DealCentre AI vs. Datasite: Which platform is built for the future of dealmaking?
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
News Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption security
LASTWATCHDOG.COM — 15 Apr 2026
🕵️
Tech Layoffs Continue: Snap Cuts 1,000 Jobs, Citing ‘Rapid Advancements’ in AI
TECHREPUBLIC.COM — 15 Apr 2026
🕵️
Security Became the Business Nexus
YOUTUBE.COM — 2026-04-15
🌐
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
MALWAREBYTES.COM — 15 Apr 2026
🌐
Mirax malware campaign hits 220K accounts, enables full remote control
SECURITYAFFAIRS.COM — 15 Apr 2026
🌐
Threat landscape for industrial automation systems in Q4 2025
SECURELIST.COM — 15 Apr 2026
🌐
Nach Anthropic Mythos: OpenAI kündigt GPT-5.4-Cyber an
HEISE.DE — 2026-04-15
🎙️
Human-centered security in an AI world with Johnny Hand from TrendAI
THECYBERWIRE.COMHTTPS: — 15 Apr 2026
📡
Weekly Threat Bulletin – April 15th, 2026
F5.COM — 15 Apr 2026
📡
Azure-Hosted Scanning Cluster Launches WordPress Webshell Discovery Campaign
F5.COM — 15 Apr 2026
📡
Scanning for AI Models, (Tue, Apr 14th)
ISC.SANS.EDU — 15 Apr 2026
📡
What Founders Get Wrong About Early Marketing with Merav Ben Avi, VP of Marketing at YL Ventures
THECYBERWIRE.COM — 15 Apr 2026
📡
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
THEHACKERNEWS.COM — 15 Apr 2026
📡
Fortinet stopft 18 Sicherheitslecks
HEISE.DE — 2026-04-15
📡
Patchday: Angreifer attackieren Edge und Microsoft SharePoint Server
HEISE.DE — 2026-04-15
📡
Warnung vor Attacken auf 17 Jahre alte Excel-Lücke
HEISE.DE — 2026-04-15
📡
Adobe-Patchday: Kritische Schadcode-Lücken bedrohen Photoshop & Co.
HEISE.DE — 2026-04-15
📡
Bugs ohne Bounty: Eclipse Foundation startet Sicherheitsprogramm für Open VSX
HEISE.DE — 2026-04-15
📡
Microsoft Office 2021: Support endet am 13. Oktober 2026
HEISE.DE — 2026-04-15
📡
„Passwort“ Folge 55: News mit Claude-Code-Klau, PKI-Oopsies und Quantenturbo
HEISE.DE — 2026-04-15
📡
Raspberry Pi OS 6.2: Update verspricht mehr Sicherheit
HEISE.DE — 2026-04-15
📡
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
BITDEFENDER.COM — 15 Apr 2026
📡
WireGuard: Update für Windows-Client nach vier Jahren
HEISE.DE — 2026-04-15
📡
Fake YouTube copyright notices can steal your Google login
MALWAREBYTES.COM — 15 Apr 2026
📡
OpenSSL 4.0 verschlüsselt, was TLS bisher verraten hat
HEISE.DE — 2026-04-15
📡
Überwachung weltweit: Bundesregierung winkt UN-Cybercrime-Konvention durch
HEISE.DE — 2026-04-15
📡
21. BSI-Sicherheitskongress: NIS-2-Umsetzung weit hinter den Erwartungen
HEISE.DE — 2026-04-15
📡
Identität bleibt geheim: EU-App für Altersnachweis kommt
HEISE.DE — 2026-04-15
📡
Spotting cyberthreats: a guide for blind and low-vision users | Kaspersky official blog
KASPERSKY.COM — 15 Apr 2026
📡
AI clickbait can turn your notifications into a scam feed
MALWAREBYTES.COM — 15 Apr 2026
📡
Cisco intends to acquire AI observability and evaluation platform provider Galileo
THECYBERWIRE.COM — 15 Apr 2026