Cybersecurity Newsfeed - 09/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 09/04/26
🛡️ Vulnerabilities
13-Year-Old Bug in Apache ActiveMQ: A legacy vulnerability has resurfaced, allowing hackers to execute remote commands via insecure deserialization in the OpenWire protocol. Despite its age, many unpatched systems remain exposed. More info
CISA Adds New Flaw to KEV Catalog: CISA has mandated federal agencies to patch a high-risk vulnerability currently being exploited for remote code execution or privilege escalation. More info
Flatpak Sandbox Escape (v1.16.4): Flatpak released an urgent update to fix a flaw in filesystem permission handling that could allow malicious apps to break out of their sandbox and access the host system. More info
OpenSSL 3.6.2 Security Patch: OpenSSL issued a patch for vulnerabilities involving cryptographic certificate processing that could lead to DoS or information disclosure. More info
🎯 Adversaries
APT28 Deploys PrismEx Malware: The Russia-linked group is targeting Ukraine, Eastern Europe, and allied infrastructure with “PrismEx,” a modular toolkit designed for long-term espionage and persistent network access. More info
UNC6783 Targets Zendesk Instances: Mandiant identified a new actor harvesting corporate support tickets by leveraging compromised credentials to gain deep insights into internal corporate communications. More info
Iranian Actors Target U.S. PLCs: Threat actors are hijacking exposed Programmable Logic Controllers (PLCs) in U.S. critical infrastructure, specifically targeting utility sectors and water treatment facilities. More info
“ClickFix” macOS and Node.js Campaigns: New social engineering attacks are tricking users into running malicious scripts via Script Editor or Node.js to steal cryptocurrency and browser cookies. More info
Masjesu Botnet Emerges: A new DDoS-for-hire service is enlisting thousands of IoT devices by exploiting weak credentials and unpatched firmware to launch massive coordinated attacks. More info
📈 Trends
Emoji-Based C2 Communication: Researchers discovered a sophisticated campaign using emoji sequences to hide command-and-control traffic, bypassing traditional string-based detection tools. More info
Chaos Ransomware Targeting Misconfigured Servers: A new variant of Chaos ransomware is actively seeking out exposed database and file storage services in small-to-medium enterprises. More info
LucidRook Lua-Based Malware: Cisco Talos identified a new malware family written in Lua, used for stealthy file manipulation and data exfiltration in targeted espionage operations. More info