Daily Threat Briefing — Apr 15, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 15, 2026.

1. WordPress plugin suite hacked to push malware to thousands of sites
   — Bleeping Computer
   
   More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to w…
2. Navigating the Unique Security Risks of Asia's Digital Supply Chain
   — Dark Reading
   
   Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must w…
3. Signed software abused to deploy antivirus-killing scripts
   — Bleeping Computer
   
   A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endp…
4. n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
   — The Hacker News
   
   Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophi…
5. Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
   — Bleeping Computer
   
   Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking…
6. Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
   — Dark Reading
   
   Quantum computers are coming and may impact systems in unexpected ways, and it will "take years to be fully quantum-safe, if ever," cryptogr…
7. Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
   — Dark Reading
   
   Google, Meta, and Microsoft about half the time don't comply with requests to opt out of online tracking per a California law mandate, priva…
8. Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
   — The Hacker News
   
   A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active explo…
9. April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
   — The Hacker News
   
   A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch T…
10. ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
11. Scanning for AI Models, (Tue, Apr 14th)
    — SANS ISC
    
    Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. Reviewing…
12. Patch Tuesday, April 2026 Edition
    — Krebs on Security
    
    Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related softwa…

🛡️ NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6569 in last 30 days).
Critical: 3 ‷ High: 7 ‷ Medium: 8 ‷ Low: 2. View full dashboard →

1. CVE-2025-50881
   — CVSS 8.8 (HIGH)
   
   The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL para…
2. CVE-2025-69902
   — CVSS 9.8 (CRITICAL)
   
   A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
3. CVE-2026-1629
   — CVSS 4.3 (MEDIUM)
   
   Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink …
4. CVE-2026-26230
   — CVSS 3.8 (LOW)
   
   Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MM…
5. CVE-2026-2454
   — CVSS 5.8 (MEDIUM)
   
   Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msg…
6. CVE-2026-21991
   — CVSS 5.5 (MEDIUM)
   
   A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
7. CVE-2026-4177
   — CVSS 9.1 (CRITICAL)
   
   YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.

   The heap overflow occurs when class names exceed the initial 5…

8. CVE-2026-4284
   — CVSS 4.7 (MEDIUM)
   
   A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file – yudao-module-digitalcourse/yudao-module-digitalcourse-bi…
9. CVE-2026-4285
   — CVSS 2.7 (LOW)
   
   A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/sr…
10. CVE-2026-4287
    — CVSS 7.3 (HIGH)
    
    A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a ma…
11. CVE-2026-4288
    — CVSS 7.3 (HIGH)
    
    A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a mani…
12. CVE-2026-4289
    — CVSS 7.3 (HIGH)
    
    A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argume…
13. CVE-2026-2579
    — CVSS 7.5 (HIGH)
    
    The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping …
14. CVE-2026-0708
    — CVSS 8.3 (HIGH)
    
    A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation…
15. CVE-2026-2373
    — CVSS 5.3 (MEDIUM)
    
    The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query_args() function d…
16. CVE-2026-4307
    — CVSS 4.3 (MEDIUM)
    
    A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path traversal. The attack can…
17. CVE-2026-4308
    — CVSS 6.3 (MEDIUM)
    
    A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side request forgery. The att…
18. CVE-2026-4258
    — CVSS 7.5 (HIGH)
    
    All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH priva…
19. CVE-2026-3237
    — CVSS 4.3 (MEDIUM)
    
    In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permiss…
20. CVE-2026-4312
    — CVSS 9.8 (CRITICAL)
    
    GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 15, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com