📰 DAILY THREAT BRIEFING
Saturday, April 18, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 18, 2026.

  1. Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
    — Unit 42

    Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include…
  2. How NIST's Cutback of CVE Handling Impacts Cyber Teams
    — Dark Reading

    Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
  3. Payouts King ransomware uses QEMU VMs to bypass endpoint security
    — Bleeping Computer

    The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and b…
  4. Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
    — Dark Reading

    In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login…
  5. Grinex exchange blames "Western intelligence" for $13.7M crypto hack
    — Bleeping Computer

    Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western inte…
  6. Every Old Vulnerability Is Now an AI Vulnerability
    — Dark Reading

    AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
  7. Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
    — Bleeping Computer

    In cybercrime markets, trust isn't assumed, it's verified. Flare reveals how underground guides teach actors to evaluate carding shops based…
  8. Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
    — The Hacker News

    Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privile…
  9. Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
    — The Hacker News

    Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it reve…
  10. NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
    — The Hacker News

    The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and expo…
  11. ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
    — SANS ISC

    Introduction

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6571 in last 30 days).
Critical: 2 · High: 4 · Medium: 11 · Low: 3. View full dashboard →

  1. CVE-2026-40593
    — CVSS 4.8 (MEDIUM)

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars().…
  2. CVE-2026-40581
    — CVSS 8.1 (HIGH)

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data…
  3. CVE-2026-40485
    — CVSS 5.3 (MEDIUM)

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes based on whether a username exists: 404…
  4. CVE-2026-40484
    — CVSS 9.1 (CRITICAL)

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-acce…
  5. CVE-2026-40483
    — CVSS 5.4 (MEDIUM)

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars(). An au…
  6. CVE-2026-40349
    — CVSS 8.8 (HIGH)

    Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending `isAdmin=true` to `PUT /settin…
  7. CVE-2026-40348
    — CVSS 7.7 (HIGH)

    Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/je…
  8. CVE-2026-40347
    — CVSS 5.3 (MEDIUM)

    Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. U…
  9. CVE-2026-40341
    — CVSS 3.5 (LOW)

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB dev…
  10. CVE-2026-40340
    — CVSS 6.1 (MEDIUM)

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The function validates …
  11. CVE-2026-40339
    — CVSS 5.2 (MEDIUM)

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 842). The function reads the FormFlag byte v…
  12. CVE-2026-40338
    — CVSS 5.2 (MEDIUM)

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 856). The f…
  13. CVE-2026-40337
    — CVSS 5.1 (MEDIUM)

    The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through t…
  14. CVE-2026-40336
    — CVSS 2.4 (LOW)

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration…
  15. CVE-2026-40335
    — CVSS 5.2 (MEDIUM)

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and INT128 cases advance…
  16. CVE-2026-40334
    — CVSS 3.5 (LOW)

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename …
  17. CVE-2026-40333
    — CVSS 6.1 (MEDIUM)

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers…
  18. CVE-2026-40324
    — CVSS 9.1 (CRITICAL)

    Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A crafted GraphQL docume…
  19. CVE-2026-2262
    — CVSS 7.5 (HIGH)

    The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due t…
  20. CVE-2026-40486
    — CVSS 4.3 (MEDIUM)

    Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /api/users/{id}/preferences) applies submitted preference values without checking the isEnabled() …

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 18, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com