Cybersecurity Newsfeed - 15/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 15/04/26
🛡️ Vulnerabilities
Microsoft April 2026 Patch Tuesday: Microsoft addressed 167 vulnerabilities, including two zero-day flaws actively exploited in the wild. The updates cover Windows, Office, and Azure, with several classified as critical for remote code execution. More info
Critical Flaws in PHP Composer: New vulnerabilities discovered in the popular PHP dependency manager could allow attackers to execute arbitrary code on developer machines and CI/CD servers by exploiting package metadata. More info
wolfSSL Vulnerability Impacts IoT & Military: A critical flaw in the wolfSSL library could allow attackers to execute arbitrary code or cause DoS conditions on IoT routers and military-grade communication systems. More info
CISA Adds Two Flaws to KEV Catalog: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation and mandating federal remediation. More info
ShowDoc Servers Targeted (CVE-2025-0520): Attackers are scanning for unpatched ShowDoc servers to exploit a critical RCE vulnerability, threatening unauthorized access to sensitive internal documentation. More info
🎯 Adversaries
0APT (Krybit) Launches “SPAT” Campaign: This threat group is targeting government and financial institutions using custom-built malware designed for stealthy data exfiltration and persistent surveillance. More info
Fake Claude AI Spreads PlugX: Attackers are leveraging the popularity of AI tools by using fraudulent installers to deploy the PlugX RAT via DLL sideloading, bypassing traditional antivirus detections. More info
ViperTunnel Ransomware Hits UK & US: A new ransomware strain is targeting businesses using a unique tunneling protocol to exfiltrate data while bypassing standard network security controls. More info
Mirax Android RAT: A new mobile Trojan allows attackers to remotely control infected devices, enabling audio/video recording and GPS tracking, often spread through third-party app stores. More info
OmniStealer Abuses Blockchain C2: This malware uses blockchain transactions for its command-and-control infrastructure, making it exceptionally difficult for defenders to block via traditional IP or domain filtering. More info
📈 Trends
EDR Killer Ecosystem Expansion: Threat actors are increasingly utilizing “Bring Your Own Vulnerable Driver” (BYOVD) tactics to disable EDR solutions, necessitating stricter driver blocklists. More info
Malicious Chrome Extensions Surge: Over 100 malicious extensions were identified in the Web Store, sharing a common C2 infrastructure and designed to steal session cookies and bypass MFA. More info Additional info - Windows Protection for Malicious RDP: Microsoft is introducing stricter validation checks for .rdp files to prevent credential theft and lateral movement via crafted remote desktop configurations. More info
💥 Breaches & Leaks
Kraken Extorted After Insider Breach: The cryptocurrency exchange was targeted by hackers who successfully extorted the platform following an internal breach involving a malicious insider. More info
McGraw Hill Confirms Data Breach: The educational publishing giant confirmed a breach following an extortion threat, potentially exposing student and employee information to cybercriminal groups. More info
$95M Stolen via Fake Ledger Live App: A fraudulent app on the Apple App Store successfully stole millions in crypto by tricking users into entering their hardware wallet recovery phrases. More info
📚 Others
OpenSSL 4.0.0 Released: This major update introduces significant security enhancements, including FIPS 140-3 compliance and improved support for post-quantum cryptography. More info
DavMail 6.6.0 Update: The popular Exchange gateway released version 6.6.0, addressing stability issues and implementing security hardening for credential authentication. More info