12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of April 17, 2026.
-
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
— Bleeping Computer
The latest wave of "Operation PowerOFF," on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across… -
ZionSiphon malware designed to sabotage water treatment systems
— Bleeping Computer
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environment… -
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
— Unit 42
CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botne… -
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
— Bleeping Computer
A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," … -
North Korea Uses ClickFix to Target macOS Users' Data
— Dark Reading
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. -
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
— SANS ISC
[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecuri… -
'Harmless' Global Adware Transforms Into an AV Killer
— Dark Reading
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to… -
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
— The Hacker News
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously… -
Two-Factor Authentication Breaks Free from the Desktop
— Dark Reading
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra secu… -
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
— The Hacker News
You know that feeling when you open your feed on a Thursday morning and it's just… a lot? Yeah. This week delivered. We've got hackers … -
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
— The Hacker News
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanage… -
ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)
— SANS ISC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
🪲 NVD — Last 20 Scored Vulnerabilities
Latest scored CVEs from the National Vulnerability Database (6591 in last 30 days).
Critical: 2 · High: 7 · Medium: 10 · Low: 1. View full dashboard →
-
CVE-2026-40322
— CVSS 9.0 (CRITICAL)
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. T⦠-
CVE-2026-40318
— CVSS 8.5 (HIGH)
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without valid⦠-
CVE-2026-40259
— CVSS 8.1 (HIGH)
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleRead⦠-
CVE-2026-40255
— CVSS 6.1 (MEDIUM)
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the res⦠-
CVE-2026-40253
— CVSS 6.8 (MEDIUM)
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length param⦠-
CVE-2024-58343
— CVSS 4.3 (MEDIUM)
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. -
CVE-2026-41113
— CVSS 8.1 (HIGH)
sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. -
CVE-2026-40170
— CVSS 7.5 (HIGH)
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds c⦠-
CVE-2026-34164
— CVSS 4.9 (MEDIUM)
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain⦠-
CVE-2026-33472
— CVSS 4.8 (MEDIUM)
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for C⦠-
CVE-2026-6442
— CVSS 8.3 (HIGH)
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted command⦠-
CVE-2025-43937
— CVSS 6.6 (MEDIUM)
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, lea⦠-
CVE-2025-43935
— CVSS 4.4 (MEDIUM)
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to de⦠-
CVE-2026-41082
— CVSS 7.3 (HIGH)
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. -
CVE-2026-24749
— CVSS 5.3 (MEDIUM)
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile:⦠-
CVE-2025-43883
— CVSS 4.1 (MEDIUM)
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability⦠-
CVE-2026-41080
— CVSS 2.9 (LOW)
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. -
CVE-2025-36579
— CVSS 5.1 (MEDIUM)
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized ac⦠-
CVE-2026-3324
— CVSS 8.2 (HIGH)
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration. -
CVE-2026-37347
— CVSS 9.1 (CRITICAL)
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.
Source: NVD CVE API 2.0
Generated by CryptXNet.ai Threat Intelligence Platform · April 17, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com