130Articles
7Categories
2026-04-26Date
🚨 CISA KEV 1[−]
26 Apr KEVSecurity Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SimpleHelp, Sa…SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 121[−]
26 AprCVE-2022-2068 The c_rehash script allows command injectionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31557 nvmet: move async event work off nvmet-wqInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31602 ALSA: ctxfi: Limit PTP to a single pageInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31637 rxrpc: reject undecryptable rxkad response ticketsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31651 mmc: vub300: fix NULL-deref on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23420 wifi: wlcore: Fix a locking bugInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31672 wifi: rt2x00usb: fix devres lifetimeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31645 net: lan966x: fix page pool leak in error pathsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31671 xfrm_user: fix info leak in build_report()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSGInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crashInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31639 rxrpc: Fix key reference count leak from call->keyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31657 batman-adv: hold claim backbone gateways by referenceInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checksInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31628 x86/CPU: Fix FPDSS on Zen1Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31630 rxrpc: proc: size address buffers for %pISpc outputInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31649 net: stmmac: fix integer underflow in chain modeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU releaseInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lockInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31664 xfrm: clear trailing padding in build_polexpire()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31638 rxrpc: Only put the call ref if one was acquiredInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extendInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31604 wifi: rtw88: fix device leak on probe failureInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31676 rxrpc: only handle RESPONSE during service challengeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31684 net: sched: act_csum: validate nested VLAN headersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23362 can: bcm: fix locking for bcm_op runtime updatesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31788 xen/privcmd: restrict usage in unprivileged domUInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23360 nvme: fix admin queue leak on controller resetInformation published.MSRC.MICROSOFT.COM
26 AprCritical bug in CrowdStrike LogScale let attackers access filesCrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unau…SECURITYAFFAIRS.COM
⚠️ VULNERABILITY DISCLOSURE 1[−]
26 AprWeek in review: Claude Mythos finds 271 Firefox flaws, Vercel breachHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD inf…HELPNETSECURITY.COM
🔥 INCIDENT REPORTING 2[−]
26 AprTrigona ransomware adopts custom tool to steal data and evade detectionTrigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities lik…SECURITYAFFAIRS.COM
26 AprUdemy - 1,401,259 breached accountsIn April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also includ…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 3[−]
26 AprXChat launches standalone iOS app as security concerns remainX has launched a standalone iOS app for its XChat messaging platform, promoting it as a private, end-to-end encrypted communication tool, but concerns about its security model continue to shadow the release. The announcement was made on X, marking the first time XChat has been of…CYBERINSIDER.COM
26 AprGopherWhisper: new China-linked APT targets Mongolia with Go-based malwareESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal …SECURITYAFFAIRS.COM
26 AprNpm Slop & Wonky Software Supply Chainssubmitted by codeinabox to security 1 points | 0 comments https://simonramstedt.com/blog/2026-04-09-npm-slop-and-wonky-software-supply-chains/ cross-posted from: lemmy.bestiver.se/post/1069240 CommentsPROGRAMMING.DEV
🌐 CYBER THREAT LANDSCAPE 1[−]
26 AprSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Morpheus: A new Spyware linked to IPS Intelligence The iPhone — invincible no more: a look at DarkSword and Coruna   Lotus Wiper: a new …SECURITYAFFAIRS.COM
📡 INFOSEC NEWS 1[−]
26 AprCalifornia Engineer Identified in Suspected Shooting at White House Correspondents' DinnerThe 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials.WIRED.COM