Cybersecurity Newsfeed - 27/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 27/04/26
🛡️ Vulnerabilities
12-Year-Old “pack2theroot” Bug (Linux Privilege Escalation): A long-standing flaw in the Linux kernel allows local users to escalate privileges to root via a buffer overflow in memory packet processing. Public exploit code is available. More info
Microsoft Entra Private Network Connector Flaw: Attackers can exploit an “Agent ID” registration flaw to impersonate connectors and reroute internal traffic, potentially leading to tenant takeover. More info
Critical Zimbra Collaboration Suite Exploit: Over 10,000 servers are vulnerable to an authentication bypass flaw being actively exploited to harvest emails and credentials. More info
PhantomRPC Remote Code Execution: Kaspersky researchers detailed a critical RPC mechanism flaw that allows for RCE without user interaction, posing a high risk for wormable attacks. More info
Breeze Cache WordPress Plugin File Upload Bug: A vulnerability in this popular plugin allows unauthenticated attackers to upload malicious PHP scripts, leading to full site compromise. More info
CISA Adds Four Vulnerabilities to KEV Catalog: Four new flaws affecting enterprise software and hardware have been added to the Known Exploited Vulnerabilities catalog due to active exploitation. More info
🎯 Adversaries
Trigona Ransomware Adopts Custom Exfiltration Tool: The group is now using a bespoke tool to automate data theft and evade EDR systems, enhancing their “double extortion” tactics. More info
Microsoft Teams Used to Deploy “Snow” Malware: Threat actors are utilizing social engineering on Teams to distribute the new Snow malware variant via malicious business documents. More info
“Firestarter” Malware Targets Cisco Firewalls: This persistent strain survives firmware updates and factory resets, providing a permanent backdoor for traffic monitoring. More info
GopherWhisper Campaign Targets High-Value Orgs: Using the “Burrow” framework, this sophisticated malware tunnels C2 traffic through legitimate services to remain undetected. More info
New “BlackFile” Extortion Gang: A new group is targeting the retail and hospitality sectors, focusing on pure data exfiltration and aggressive extortion rather than encryption. More info
Unit 42 Identifies Latin American Espionage Surge: A campaign targeting government and commercial entities in Central and South America uses localized lures and custom RATs for long-term spying. More info
📈 Trends
Fake CAPTCHA Pages Trick Users into Executing PowerShell: Attackers are using deceptive verification prompts to trick victims into running malicious scripts or authorizing fraudulent SMS transactions. More info
“ClickFix” Variant Leverages Native Windows Tools: A new version of the ClickFix campaign uses PowerShell “fix” commands to deliver malware, bypassing traditional antivirus by using legitimate utilities. More info
Fake Crypto Wallet Apps on Apple App Store: Researchers found 26 fraudulent apps (FakeWallet) mimicking services like MetaMask to steal private keys and digital assets. More info
Crackdown on Chinese Use of U.S. AI Models: The Trump administration has announced stricter export controls and monitoring to prevent adversarial states from exploiting American AI innovation. More info
💥 Breaches & Leaks
ADT Confirms Data Breach: Following a leak by ShinyHunters, ADT confirmed unauthorized access to a database containing customer order details and security system configurations. More info
Utility Firm Itron Discloses Network Breach: The American utility tech firm detected unauthorized access to its internal IT network, resulting in the theft of administrative and corporate data. More info