Cybersecurity Newsfeed - 22/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 22/04/26
🛡️ Vulnerabilities
Critical BridgeBreak Industrial IoT Flaws: Researchers identified 22 critical vulnerabilities affecting industrial IoT gateways. These flaws expose over 20,000 devices to RCE, potentially allowing attackers to pivot from IT networks into operational technology (OT) environments. More info
CISA Flags New SD-WAN Flaw: A major SD-WAN provider vulnerability has been added to the KEV catalog. The flaw allows unauthenticated attackers to execute code with root privileges on the control plane; state-sponsored groups are reportedly active. More info
Google Patches AntiGravity IDE: A critical flaw in Google’s AntiGravity IDE allowed for remote code execution via malicious project files. The issue stemmed from insecure deserialization of project metadata. More info
Microsoft Vulnerability Trends: While total bug counts remain high, Microsoft reports a 20% drop in overall vulnerabilities and a 50% reduction in critical-rated flaws, though logic-based and identity attacks are on the rise. More info
🎯 Adversaries
Chinese APT Targets Indian Banks: A Chinese-linked threat actor is targeting Indian financial institutions and South Korean policy groups using spear-phishing and custom backdoors to exfiltrate trade and diplomatic data. More info
“Lotus” Wiper Hits Venezuelan Energy: A novel wiper strain dubbed “Lotus” has been deployed against Venezuelan utility firms, overwriting MBRs to render systems unbootable in a suspected state-sponsored sabotage campaign. More info
SystemBC C2 Server Analysis: Analysis of a seized SystemBC server revealed 1,570 global victims. The malware serves as a network proxy for various ransomware affiliates targeting SMEs. More info
Pro-Iran Group Hits Bluesky: Social media platform Bluesky suffered a 24-hour DDoS attack claimed by pro-Iran hacktivists citing moderation policies and Western affiliations as motives. More info
NGate Malware Uses NFC Relay: Distributed via apps like “HandyPay,” NGate captures NFC data from physical cards to perform unauthorized ATM withdrawals and contactless payments. More info
Trojanized Android Intercepts Payments: A new Android strain mimics financial utilities to intercept contactless payment data via NFC, primarily targeting European users. More info
📈 Trends
Surge in Bomgar RMM Exploitation: Threat actors are increasingly leveraging the trusted Bomgar Remote Monitoring tool to bypass EDR systems and gain persistence within corporate environments. More info
FormBook Infostealer Proliferation: FormBook is being distributed via diverse methods including malvertising. New versions include improved anti-VM and anti-debugging features to hinder analysis. More info
Malicious Crypto Apps on App Store: Apple’s App Store has seen an influx of dozens of malicious apps masquerading as DeFi tools to drain user wallets through seed phrase theft. More info
macOS ClickFix Delivering AppleScript: Attackers are using social engineering to trick macOS users into running terminal commands that execute malicious AppleScript payloads for data exfiltration. More info
📚 Others
Ransomware Negotiator Pleads Guilty: Angelo Martino, a former negotiator, admitted to conspiring with the BlackCat/ALPHV group by leaking client insurance limits and negotiation strategies. More info
UK Probes Telegram over CSAM: UK authorities are investigating Telegram’s moderation policies following reports of adolescent-focused groups being used to share illegal content. More info