22Articles
8Categories
2026-04-25Date
🚨 CISA KEV 2[−]
25 Apr KEVCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal DeadlineThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.…THEHACKERNEWS.COM
25 Apr KEVU.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploi…SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
25 AprCVE-2026-41080Information published.MSRC.MICROSOFT.COM
25 AprCVE-2026-5450 scanf %mc off-by-one heap buffer overflowInformation published.MSRC.MICROSOFT.COM
25 AprOver 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to…SECURITYAFFAIRS.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
25 AprThe Patch Gap Is the ProblemMultiple public exploits are targeting Microsoft Defender’s internal privilege workflows, with confirmed use in active attacks. Some vulnerabilities have been patched, while others remain exposed. Security tools themselves can become attack surfaces. The delay between exploit rel…YOUTUBE.COM
25 AprGovernments and industry race to harness AI for vulnerability discovery.FIRESTARTER malware remained on Cisco devices after patches were applied. Cloud development platform Vercel confirms breach.THECYBERWIRE.COM
25 AprFirefox is quietly experimenting with Brave’s ad-blocking engineMozilla has quietly begun experimenting with Brave’s Rust-based ad-blocking engine in Firefox, signaling a potential shift in how the browser handles ads and trackers. The change was first spotted in Firefox 149 under Bugzilla entry 2013888, where Mozilla engineers introduced adb…CYBERINSIDER.COM
📢 SECURITY ADVISORIES 1[−]
25 AprCISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal networkCISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRES…SECURITYAFFAIRS.COM
🔥 INCIDENT REPORTING 1[−]
25 AprDiscord Sleuths Gained Unauthorized Access to Anthropic’s MythosPlus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.WIRED.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
25 AprResearchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering SoftwareCybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocum…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
25 AprCybersecurity Today Weekend: Deepfakes, the Death of Truth, and Verifying AI in the Enterprise📍 again, we'd like to thank Meter for their support in bringing you this podcast Meter delivers full stack networking infrastructure, wired, wireless, and cellular to leading enterprises. Working with their partners, meter designs, deploys and manages everything required to get p…CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 2[−]
25 AprMonitoring Claude Code/Cowork at scale with OTel in ElasticHow Elastic's InfoSec team built a monitoring pipeline for Claude Code and Claude Cowork using their native OTel export capabilities and Elastic's OTel ingestion infrastructure.ELASTIC.CO
25 AprA QRazy clever scam.This week, we are joined by ⁠Juliana Testa⁠, Senior Security Engineer from ⁠7AI⁠, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in imag…THECYBERWIRE.COM