📰 DAILY THREAT BRIEFING
Wednesday, April 22, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 22, 2026.

  1. [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
    — SANS ISC

    [This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity…
  2. French govt agency confirms breach as hacker offers to sell data
    — Bleeping Computer

    France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a thre…
  3. Ransomware Negotiator Pleads Guilty to BlackCat Scheme
    — Dark Reading

    A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted…
  4. Exploits Turn Windows Defender into Attacker Tool
    — Dark Reading

    Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.
  5. New Lotus data wiper used against Venezuelan energy, utility firms
    — Bleeping Computer

    A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations…
  6. SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
    — The Hacker News

    Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known p…
  7. 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
    — The Hacker News

    Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that …
  8. Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
    — Dark Reading

    The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware a…
  9. ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
    — Krebs on Security

    A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and …
  10. Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
    — The Hacker News

    A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in…
  11. Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
    — Bleeping Computer

    Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud…
  12. A .WAV With A Payload, (Tue, Apr 21st)
    — SANS ISC

    There have been reports of threat actors using a .wav file as a vector for malware.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6368 in last 30 days).
Critical: 2 · High: 8 · Medium: 9 · Low: 0. View full dashboard →

  1. CVE-2026-41144
    — CVSS 0.0 (NONE)

    F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition th…
  2. CVE-2026-41135
    — CVSS 7.5 (HIGH)

    free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated atta…
  3. CVE-2026-41133
    — CVSS 8.8 (HIGH)

    pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached…
  4. CVE-2026-41131
    — CVSS 5.0 (MEDIUM)

    OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the sa…
  5. CVE-2026-41127
    — CVSS 6.5 (MEDIUM)

    BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit …
  6. CVE-2026-41126
    — CVSS 4.3 (MEDIUM)

    BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with in…
  7. CVE-2026-41064
    — CVSS 9.3 (CRITICAL)

    WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsani…
  8. CVE-2026-41059
    — CVSS 8.2 (HIGH)

    OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following …
  9. CVE-2026-40575
    — CVSS 9.1 (CRITICAL)

    OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `–reverse-proxy` is enabled and `–skip-auth-r…
  10. CVE-2026-41063
    — CVSS 5.4 (MEDIUM)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's `ParsedownSafeWithLinks` class overrides `inlineMarkup` for raw HTML but does not override `inlineLink()` or `in…
  11. CVE-2026-41062
    — CVSS 6.5 (MEDIUM)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for `objects/aVideoEncoderReceiveImage.json.php` only checks the URL path component (vi…
  12. CVE-2026-41061
    — CVSS 5.4 (MEDIUM)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` regex at `objects/video.php:918` uses `/^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}/` without a `$` end anchor, allowing arbitrary H…
  13. CVE-2026-41060
    — CVSS 7.7 (HIGH)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows any URL whose hostname…
  14. CVE-2026-41058
    — CVSS 8.1 (HIGH)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files v…
  15. CVE-2026-41057
    — CVSS 7.1 (HIGH)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e64aad` is incomplete. Two separate code paths still reflect arbitrary `Origin` headers with credenti…
  16. CVE-2026-41056
    — CVSS 8.1 (HIGH)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin` header back in `Access-Control-Allow-Origin`…
  17. CVE-2026-41055
    — CVSS 8.6 (HIGH)

    WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding bet…
  18. CVE-2026-40935
    — CVSS 5.3 (MEDIUM)

    WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenti…
  19. CVE-2026-40929
    — CVSS 5.4 (MEDIUM)

    WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call `forbid…
  20. CVE-2026-40928
    — CVSS 5.4 (MEDIUM)

    WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/` accept state-changing requests via `$_REQUEST`/`$_GET` and persist changes tied to the caller's se…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 22, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com