Cybersecurity Newsfeed - 21/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 21/04/26
🛡️ Vulnerabilities
SGLang Remote Code Execution (CVE-2026-5760): A critical flaw with a CVSS score of 9.8 was discovered in SGLang, a framework for LLM inference. The vulnerability allows remote code execution via improper input validation in structured generation requests, potentially compromising AI infrastructure. More info
CISA Adds 8 New Vulnerabilities to KEV Catalog: CISA has added eight flaws to its Known Exploited Vulnerabilities catalog, including legacy systems and enterprise apps. Federal agencies are mandated to patch these within specific timeframes to mitigate active exploitation. More info
Thousands of Bugs in Serial-to-IP Devices: Research into legacy-to-modern bridge components revealed thousands of vulnerabilities in Serial-to-IP devices. Lack of authentication and encryption in these OT/IT intersections exposes critical infrastructure to remote manipulation. More info
Microsoft Releases Emergency Windows Server Updates: Out-of-band updates were issued to fix critical issues caused by previous patches, including server crashes and Active Directory authentication failures that disrupted enterprise network management. More info
🎯 Adversaries
Lazarus Group Linked to $290M Kelp DAO Heist: North Korean hackers targeted the Kelp DAO liquid staking platform, exploiting smart contract vulnerabilities to drain assets. Funds were moved through mixing services to obfuscate the trail. More info
“Gentlemen” Ransomware Integrates SystemBC: The group has upgraded its tactics using SystemBC as a SOCKS5 proxy and RAT. This allows for automated initial access, persistent control, and masked C2 traffic during data exfiltration. More info
ZionSiphon Malware Targets Water Utilities: A targeted “watering hole” campaign is compromising industry-specific websites to deliver ZionSiphon malware, designed for stealthy data exfiltration and providing backdoors into industrial networks. More info
Scattered Spider Hacker Pleads Guilty: A British member of the collective known for aggressive social engineering and targeting IT helpdesks has pleaded guilty to charges related to massive cryptocurrency theft and corporate infiltration. More info
Hacker Tyler Buchanan Convicted: The British hacker pleaded guilty to a scheme involving SIM swapping and social engineering to steal sensitive data and cryptocurrency from high-profile companies and individuals. More info
📈 Trends
Infiltrated Crypto Wallets on Apple App Store (China): Malicious wallet apps successfully bypassed Apple’s review process in China. These apps use localized branding to trick users into revealing private keys to drain assets. More info
MS Teams Exploited for Helpdesk Impersonation: Attackers are increasingly using Microsoft Teams to impersonate IT personnel, luring employees into disclosing MFA credentials or clicking malicious links to facilitate ransomware deployment. More info
WhatsApp Metadata Privacy Concerns: Investigations suggest WhatsApp’s architecture may leak user metadata (communication patterns and contact lists), allowing for user profiling despite the use of end-to-end encryption for message content. More info
The “Backup Myth” Threatening Businesses: Security experts warn that reliance on unverified or poorly isolated backups creates a false sense of security. Organizations are urged to move toward immutable, air-gapped solutions to survive ransomware. More info
Fake TikTok Downloaders Delivering Spyware: Malicious browser extensions for Chrome and Edge, promising watermark-free TikTok videos, are being used to capture keystrokes and steal session cookies for account takeovers. More info
💥 Breaches & Leaks
- Seiko USA Website Defaced and Data Stolen: A hacker defaced the Seiko USA landing page and claimed to have exfiltrated sensitive customer data. The company is currently investigating the extent of the unauthorized access. More info