Cybersecurity Newsfeed - 23/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 23/04/26
🛡️ Vulnerabilities
Critical ASP.NET Core RCE: Microsoft has issued patches for a critical vulnerability in ASP.NET Core that could allow for unauthenticated remote code execution. The flaw stems from improper handling of specific request headers. More info
Oracle April 2026 CPU: Oracle’s April 2026 Critical Patch Update provides 365 new security patches. It addresses numerous critical vulnerabilities, including several with CVSS scores of 9.8 or higher in Database and WebLogic Server. More info
CISA Adds New Flaw to KEV: CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, affecting a widely deployed enterprise software component. Federal agencies are mandated to patch by a strict deadline. More info
BridgeBreak ICS Vulnerabilities: Critical flaws in serial-to-Ethernet converters from Lantronix and Silex Technology allow unauthenticated administrative access, potentially leading to full device compromise. More info
iOS Notification Privacy Bug: Apple released updates to fix an iOS bug that caused deleted notification data to persist in the system database, posing a risk for data leakage. More info
🎯 Adversaries
“Gentlemen” Ransomware on the Rise: A professionalized RaaS group using Rust-based encryptors is targeting mid-market enterprises in Europe and North America with double-extortion tactics. More info
Mustang Panda Targets Asia: The threat actor is targeting government entities in India and South Korea using a new modular backdoor dubbed “LotusLite” delivered via spear-phishing. More info
Harvester Deploys Gogra Linux Backdoor: This malware uses the Microsoft Graph API for C2 communications, allowing malicious traffic to blend in with legitimate cloud service activity. More info Technical details Kyber Gang Adopts Post-Quantum Crypto: The Kyber ransomware group is integrating PQC into its Windows encryptors to future-proof stolen data against quantum decryption. More info
Lotus Wiper Targets Venezuela: A destructive malware campaign is overwriting MBRs and wiping files in Venezuelan organizations, prioritizing disruption over financial gain. More info
Mirai Hits EOL D-Link Routers: A new botnet campaign is exploiting RCE flaws in end-of-life D-Link hardware that no longer receives security patches. More info
Worm-like npm Supply Chain Attack: A sophisticated attack on the npm ecosystem uses self-spreading packages to steal authentication tokens from developers. More info
- Iran 313 DDoS Hits Bluesky: The social media platform sustained disruptions following a DDoS attack by a hacktivist group citing moderation grievances. More info
📈 Trends
Anthropic “Mythos” Skepticism: Researchers argue that the new AI model’s safety claims are marketing hype, noting a lack of architectural safeguards against prompt injection. More info
Industrialization of Fraud (CaaS): The “Caller-as-a-Service” model has matured into a formal scam economy with recruitment, training, and specialized roles for social engineering. More info
“Silent Subject” Phishing: Attackers are bypassing filters by sending emails with blank subject lines and obfuscated HTML attachments to harvest credentials. More info
Malicious Trading Sites: Fraudulent investment platforms are distributing RATs that allow attackers to seize control of victims’ web browsers and bypass MFA. More info
Browser Security Hardening: Mozilla released Firefox 125 with 271 security bug fixes, addressing critical memory safety and use-after-free vulnerabilities. More info
TDM Market Shift: K2view is positioning its Test Data Management solutions as security-first alternatives to legacy suites like Broadcom, focusing on GDPR/CCPA compliance. More info
💥 Breaches & Leaks
- Manga Piracy Platform Dismantled: Spanish authorities took down a massive platform responsible for €47M in losses, noting that such sites often serve as vectors for malware. More info
📚 Others
- Microsoft Graph API Disruption: A code change in the Graph API caused widespread issues with Universal Print share services, though no breach occurred. More info