Cybersecurity Newsfeed - 16/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 16/04/26
🛡️ Vulnerabilities
Nginx UI Authentication Bypass: A critical authentication bypass vulnerability in Nginx UI, specifically versions with Model Context Protocol support, is being exploited. The flaw allows remote, unauthenticated attackers to gain full administrative access, execute arbitrary commands, and achieve total server takeover. More info
CISA Flags Windows Task Host (CVE-2025-60710): CISA added this privilege escalation flaw to its KEV catalog. The bug allows local attackers with standard permissions to gain SYSTEM-level access on Windows 11 and Windows Server 2025. Federal agencies must patch within two weeks. More info
Critical Excel Exploit: A new exploit targeting Microsoft Excel allows for remote code execution via specially crafted spreadsheets, bypassing standard security warnings and sandboxes. Researchers recommend disabling macros and applying Office updates immediately. More info
Google Chrome Fingerprinting Gap: Chrome reportedly lacks robust protections against browser fingerprinting, allowing websites to create unique identifiers for persistent tracking. This gap allows actors to bypass incognito modes and privacy settings. More info
Windows Updates Trigger BitLocker Recovery: Microsoft confirmed that the April 2026 security update (KB5082063) is causing some Windows Server 2025 devices to boot into BitLocker recovery mode due to TPM validation issues. More info
🎯 Adversaries
AgingFly Malware Hits Ukraine: A new malware strain targeting Ukrainian government agencies and hospitals exfiltrates data from Chromium-based browsers and WhatsApp sessions. It uses sophisticated lures to establish long-term espionage persistence. More info
Dragon Boss Adware Disables Antivirus: A signed adware operation has neutralized security software on over 23,000 endpoints. Using a valid certificate and PowerShell scripts, it terminates and blocks major products like Kaspersky and Malwarebytes. More info
Mirax RAT Targets European Android Users: This new Android RAT is distributed via deceptive apps and provides attackers control over SMS, call logs, and contacts, while using overlay attacks to steal banking credentials. More info
YouTube Phishing Steals Google Logins: Attackers are targeting creators with fake copyright notices that pull real channel data to create convincing “scare pages.” These lead to replica Google sign-in pages to hijack accounts. More info
AI Agents Hijacked via Indirect Injection: Vulnerabilities in AI agents like Claude, Gemini, and GitHub Copilot allow attackers to hijack user sessions via malicious instructions on public sites. This can lead to unauthorized data exfiltration and account actions. More info
📈 Trends
n8n Webhook Abuse for Phishing: Threat actors have weaponized the n8n automation platform, seeing a 686% increase in activity since October 2025. Attackers use the platform’s webhooks to generate trusted subdomains that bypass email filters. More info
Securing the Transportation Sector: Modern trucks have become “rolling networks,” making the sector a high-priority target for ransomware. The NMFTA is currently working to adapt NIST and ISO frameworks for the trucking industry. More info
Fintech Hit by 2 Tbps DDoS Attack: A massive DDoS attack driven by a coordinated IoT botnet targeted a major fintech organization. The attack utilized amplification techniques to cause service outages. More info
💥 Breaches & Leaks
- WordPress EssentialPlugin Suite Compromise: Over 30 plugins in the EssentialPlugin suite were hacked to distribute malware. Malicious code injections allow attackers to gain administrative access to thousands of websites. More info
📚 Others
- Broadcom Launches Zero-Trust AI Runtime: Broadcom introduced a secure-by-default runtime for enterprise AI agents, featuring a “deny-by-default” posture and immutable supply chains to prevent lateral movement. More info