📰 DAILY THREAT BRIEFING
Tuesday, April 21, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 21, 2026.

  1. KelpDAO suffers $290 million heist tied to Lazarus hackers
    — Bleeping Computer

    State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. [..…
  2. China's Apple App Store infiltrated by crypto-stealing wallet apps
    — Bleeping Computer

    A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal re…
  3. Vercel Employee's AI Tool Access Led to Data Breach
    — Dark Reading

    Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.
  4. Serial-to-IP Devices Hide Thousands of Old and New Bugs
    — Dark Reading

    The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, re…
  5. The Gentlemen ransomware now uses SystemBC for bot-powered attacks
    — Bleeping Computer

    A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation i…
  6. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
    — The Hacker News

    A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on sus…
  7. WhatsApp Leaks User Metadata to Attackers
    — Dark Reading

    Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activi…
  8. ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
    — The Hacker News

    Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted d…
  9. Why Most AI Deployments Stall After the Demo
    — The Hacker News

    The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces im…
  10. Fracturing Software Security With Frontier AI Models
    — Unit 42

    Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-…
  11. Handling the CVE Flood With EPSS, (Mon, Apr 20th)
    — SANS ISC

    Every morning, security people around the world face the same ritual: opening their vulnerability feed to find a lot of new CVE entries that…
  12. ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6095 in last 30 days).
Critical: 1 · High: 9 · Medium: 9 · Low: 1. View full dashboard →

  1. CVE-2026-39396
    — CVSS 3.1 (LOW)

    OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decom…
  2. CVE-2026-39386
    — CVSS 8.8 (HIGH)

    Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entir…
  3. CVE-2026-39378
    — CVSS 6.5 (MEDIUM)

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows …
  4. CVE-2026-39377
    — CVSS 6.5 (MEDIUM)

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory w…
  5. CVE-2026-39320
    — CVSS 7.5 (HIGH)

    Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service (ReDoS) attack within the WebSocket subscri…
  6. CVE-2026-41331
    — CVSS 5.3 (MEDIUM)

    OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insuffic…
  7. CVE-2026-41330
    — CVSS 4.4 (MEDIUM)

    OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by ove…
  8. CVE-2026-41329
    — CVSS 9.9 (CRITICAL)

    OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper conte…
  9. CVE-2026-41303
    — CVSS 8.8 (HIGH)

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass t…
  10. CVE-2026-41302
    — CVSS 7.6 (HIGH)

    OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit ungua…
  11. CVE-2026-41301
    — CVSS 5.3 (MEDIUM)

    OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenti…
  12. CVE-2026-41300
    — CVSS 6.5 (MEDIUM)

    OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their dis…
  13. CVE-2026-41299
    — CVSS 7.1 (HIGH)

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than ve…
  14. CVE-2026-41298
    — CVSS 5.4 (MEDIUM)

    OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to th…
  15. CVE-2026-41297
    — CVSS 7.6 (HIGH)

    OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The m…
  16. CVE-2026-41296
    — CVSS 8.2 (HIGH)

    OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read…
  17. CVE-2026-41295
    — CVSS 7.8 (HIGH)

    OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious…
  18. CVE-2026-41294
    — CVSS 8.6 (HIGH)

    OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or worksp…
  19. CVE-2026-41285
    — CVSS 4.3 (MEDIUM)

    In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 – 2" expre…
  20. CVE-2026-40045
    — CVSS 5.7 (MEDIUM)

    OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirec…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 21, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com