🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
18 AprNVD shifts strategy to deal with a CVE backlog.US House extends FISA Section 702 for ten days. CISA recalls furloughed employees amid funding lapse.THECYBERWIRE.COM
18 AprMirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS BotnetThreat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has …THEHACKERNEWS.COM
18 AprNexcorium Mirai Variant Weaponises TBK DVR Vulnerability in Fresh IoT Botnet PushA newly discovered Mirai malware variant named Nexcorium is actively targeting unpatched Internet of Things (IoT) devices. According to recent threat research from FortiGuard Labs, attackers are exploiting a severe vulnerability in TBK DVR systems to build a massive botnet capabl…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
18 AprClaude Opus wrote a Chrome exploit for $2,283submitted by cm0002 to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/17/claude_opus_wrote_chrome_exploit/INFOSEC.PUB
18 AprCybersecurity Today Month in Review of March/April 2026Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing specta…CYBERSECURITYTODAY.LIBSYN.COM
18 AprMicrosoft Defender under attack as three zero-days, two of them still unpatched, enable elevated accessAttackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities…SECURITYAFFAIRS.COM
18 AprNexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacksA Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a M…SECURITYAFFAIRS.COM
18 AprResearcher Claims Claude Opus Enabled Creation of Working Chrome ExploitA security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also k…GBHACKERS.COM
18 AprHidden VMs: how hackers leverage QEMU to stealthily steal data and spread malwareAttackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By run…SECURITYAFFAIRS.COM
📢 SECURITY ADVISORIES 1[−]
18 AprNIST gives up enriching most CVEssubmitted by beep to cybersecurity 1 points | 0 comments https://risky.biz/risky-bulletin-nist-gives-up-enriching-most-cves/ Hacker News .INFOSEC.PUB
🔥 INCIDENT REPORTING 3[−]
18 AprA new breed of RAT.Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platfor…THECYBERWIRE.COM
18 Apr$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence ClaimsGrinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale…THEHACKERNEWS.COM
18 AprProaktive Ermittlungen gegen Cybercrime auf LandesebeneRansomware-Banden setzen auf KI und das Darknet, um kritische Infrastruktur zu treffen. Ermittler in Koblenz agieren zunehmend proaktiv.HEISE.DE
🕵️ THREAT INTELLIGENCE 2[−]
18 AprHTTP desync in Discord's media proxy: Spying on a whole platformsubmitted by beep to cybersecurity 1 points | 0 comments https://tmctmt.com/posts/http-desync-in-discord/ Lobsters .INFOSEC.PUB
18 AprIt Is Time to Ban the Sale of Precise Geolocationsubmitted by supersquirrel to cybersecurity 32 points | 0 comments https://www.lawfaremedia.org/article/it-is-time-to-ban-the-sale-of-precise-geolocationSH.ITJUST.WORKS