📰 DAILY THREAT BRIEFING
Sunday, April 19, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 19, 2026.

  1. Critical flaw in Protobuf library enables JavaScript code execution
    — Bleeping Computer

    Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implemen…
  2. Microsoft Teams right-click paste broken by Edge update bug
    — Bleeping Computer

    Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft T…
  3. NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
    — Bleeping Computer

    NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protectio…
  4. [Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
    — The Hacker News

    In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanage…
  5. $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
    — The Hacker News

    Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations aft…
  6. Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
    — The Hacker News

    Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on co…
  7. Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
    — Unit 42

    Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include…
  8. How NIST's Cutback of CVE Handling Impacts Cyber Teams
    — Dark Reading

    Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
  9. Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
    — Dark Reading

    In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login…
  10. Every Old Vulnerability Is Now an AI Vulnerability
    — Dark Reading

    AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
  11. ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
    — SANS ISC

    Introduction

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6351 in last 30 days).
Critical: 5 · High: 4 · Medium: 11 · Low: 0. View full dashboard →

  1. CVE-2026-2986
    — CVSS 6.4 (MEDIUM)

    The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and outpu…
  2. CVE-2026-2505
    — CVSS 5.4 (MEDIUM)

    The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rendering path passing a…
  3. CVE-2026-0894
    — CVSS 6.4 (MEDIUM)

    The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to insufficient input san…
  4. CVE-2026-41254
    — CVSS 4.0 (MEDIUM)

    Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
  5. CVE-2026-41253
    — CVSS 6.9 (MEDIUM)

    In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, suc…
  6. CVE-2026-6518
    — CVSS 8.8 (HIGH)

    The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_ins…
  7. CVE-2026-6048
    — CVSS 6.4 (MEDIUM)

    The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2.1.1 due to insuffici…
  8. CVE-2026-4801
    — CVSS 6.4 (MEDIUM)

    The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escapin…
  9. CVE-2026-40494
    — CVSS 9.8 (CRITICAL)

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has …
  10. CVE-2026-40493
    — CVSS 9.8 (CRITICAL)

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bp…
  11. CVE-2026-40492
    — CVSS 9.8 (CRITICAL)

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based o…
  12. CVE-2026-40491
    — CVSS 6.5 (MEDIUM)

    gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the …
  13. CVE-2026-40490
    — CVSS 6.8 (MEDIUM)

    The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient…
  14. CVE-2026-40487
    — CVSS 8.9 (HIGH)

    Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing…
  15. CVE-2026-35582
    — CVSS 8.8 (HIGH)

    Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell comman…
  16. CVE-2026-1838
    — CVSS 6.1 (MEDIUM)

    The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. Thi…
  17. CVE-2026-1559
    — CVSS 6.4 (MEDIUM)

    The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. T…
  18. CVE-2026-40572
    — CVSS 9.0 (CRITICAL)

    NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their add…
  19. CVE-2026-40350
    — CVSS 8.8 (HIGH)

    Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use them to enumerate all …
  20. CVE-2026-40317
    — CVSS 9.3 (CRITICAL)

    NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allow…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 19, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com