Cybersecurity Newsfeed - 17/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 17/04/26
🛡️ Vulnerabilities
CISA Adds Critical Flaw to KEV Catalog: CISA has added a high-impact vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies to remediate the flaw. This move highlights active exploitation and the urgent need to patch to prevent unauthorized access. More info
Microsoft Defender “RedSun” Zero-Day PoC: A proof-of-concept exploit dubbed RedSun has been released, demonstrating a method to gain SYSTEM privileges on Windows. The flaw targets the antivirus engine’s scanning process, allowing for arbitrary code execution. More info
Cisco Patches Four Critical Identity Vulnerabilities: Cisco released fixes for severe flaws in its identity management solutions that could allow unauthenticated attackers to bypass authentication or gain administrative control by exploiting improper security token validation. More info
Fortinet FortiSandbox Command Injection: Vulnerabilities CVE-2026-39813 and CVE-2026-39808 allow for command injection and unauthorized code execution. Given the role of sandboxes in malware analysis, these flaws pose a significant risk to secure environments. More info
Cisco Webex Critical Session Flaw: A vulnerability in Webex session token handling may allow unauthorized users to join private meetings. While some backend fixes are live, Cisco warns that certain configurations require manual administrator action. More info
Tails OS Local File Exposure: A discovery in the Tails operating system reveals a flaw that could expose saved files to unauthorized access under specific conditions, undermining the isolation protocols intended for high-risk users. More info
🎯 Adversaries
North Korean “ClickFix” Targets macOS: A social engineering campaign is targeting Mac users with fake browser “fix” scripts. Once executed, the scripts deploy malware to harvest credentials and system info, bypassing traditional macOS security perceptions. More info
Harmless Global “AV Killer” Campaign: This campaign uses adware as a front to deploy a potent tool designed to disable security software. Once defenses are neutralized, attackers drop secondary payloads like ransomware or spyware. More info
PowMix Botnet Hits Infrastructure: The newly identified PowMix botnet uses obfuscated PowerShell and mixed-language payloads to evade EDR systems, focusing on credential theft and persistent backdoor establishment. More info
Fake Slack Installers Deploy Hidden VNC: Malicious campaigns are distributing fake Slack installers that install a hidden Virtual Network Computing (VNC) server, allowing attackers to remotely control systems via a stealthy desktop session. More info
UAC-0247 Targets Ukrainian Healthcare: Threat actor UAC-0247 is targeting medical clinics with phishing lures and malware designed for long-term espionage and sensitive data exfiltration in the healthcare sector. More info
ZionSiphon Sabotages Water Systems: A new malware strain, ZionSiphon, targets industrial control systems (PLCs) to manipulate water treatment parameters, posing a direct physical threat to public utility safety. More info
📈 Trends
Google Gemini AI vs. Malicious Ads: Google is expanding its use of Gemini AI to scan and block deceptive advertisements, leveraging large language models to identify malvertising patterns that traditional filters miss. More info
ATHR Vishing Platform Automates Fraud: The emergence of the ATHR platform allows attackers to use AI-driven voice agents to scale social engineering, using realistic interactive prompts to trick victims into revealing MFA codes. More info
AI Coding Assistants Vulnerable to Prompt Injection: Claude Code, Gemini CLI, and GitHub Copilot have been found susceptible to prompt injection via code comments in public repositories, potentially leading to data exfiltration or environment compromise. More info