Post

Cybersecurity Newsfeed - 24/04/26

Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.

Posted
Cybersecurity Newsfeed - 24/04/26
Cybersecurity Newsfeed - 24/04/26
By Prana
2 min read
Cybersecurity Newsfeed - 24/04/26

Cybersecurity Newsfeed

📅 24/04/26

🛡️ Vulnerabilities

  • CISA Adds Microsoft Defender Zero-Day (CVE-2026-33825): CISA has added “BlueHammer,” a critical local privilege escalation flaw in Microsoft Defender, to its KEV Catalog. The bug allows attackers to gain SYSTEM-level privileges and is being weaponized to disable security features. Federal agencies must patch by May 6, 2026. More infoMore info
  • Apple Patches iOS Notification Flaw: Apple released iOS 26.4.2 to address a logging issue where deleted Signal notifications were retained in a local database. This flaw was reportedly exploited by the FBI to recover “disappeared” messages. More info

🎯 Adversaries

  • Chinese Groups Leverage Covert SOHO Networks: Five Eyes agencies warned that Chinese state-sponsored actors are using botnets of compromised SOHO routers and IoT devices to mask malicious traffic within residential data streams. More info

  • Trigona Ransomware’s Custom Exfiltration Tool: Trigona operators have shifted to a bespoke data-theft utility to accelerate multi-extortion tactics, automating the discovery and upload of sensitive documents before encryption. More info

  • UNC6692 Impersonates IT Helpdesk: A sophisticated vishing and SMS campaign is targeting corporate VPN and SSO credentials by posing as helpdesk personnel to bypass MFA via session hijacking. More info

  • Harvester APT Deploys “GoGra” Linux Malware: The Harvester group is using a new Linux backdoor that abuses the Microsoft Graph API and Outlook mailboxes for stealthy C2 communications. More info

  • GopherWhisper Targets Mongolian Government: A Chinese-aligned group is using Go-based backdoors (LaxGopher/RatGopher) that abuse Slack, Discord, and Outlook to bypass traditional network monitoring. More infoMore info

📈 Trends

  • 63% Annual Surge in Global Cyberattacks: Driven by AI-powered tools and RaaS expansion, mid-sized enterprises are seeing a massive spike in automated vulnerability scanning and social engineering. More info

  • The Danger of Mandatory Password Resets: Researchers warn that frequent reset policies decrease security by forcing users into predictable patterns, recommending a shift toward long passphrases and risk-based authentication. More info

  • Autonomous Incident Investigation via Aqua Compass: Aqua Security launched an MCP server using AI agents to autonomously investigate and contain malware attacks within containerized workloads. More info

  • Bitwarden CLI npm Package Compromised: A malicious version of the Bitwarden CLI was briefly published to npm to steal developer credentials, environment variables, and vault secrets. More info

💥 Breaches & Leaks

  • Supply Chain Attack Hits Checkmarx KICS: The TeamPCP group hijacked GitHub Action tags and trojanized OpenVSX extensions to inject credential-stealing payloads into the KICS analysis tool. More info

  • Vercel Reports Further Account Compromises: Following a third-party integration incident, Vercel identified additional accounts where attackers harvested environment variables and deployment tokens. More info

⬅ Back to Archive

News
cybersecurity vulnerabilities threat-intelligence breaches malware
This post is licensed under CC BY 4.0 by the author.