matlock.ca // THREAT INTELLIGENCE

122Articles

9Categories

2026-04-22Date

🚨

Anthropic bets on EPSS for the coming bug surgeAnthropic’s Mythos has intensified a problem that vulnerability management programs were already struggling to contain: too many vulnerabilities and not enough clarity about which ones matter. What changes with Mythos — and the AI-based class of vulnerability discovery systems it…

KEVCSOONLINE.COM — 22 Apr 2026

🚨

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlinessubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html

KEVSH.ITJUST.WORKS — 22 Apr 2026

🐛

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

THEHACKERNEWS.COM — 22 Apr 2026

🐛

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

THEHACKERNEWS.COM — 22 Apr 2026

🐛

Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks

GBHACKERS.COM — 22 Apr 2026

🐛

Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks

GBHACKERS.COM — 22 Apr 2026

🐛

Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities

GBHACKERS.COM — 22 Apr 2026

🐛

VU#518910: Ollama GGUF Quantization Remote Memory Leak

KB.CERT.ORG — 2026-04-22

🐛

Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw

SECURITYAFFAIRS.COM — 22 Apr 2026

🐛

Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

SECURITYAFFAIRS.COM — 22 Apr 2026

🐛

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

CSOONLINE.COM — 22 Apr 2026

🐛

Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed

TECHREPUBLIC.COM — 22 Apr 2026

⚠️

Vercel Breach Started With AI Tool

CYBERSECURITYTODAY.LIBSYN.COM — 22 Apr 2026

⚠️

Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability

GBHACKERS.COM — 22 Apr 2026

⚠️

1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed Online

KEVGBHACKERS.COM — 22 Apr 2026

⚠️

DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection

GBHACKERS.COM — 22 Apr 2026

⚠️

From Shame to Fame: Changing Behaviors and RSAC Interviews from Tanium and Illumio - BSW #444

YOUTUBE.COM — 2026-04-22

⚠️

Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs

RISKY.BIZ — 22 Apr 2026

⚠️

The AI era demands a different kind of CISO

CYBERSCOOP.COM — 22 Apr 2026

⚠️

Lotus Wiper Hits Energy Sector in Destructive Cyberattack

GBHACKERS.COM — 22 Apr 2026

⚠️

Mullvad to add feature that forces all iOS traffic through the VPN tunnel

CYBERINSIDER.COM — 22 Apr 2026

⚠️

Toxic Combinations: When Cross-App Permissions Stack into Risk

THEHACKERNEWS.COM — 22 Apr 2026

⚠️

NFC tap-to-pay gets tapped by hackers

CSOONLINE.COM — 22 Apr 2026

⚠️

Mozilla says Claude’s Mythos AI helped uncover 271 flaws in Firefox

CYBERINSIDER.COM — 22 Apr 2026

⚠️

109 Fake GitHub Repos Spread SmartLoader, StealC Malware

GBHACKERS.COM — 22 Apr 2026

⚠️

Iran claims US exploited networking equipment backdoors during strikes

INFOSEC.PUB — 22 Apr 2026

⚠️

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeek

SH.ITJUST.WORKS — 22 Apr 2026

⚠️

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

KEVSH.ITJUST.WORKS — 22 Apr 2026

⚠️

Punishment Fails Behavior Change

YOUTUBE.COM — 2026-04-22

⚠️

News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category

LASTWATCHDOG.COM — 22 Apr 2026

⚠️

Microsoft SharePoint vulnerability widely exposed across multiple countries

CYBERSECURITYDIVE.COM — 22 Apr 2026

⚠️

New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert

TECHREPUBLIC.COM — 22 Apr 2026

⚠️

DDoS wave continues as Mastodon hit after Bluesky incident

SECURITYAFFAIRS.COM — 22 Apr 2026

⚠️

Apple fixes bug that cops used to extract deleted chat messages from iPhones

TECHCRUNCH.COM — 22 Apr 2026

⚠️

The leak was only a matter of time.

THECYBERWIRE.COM — 22 Apr 2026

📢

Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware

GBHACKERS.COM — 22 Apr 2026

📢

The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem

THECYBERWIRE.COM — 22 Apr 2026

📢

UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns

INFOSECURITY-MAGAZINE.COM — 22 Apr 2026

📢

IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist

TALOSINTELLIGENCE.COM — 22 Apr 2026

📢

Iran, Russia and China behind most major cyberattacks on UK, security chief warns

INFOSEC.PUB — 22 Apr 2026

📢

Iran, Russia and China behind most major cyberattacks on UK, security chief warns

SH.ITJUST.WORKS — 22 Apr 2026

📢

New Defense Department cyber strategy imminent, official says

THERECORD.MEDIA — 22 Apr 2026

📢

NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks

INFOSECURITY-MAGAZINE.COM — 22 Apr 2026

📢

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

THEHACKERNEWS.COM — 22 Apr 2026

📢

CISA director pick Sean Plankey withdraws his nomination

CYBERSCOOP.COM — 22 Apr 2026

📢

House Republicans roll out national privacy bill

CYBERSCOOP.COM — 22 Apr 2026

📢

Anonymous Competition Drives Executives

YOUTUBE.COM — 2026-04-22

📢

Trump’s CISA director pick withdraws after tumultuous nomination

CYBERSECURITYDIVE.COM — 22 Apr 2026

🔥

[Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)

ISC.SANS.EDU — 22 Apr 2026

🔥

Exclusive Anthropic Cyber Tool Mythos Accessed by Unapproved Actors

GBHACKERS.COM — 22 Apr 2026

🔥

French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations

GBHACKERS.COM — 22 Apr 2026

🔥

Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang

INFOSECURITY-MAGAZINE.COM — 22 Apr 2026

🔥

Ransomware Negotiator Pleads Guilty to BlackCat Scheme

SH.ITJUST.WORKS — 22 Apr 2026

🔥

UK cyber agency handling four major incidents a week as nation-state attacks surge

THERECORD.MEDIA — 22 Apr 2026

🔥

French govt agency confirms breach as hacker offers to sell data

SH.ITJUST.WORKS — 22 Apr 2026

🔥

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 - SecurityWeek

SH.ITJUST.WORKS — 22 Apr 2026

🔥

Cosmetics giant Rituals confirms data breach of customer membership records

TECHCRUNCH.COM — 22 Apr 2026

🔥

French police arrest suspected hacker behind dozens of data breaches

THERECORD.MEDIA — 22 Apr 2026

🔥

Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

TECHREPUBLIC.COM — 22 Apr 2026

🔥

France confirms data breach at government agency that manages citizens’ IDs

TECHCRUNCH.COM — 22 Apr 2026

🔥

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

GRAHAMCLULEY.COM — 22 Apr 2026

🕵️

ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)

ISC.SANS.EDU — 22 Apr 2026

🕵️

Wireshark tutorial: Capture vs. Display Filters

INFOSEC.PUB — 22 Apr 2026

🕵️

Nobody runs a marathon by accident

KNOWBE4.COM — 22 Apr 2026

🕵️

Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign

GBHACKERS.COM — 22 Apr 2026

🕵️

Scale Computing Spotlights Edge Wins in Retail, K-12

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

Amazon, Anthropic Expand Alliance With 5GW Compute Push to Power Claude

GBHACKERS.COM — 22 Apr 2026

🕵️

Hackers Tie Iranian Espionage to CastleRAT and ChainShell

GBHACKERS.COM — 22 Apr 2026

🕵️

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

THEHACKERNEWS.COM — 22 Apr 2026

🕵️

Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel

GBHACKERS.COM — 22 Apr 2026

🕵️

Microsoft warns of fake IT worker identities infiltrating cloud environments

GBHACKERS.COM — 22 Apr 2026

🕵️

Unauthorized Group Gains Access to Anthropic's Exclusive Cyber Tool Mythos

SH.ITJUST.WORKS — 22 Apr 2026

🕵️

When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks

UNIT42.PALOALTONETWORKS.COM — 22 Apr 2026

🕵️

ICE Uses Graphite Spyware

SCHNEIER.COM — 2026-04-22

🕵️

French Fintech Accounts Used to Launder Stolen Funds Before Detection

GBHACKERS.COM — 22 Apr 2026

🕵️

NGate NFC malware targets Android users through trojanized payment app - Help Net Security

SH.ITJUST.WORKS — 22 Apr 2026

🕵️

Microsoft Must Face £2.1B UK Cloud Licensing Lawsuit

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations

GBHACKERS.COM — 22 Apr 2026

🕵️

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations | CSO Online

SH.ITJUST.WORKS — 22 Apr 2026

🕵️

Phishing Campaigns Abuse AI Workflow Automation Platforms

KNOWBE4.COM — 22 Apr 2026

🕵️

Malicious Google Ads Hit Crypto Users With Wallet Drainers

GBHACKERS.COM — 22 Apr 2026

🕵️

Downloads falsos do Google Antigravity estão roubando contas em questão de minutos | Malwarebytes

SH.ITJUST.WORKS — 22 Apr 2026

🕵️

More Attack Context for Faster Triage, Response, and Hunting. Now Available to Every SOC

ANY.RUN — 22 Apr 2026

🕵️

What are You Working on Wednesday

INFOSEC.PUB — 22 Apr 2026

🕵️

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

THEHACKERNEWS.COM — 22 Apr 2026

🕵️

Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says

CYBERSECURITYDIVE.COM — 22 Apr 2026

🕵️

Network Engineering Basics

BLACKHILLSINFOSEC.COM — 22 Apr 2026

🕵️

Revolut Reportedly Targets $200B IPO Valuation in Huge Fintech Bet

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

The Supreme Court is about to decide how far geofence warrants can go

CYBERSCOOP.COM — 22 Apr 2026

🕵️

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

WIRED.COM — 22 Apr 2026

🕵️

Authentication No Longer Means Safe

YOUTUBE.COM — 2026-04-22

🕵️

Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

THEHACKERNEWS.COM — 22 Apr 2026

🕵️

KelpDAO suffers $290 million heist tied to Lazarus hackers

SH.ITJUST.WORKS — 22 Apr 2026

🕵️

Fake Google Antigravity Installer Can Steal Accounts in Minutes

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor

SH.ITJUST.WORKS — 22 Apr 2026

🕵️

AI Demand Is Forcing a Rethink of Data Center Power, Cooling

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI

TECHREPUBLIC.COM — 22 Apr 2026

🕵️

North Korean hackers siphon more than $12 million from crypto users in sprawling campaign

THERECORD.MEDIA — 22 Apr 2026

🌐

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

THEHACKERNEWS.COM — 22 Apr 2026

🌐

Researcher claims Claude Desktop installs “spyware” on macOS

MALWAREBYTES.COM — 22 Apr 2026

🌐

Malicious trading website drops malware that hands your browser to attackers

MALWAREBYTES.COM — 22 Apr 2026

🌐

UK government says 100 countries have spyware that can hack people’s phones

TECHCRUNCH.COM — 22 Apr 2026

🌐

Targeting developers: real-world cases, tactics, and defense strategies | Kaspersky official blog

KASPERSKY.COM — 22 Apr 2026

🌐

Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector

THERECORD.MEDIA — 22 Apr 2026

🌐

LABScon25 Replay | Are Your Chinese Cameras Spying For You Or On You?

SENTINELONE.COM — 22 Apr 2026

🎙️

Alignment Episode: How Traci Byrne Works Across CISOs, Startups, and Partners

THECYBERWIRE.COM — 22 Apr 2026

🎙️

The AI-driven gap between innovation and security with Brian Vecci from Varonis

THECYBERWIRE.COMHTTPS: — 22 Apr 2026

📡

Weekly Threat Bulletin – April 22nd, 2026

F5.COM — 22 Apr 2026

📡

Winter 2025 SOC 1 report is now available with 184 services in scope

AWS.AMAZON.COM — 22 Apr 2026

📡

Venezuela energy sector targeted by highly destructive Lotus wiper

SECURITYAFFAIRS.COM — 22 Apr 2026

📡

Researchers Uncover ProxySmart Software Powering 90+ SIM Farms

INFOSECURITY-MAGAZINE.COM — 22 Apr 2026

📡

Surge in Silent Subject Phishing Attacks Targets VIP Users

INFOSECURITY-MAGAZINE.COM — 22 Apr 2026

📡

China’s cyber capabilities now equal to the US, warns Dutch intelligence

THERECORD.MEDIA — 22 Apr 2026

📡

Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

SECURITYAFFAIRS.COM — 22 Apr 2026

📡

UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’

INFOSECURITY-MAGAZINE.COM — 22 Apr 2026

📡

Unauthorized users gain access to Anthropic's Mythos model.

THECYBERWIRE.COM — 22 Apr 2026

📡

A technical walkthrough of multicloud full-stack security using AWS Security Hub Extended

AWS.AMAZON.COM — 22 Apr 2026

📡

MacOS Native Tools Enable Stealthy Enterprise Attacks

INFOSECURITY-MAGAZINE.COM — 22 Apr 2026

📡

Artemis emerges from stealth with $70 million in funding.

THECYBERWIRE.COM — 22 Apr 2026