Cybersecurity Newsfeed - 04/06/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 04/06/26
🛡️ Vulnerabilities
Mirasvit Cache Warmer Extension Flaw (CVE-2026-45247): CISA added a critical untrusted data deserialization flaw affecting Magento servers to its KEV catalog. Federal agencies must remediate the bug by June 24, 2026, to prevent remote code execution. More info
One-Click GitHub Dev XSS Attack: A flaw in how GitHub’s web environment processes specific URIs inside repository configurations allows session hijacking. Threat actors can steal active tokens and access private source code with a single click. More info
Acer Wave 7 Router Zero-Days: Acer issued an urgent advisory regarding maximum-severity zero-day bugs in its Wave 7 routers. Attackers are exploiting these flaws to gain root privileges and draft routers into DDoS botnets. More info
Windows Search URI Protocol Handler Flaw: Researchers disclosed an unpatched vulnerability that abuses local search protocols to pull payloads from attacker-controlled SMB shares, effectively bypassing Mark-of-the-Web protections. More info
VS Code Token-Stealing Zero-Day: A sanitization failure within VS Code’s extension integration handler allows remote threat actors to silently exfiltrate developers’ GitHub authentication tokens via engineered repository links. More info
🎯 Adversaries
“WeedHack” Campaign Targets Minecraft Players: Attackers are using compromised Discord servers and YouTube channels to spread malware masked as game mods. The infostealer targets browser credentials, session cookies, and crypto wallets. More info
China-Linked TA4922 Deploys SilentRunLoader: European and UK government bodies and defense contractors are being targeted by TA4922. The group uses a new, memory-resident downloader to bypass traditional EDR defenses. More info
CISA Warns of Fuel Tank Monitor Exploits: Remote threat actors are targeting unauthenticated internet-accessible automated tank gauges at industrial facilities, giving them the ability to manipulate data or shut down fuel distribution. More info
Russian State-Sponsored Espionage Spikes in Europe: A coordinated spear-phishing push targeting European diplomatic entities uses custom implants to exfiltrate strategic communications while explicitly wiping forensic footprints. More info
Argamal RAT Embedded in Niche Games: Kaspersky discovered a new Trojan distributed via trojanized adult video games on unauthorized forums. The malware logs keystrokes, steals credentials, and captures screenshots. More info
Chinese Actors Target Europe with Atlas RAT: A new modular remote access trojan is hitting European political and defense targets via macro-enabled documents, allowing full memory injection and shell execution. More info
📈 Trends
The “HTTP/2 Bomb” DoS Methodology: Researchers detailed a specialized DoS attack that forces web servers to crash within 60 seconds using minimal bandwidth by overwhelming HTTP/2 settings frame processing thresholds. More info
Microsoft Backlash Over Zero-Day Disclosures: The enterprise security community has criticized Microsoft for threatening legal action against independent researchers who publish flaws before patches are finalized, raising concerns about open threat intelligence sharing. More info
Google Adds Real-Time AI Deepfake Detection to Android: Android is receiving an on-device machine learning upgrade designed to flag verbal patterns and synthetic voices common in deepfake scam calls, operating completely locally to ensure privacy. More info
💥 Breaches & Leaks
Spanish Hacker “Alcasec” Sentenced to Prison: José Luis Huertas has been jailed following a conviction for breaching Spain’s judicial network and tax agencies, subsequently attempting to monetize the data of millions of citizens on the dark web. More info
Global Stock Exchange Hit by Months-Long BEC Campaign: Threat actors bypassed multi-factor authentication to monitor internal executive correspondence at a major stock exchange, successfully injecting fraudulent invoices and compromising transactions. More info
📚 Others
US Sanctions Iranian Crypto Exchange Nobitex: OFAC sanctioned Nobitex for aiding ransomware syndicates in laundering millions of dollars in extorted digital assets outside of global financial compliance networks. More info
European Digital Piracy Networks Dismantled: An international operation took down nine crime syndicates running illegal streaming networks. The unauthorized streaming software frequently distributed data-stealing malware to unsuspecting users. More info