matlock.ca // THREAT INTELLIGENCE

134Articles

9Categories

2026-04-17Date

🚨

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active ExploitationA recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CV…

KEVTHEHACKERNEWS.COM — 17 Apr 2026

🚨

U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score o…

KEVSECURITYAFFAIRS.COM — 17 Apr 2026

🐛

Cisco Warns Webex Customers Of Critical SSO Problem

CYBERSECURITYTODAY.LIBSYN.COM — 17 Apr 2026

🐛

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

THEHACKERNEWS.COM — 17 Apr 2026

🐛

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-35469 SpdyStream: DOS on CRI

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-41035

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution

GBHACKERS.COM — 17 Apr 2026

🐛

Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face

GBHACKERS.COM — 17 Apr 2026

🐛

Another Microsoft Defender privilege escalation bug emerges days after patch

CSOONLINE.COM — 17 Apr 2026

🐛

TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks

GBHACKERS.COM — 17 Apr 2026

🐛

NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities - Infosecurity Magazine

SH.ITJUST.WORKS — 17 Apr 2026

🐛

Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6363 Type Confusion in V8

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6359 Use after free in Video

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6364 Out of bounds read in Skia

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6362 Use after free in Codecs

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6314 Out of bounds write in GPU

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6318 Use after free in Codecs

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6361 Heap buffer overflow in PDFium

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6310 Use after free in Dawn

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6360 Use after free in FileSystem

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6316 Use after free in Forms

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6309 Use after free in Viz

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6311 Uninitialized Use in Accessibility

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6307 Type Confusion in Turbofan

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6306 Heap buffer overflow in PDFium

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6303 Use after free in Codecs

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6308 Out of bounds read in Media

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6302 Use after free in Video

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6300 Use after free in CSS

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6304 Use after free in Graphite

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6305 Heap buffer overflow in PDFium

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6301 Type Confusion in Turbofan

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6317 Use after free in Cast

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6298 Heap buffer overflow in Skia

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6297 Use after free in Proxy

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Chromium: CVE-2026-6299 Use after free in Prerender

MSRC.MICROSOFT.COM — 17 Apr 2026

🐛

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

CSOONLINE.COM — 17 Apr 2026

⚠️

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

THEHACKERNEWS.COM — 17 Apr 2026

⚠️

Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain

GBHACKERS.COM — 17 Apr 2026

⚠️

Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters

GBHACKERS.COM — 17 Apr 2026

⚠️

Google Deploys Gemini AI to Stop Threat Actors, Blocking 8.3 Billion Ads

GBHACKERS.COM — 17 Apr 2026

⚠️

Amtrak - 2,147,679 breached accounts

HAVEIBEENPWNED.COM — 17 Apr 2026

⚠️

Local area network anonymity hardening tool for Linux

SH.ITJUST.WORKS — 17 Apr 2026

⚠️

Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances

CSOONLINE.COM — 17 Apr 2026

⚠️

Mythos and Cybersecurity

SCHNEIER.COM — 2026-04-17

⚠️

Tails 7.6.2 patches vulnerability that could expose saved files - Help Net Security

SH.ITJUST.WORKS — 17 Apr 2026

⚠️

We beat Google’s zero-knowledge proof of quantum cryptanalysis

TRAILOFBITS.COM — 17 Apr 2026

⚠️

SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool

GBHACKERS.COM — 17 Apr 2026

⚠️

Operation PowerOFF Knocks Out 75,000 DDoS Attackers and Over 50 Service Domains

GBHACKERS.COM — 17 Apr 2026

⚠️

White House moves to give federal agencies access to Anthropic’s Claude Mythos

CSOONLINE.COM — 17 Apr 2026

⚠️

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

SH.ITJUST.WORKS — 17 Apr 2026

⚠️

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

KEVTHEHACKERNEWS.COM — 17 Apr 2026

⚠️

PowMix botnet targets Czech workforce

SH.ITJUST.WORKS — 17 Apr 2026

⚠️

Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

SECURITYAFFAIRS.COM — 17 Apr 2026

⚠️

Pen Test Took Down Campus WiFi

YOUTUBE.COM — 2026-04-17

⚠️

We Reproduced Anthropic's Mythos Findings With Public Models

PROGRAMMING.DEV — 17 Apr 2026

⚠️

Inditex confirms third-party breach as hackers threaten Zara data leak

CYBERINSIDER.COM — 17 Apr 2026

⚠️

New “RedSun” Windows Defender zero-day exploited in the wild

KEVCYBERINSIDER.COM — 17 Apr 2026

⚠️

Hackers are abusing unpatched Windows security flaws to hack into organizations

TECHCRUNCH.COM — 17 Apr 2026

⚠️

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

KEVINFOSEC.PUB — 17 Apr 2026

⚠️

Flawed Cisco update threatens to stop APs from getting further patches

CSOONLINE.COM — 17 Apr 2026

⚠️

Temporary fix for Section 702.

KEVTHECYBERWIRE.COM — 17 Apr 2026

⚠️

Securing autonomous AI at scale with Arvind (Nitro) Nithrakashyap from Rubrik

THECYBERWIRE.COMHTTPS: — 17 Apr 2026

📢

With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance

TECHCRUNCH.COM — 17 Apr 2026

📢

US House extends FISA Section 702 for ten days.

THECYBERWIRE.COM — 17 Apr 2026

🔥

Payouts King Emerges: New Ransomware Operation Tied to Ex-BlackBasta Members

GBHACKERS.COM — 17 Apr 2026

🔥

108 Chrome extensions caught stealing user data and hijacking sessions

INFOSEC.PUB — 17 Apr 2026

🔥

“Your shipment has arrived” email hides remote access software

MALWAREBYTES.COM — 17 Apr 2026

🔥

Data breach at edtech giant McGraw Hill affects 13.5 million accounts

SH.ITJUST.WORKS — 17 Apr 2026

🔥

Industrial Systems Hit by New Email-Worm Threat Wave

GBHACKERS.COM — 17 Apr 2026

🔥

Amtrak data breach exposed information of 2.1 million accounts

CYBERINSIDER.COM — 17 Apr 2026

🔥

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech

TECHREPUBLIC.COM — 17 Apr 2026

🔥

Man who hacked US Supreme Court filing system sentenced to probation

TECHCRUNCH.COM — 17 Apr 2026

🔥

Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

SECURITYAFFAIRS.COM — 17 Apr 2026

🕵️

ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)

ISC.SANS.EDU — 17 Apr 2026

🕵️

Hackers Deploy ATHR for Scalable AI-Driven Vishing and Credential Theft

GBHACKERS.COM — 17 Apr 2026

🕵️

Anthropic Introduces Claude Opus 4.7 for Advanced Problem-Solving

GBHACKERS.COM — 17 Apr 2026

🕵️

ZionSiphon Malware Hits Israeli Desalination Plants

GBHACKERS.COM — 17 Apr 2026

🕵️

Censys Warns 6 Million Public-Facing FTP Servers Are Still Exposed in 2026

GBHACKERS.COM — 17 Apr 2026

🕵️

Fiverr left customer files public and searchable on Google

INFOSEC.PUB — 17 Apr 2026

🕵️

Top 5 Disaster Recovery Companies in 2026

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

OpenAI Extends GPT-5.4-Cyber Access to Trusted Organizations Worldwide

GBHACKERS.COM — 17 Apr 2026

🕵️

Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches

GBHACKERS.COM — 17 Apr 2026

🕵️

Identity at the Edge: How the Sixth Annual Identity Management Day Highlights the New Frontiers of Trust

KNOWBE4.COM — 17 Apr 2026

🕵️

ZionSiphon malware designed to sabotage water treatment systems

SH.ITJUST.WORKS — 17 Apr 2026

🕵️

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

SH.ITJUST.WORKS — 17 Apr 2026

🕵️

North Korea Uses ClickFix to Target macOS Users' Data

SH.ITJUST.WORKS — 17 Apr 2026

🕵️

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads - Infosecurity Magazine

SH.ITJUST.WORKS — 17 Apr 2026

🕵️

Six million FTP servers exposed online | Cybernews

SH.ITJUST.WORKS — 17 Apr 2026

🕵️

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

Off-Topic Friday

INFOSEC.PUB — 17 Apr 2026

🕵️

Over 13M Kemper Corporation records leaked on the dark web, hackers claim | Cybernews

SH.ITJUST.WORKS — 17 Apr 2026

🕵️

Cisco patches critical bugs in Webex, ISE | news | SC Media

SH.ITJUST.WORKS — 17 Apr 2026

🕵️

New Phishing Attack Turns n8n Into On-Demand Malware Machine

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

Widespread AI Use Masks a Growing Workplace Readiness Gap

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

Brave to launch minimalist “Origin” browser with core privacy features

CYBERINSIDER.COM — 17 Apr 2026

🕵️

Tor VPN for Android security audit confirms robust design

CYBERINSIDER.COM — 17 Apr 2026

🕵️

Transform security logs into OCSF format using a configuration-driven ETL solution

AWS.AMAZON.COM — 17 Apr 2026

🕵️

Anthropic Releases Opus 4.7, Not as ‘Broadly Capable’ as Mythos AI

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

Clothing Retailer Patches Website Flaw Exposing Customer Data

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

Chinese Humanoid Robots Dominate Opening Day of Canton Fair 2026

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

Apple iPhone Ultra: New Leak Reveals ‘Passport’ Design, High Price Tag

TECHREPUBLIC.COM — 17 Apr 2026

🕵️

Friday Squid Blogging: New Giant Squid Video

SCHNEIER.COM — 2026-04-17

🕵️

Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. - SWN #573

YOUTUBE.COM — 2026-04-17

🌐

Inside ZionSiphon: politically driven malware aims at Israeli water systems

SECURITYAFFAIRS.COM — 17 Apr 2026

🌐

Analyse: Vom Mythos zur Vulnocalypse und was jetzt wirklich zu tun ist

HEISE.DE — 2026-04-17

🌐

Hackers leverage leaked government intelligence tools to target everyday iOS users | Kaspersky official blog

KASPERSKY.COM — 17 Apr 2026

🎙️

Auslegungssache 157: Datenschutz vor Gericht

HEISE.DE — 2026-04-17

📡

Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)

ISC.SANS.EDU — 17 Apr 2026

📡

Angreifer attackieren Apache ActiveMQ Broker, Apache ActiveMQ

HEISE.DE — 2026-04-17

📡

Ärger mit aktueller NordVPN-App für macOS

HEISE.DE — 2026-04-17

📡

Amazon: Ring-Kameras jetzt mit optionaler Gesichtserkennung

HEISE.DE — 2026-04-17

📡

Windows-Updates: Unerwartete Server-Reboots und Anmeldestörungen

HEISE.DE — 2026-04-17

📡

Jetzt patchen nginx-ui! Angreifer übernehmen Kontrolle über Nginx-Server

HEISE.DE — 2026-04-17

📡

Österlicher Zertifikats-GAU bei D-Trust: Zehntausende Zertifikate ungültig

HEISE.DE — 2026-04-17

📡

YubiKey Manager: Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes

HEISE.DE — 2026-04-17

📡

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

THEHACKERNEWS.COM — 17 Apr 2026

📡

Singer loses life savings to fake wallet downloaded from the Apple App Store

BITDEFENDER.COM — 17 Apr 2026

📡

Android 13 erreicht Support-Ende: Millionen Geräte betroffen

HEISE.DE — 2026-04-17

📡

This old-school scam is still working

MALWAREBYTES.COM — 17 Apr 2026

📡

DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

SECURITYAFFAIRS.COM — 17 Apr 2026

📡

EU-App zur Altersprüfung: Experten knacken „Sorglos-Paket“ in Minuten

HEISE.DE — 2026-04-17