matlock.ca // THREAT INTELLIGENCE

106Articles

10Categories

2026-04-21Date

🚨

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal DeadlinesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vuln…

KEVTHEHACKERNEWS.COM — 21 Apr 2026

🚨

U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency…

KEVSECURITYAFFAIRS.COM — 21 Apr 2026

🚨

Trust Lags Behind Technology.Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CI…

KEVTHECYBERWIRE.COM — 21 Apr 2026

🐛

Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers

GBHACKERS.COM — 21 Apr 2026

🐛

6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197

GBHACKERS.COM — 21 Apr 2026

🐛

CVE-2026-41254

MSRC.MICROSOFT.COM — 21 Apr 2026

🐛

Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release

GBHACKERS.COM — 21 Apr 2026

🐛

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

CSOONLINE.COM — 21 Apr 2026

🐛

VU#414811: Terrarium contains a vulnerability that allows arbitrary code execution

KB.CERT.ORG — 2026-04-21

🐛

VU#890999: Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser

KB.CERT.ORG — 2026-04-21

🐛

Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered

KEVCSOONLINE.COM — 21 Apr 2026

⚠️

Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects

GBHACKERS.COM — 21 Apr 2026

⚠️

AI-Driven Exploitation Could Shrink Defenders’ Patch Window

GBHACKERS.COM — 21 Apr 2026

⚠️

173: Tarjeteros

DARKNETDIARIES.COM — 21 Apr 2026

⚠️

GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers

GBHACKERS.COM — 21 Apr 2026

⚠️

CISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security Flaws

KEVGBHACKERS.COM — 21 Apr 2026

⚠️

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility

SECURITYAFFAIRS.COM — 21 Apr 2026

⚠️

Top techniques attackers use to infiltrate your systems today

CSOONLINE.COM — 21 Apr 2026

⚠️

The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops

CSOONLINE.COM — 21 Apr 2026

⚠️

The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379

YOUTUBE.COM — 2026-04-21

⚠️

Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool

INFOSECURITY-MAGAZINE.COM — 21 Apr 2026

⚠️

Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering

GBHACKERS.COM — 21 Apr 2026

⚠️

Why identity is the driving force behind digital transformation

CSOONLINE.COM — 21 Apr 2026

⚠️

Mythos can find the vulnerability. It can’t tell you what to do about it.

CYBERSCOOP.COM — 21 Apr 2026

⚠️

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

THEHACKERNEWS.COM — 21 Apr 2026

⚠️

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

THEHACKERNEWS.COM — 21 Apr 2026

⚠️

UK probes Telegram and other chat apps over child safety failures

CYBERINSIDER.COM — 21 Apr 2026

⚠️

Prompt injection turned Google’s Antigravity file search into RCE

CSOONLINE.COM — 21 Apr 2026

⚠️

The Vercel breach started at a tool nobody was watching

PROGRAMMING.DEV — 21 Apr 2026

⚠️

Alert: WhatsApp Phishing Campaign Delivers Malware

KNOWBE4.COM — 21 Apr 2026

⚠️

Phishing and MFA exploitation: Targeting the keys to the kingdom

TALOSINTELLIGENCE.COM — 21 Apr 2026

⚠️

Cloud platform Vercel says company breached through third-party AI tool

THERECORD.MEDIA — 21 Apr 2026

⚠️

22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

THEHACKERNEWS.COM — 21 Apr 2026

⚠️

CISA confirms exploitation of 3 more Cisco networking device vulnerabilities

CYBERSECURITYDIVE.COM — 21 Apr 2026

⚠️

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

GBHACKERS.COM — 21 Apr 2026

⚠️

Security Game Isn’t Fair

YOUTUBE.COM — 2026-04-21

⚠️

Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

ARSTECHNICA.COM — 21 Apr 2026

⚠️

Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574

YOUTUBE.COM — 2026-04-21

⚠️

Oracle April 2026 Critical Patch Update Addresses 241 CVEs

TENABLE.COM — 21 Apr 2026

⚠️

Former DigitalMint ransomware negotiator pleads guilty to extortion scheme

CYBERSCOOP.COM — 21 Apr 2026

📢

SideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail Logins

GBHACKERS.COM — 21 Apr 2026

📢

CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack

GBHACKERS.COM — 21 Apr 2026

📢

European Commission Moving to Classify ChatGPT as ‘Very Large Online Search Engine’ Under Digital Services Act

TECHREPUBLIC.COM — 21 Apr 2026

📢

CISA urges security teams to view environments following axios compromise

CYBERSECURITYDIVE.COM — 21 Apr 2026

🔥

12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users

GBHACKERS.COM — 21 Apr 2026

🔥

Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker

GBHACKERS.COM — 21 Apr 2026

🔥

PureRAT Hides PE Payloads in PNGs for Fileless Execution

GBHACKERS.COM — 21 Apr 2026

🔥

Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms

INFOSECURITY-MAGAZINE.COM — 21 Apr 2026

🔥

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

THEHACKERNEWS.COM — 21 Apr 2026

🔥

The Gentlemen Ransomware Expands With Rapid Affiliate Growth

INFOSECURITY-MAGAZINE.COM — 21 Apr 2026

🔥

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

THEHACKERNEWS.COM — 21 Apr 2026

🔥

Ransomware negotiator pleads guilty to helping ransomware gang

TECHCRUNCH.COM — 21 Apr 2026

🔥

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation

GBHACKERS.COM — 21 Apr 2026

🔥

Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks

CYBERSCOOP.COM — 21 Apr 2026

🔥

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

THEHACKERNEWS.COM — 21 Apr 2026

🔥

Ransomware negotiator caught secretly assisting BlackCat extortion scheme

SECURITYAFFAIRS.COM — 21 Apr 2026

🔥

Weekly Update 500

TROYHUNT.COM — 21 Apr 2026

🕵️

End of an Era: Tim Cook Steps Down as Apple CEO, John Ternus to Take Over

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

ISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900, (Tue, Apr 21st)

ISC.SANS.EDU — 21 Apr 2026

🕵️

Square POS Review 2026: Pricing, Features, Pros and Cons

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

A .WAV With A Payload, (Tue, Apr 21st)

ISC.SANS.EDU — 21 Apr 2026

🕵️

New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses

ANY.RUN — 21 Apr 2026

🕵️

North Korean Blamed for $290m KelpDAO Crypto Heist

INFOSECURITY-MAGAZINE.COM — 21 Apr 2026

🕵️

Get Microsoft Office 2024 Plus a Full Training Bundle for Just $114

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Set Your Business Up With Microsoft Office 2019 & Windows 11 Pro, $26

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

FakeWallet cryptostealer propagating via iOS App Store applications

INFOSEC.PUB — 21 Apr 2026

🕵️

New NGate Android malware variant uses NFC app to steal card data

CYBERINSIDER.COM — 21 Apr 2026

🕵️

pompelmi – ClamAV antivirus scanning for Node.js, zero dependencies

PROGRAMMING.DEV — 21 Apr 2026

🕵️

Mexican Surveillance Company

SCHNEIER.COM — 2026-04-21

🕵️

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

THEHACKERNEWS.COM — 21 Apr 2026

🕵️

AI-Powered NGate Malware Evades Detection Inside NFC Payment Apps

GBHACKERS.COM — 21 Apr 2026

🕵️

Claude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub Comments

GBHACKERS.COM — 21 Apr 2026

🕵️

All-in-One PDFtoolkit Unlimited Is $79 (reg. $619)

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Google’s AI Overviews Produce Hundreds of Millions of Inaccurate Answers Every Day, Analysis Suggests

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Amazon Deepens Anthropic Partnership, Eyeing Up to $25B as Claude Demand Surges

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

LLMs Push Red Team Boundaries

YOUTUBE.COM — 2026-04-21

🕵️

Big banks seek to ease security worries as AI push accelerates

CYBERSECURITYDIVE.COM — 21 Apr 2026

🕵️

67% of Android apps log data not mentioned in their privacy policies

CYBERINSIDER.COM — 21 Apr 2026

🕵️

This Sophisticated Scam Should Be a Warning To All Companies

KNOWBE4.COM — 21 Apr 2026

🕵️

Leak Points to Google’s ‘Fitbit Air’ as a Screen-Free Wearable for Health Tracking

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Apple May Drop iOS 27 Support for Four iPhones, Leaving Millions Behind

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Huawei Just Beat Apple and Samsung to a New Foldable Format in China

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Google Photos Rolls Out New AI-Powered Portrait Editing Features

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Quantum Computers Are Not a Threat to 128-bit Symmetric Keys

INFOSEC.PUB — 21 Apr 2026

🕵️

Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety

CYBERSCOOP.COM — 21 Apr 2026

🕵️

North Korea’s Lazarus APT stole $290M from Kelp DAO

SECURITYAFFAIRS.COM — 21 Apr 2026

🕵️

MacBook Neo Cheat Sheet: Everything to Know About Apple’s Budget Mac

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Intel Handheld Gaming Chip Core G3: Can It Challenge AMD in 2026?

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Meta Tests Paid WhatsApp Features With New ‘Plus’ Tier

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

Galaxy S27 Could Debut Samsung’s Biggest Battery Upgrade in Years

TECHREPUBLIC.COM — 21 Apr 2026

🕵️

China Deploys Robot Dogs, Drones, and Humanoids to Run a ‘Full-Space’ Metro System

TECHREPUBLIC.COM — 21 Apr 2026

🌐

The US NSA is using Anthropic’s Claude Mythos despite supply chain risk

SECURITYAFFAIRS.COM — 21 Apr 2026

🌐

Fake Google Antigravity downloads are stealing accounts in minutes

MALWAREBYTES.COM — 21 Apr 2026

🌐

Trojanized Android App Fuels New Wave of NFC Fraud

INFOSECURITY-MAGAZINE.COM — 21 Apr 2026

📰

Daily Briefing for 04.21.26

THECYBERWIRE.COM — 21 Apr 2026

🎙️

The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit Malik

THECYBERWIRE.COM — 21 Apr 2026

🎙️

[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025

TALOSINTELLIGENCE.COM — 21 Apr 2026

📡

Bad Apples: Weaponizing native macOS primitives for movement and execution

TALOSINTELLIGENCE.COM — 21 Apr 2026

📡

Android 17 ends all-or-nothing access to your contacts

MALWAREBYTES.COM — 21 Apr 2026

📡

They Built a Legendary Privacy Tool. Now They’re Sworn Enemies

WIRED.COM — 21 Apr 2026

📡

Real Apple notifications are being used to drive tech support scams

MALWAREBYTES.COM — 21 Apr 2026

📡

EU targets two Russian propaganda networks with new sanctions

THERECORD.MEDIA — 21 Apr 2026

📡

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

KREBSONSECURITY.COM — 21 Apr 2026

📡

UK regulator to probe Telegram, teen chat sites for potential child safety violations

THERECORD.MEDIA — 21 Apr 2026

📡

Meta Is Sued Over Scam Ads on Facebook and Instagram

WIRED.COM — 21 Apr 2026

📡

Mozilla Used Anthropic’s Mythos to Find and Fix 151 Bugs in Firefox

WIRED.COM — 21 Apr 2026