📰 DAILY THREAT BRIEFING
Thursday, April 23, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 23, 2026.

  1. ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904, (Thu, Apr 23rd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  2. Apple fixes iOS bug that retained deleted notification data
    — Bleeping Computer

    Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notificatio…
  3. 'The Gentlemen' Rapidly Rises to Ransomware Prominence
    — Dark Reading

    Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its…
  4. New Mirai campaign exploits RCE flaw in EoL D-Link routers
    — Bleeping Computer

    A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link D…
  5. Kyber ransomware gang toys with post-quantum encryption on Windows
    — Bleeping Computer

    A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyb…
  6. Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
    — The Hacker News

    Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert publish…
  7. Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
    — The Hacker News

    Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm t…
  8. Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
    — The Hacker News

    The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targ…
  9. DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
    — Dark Reading

    A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.
  10. When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
    — Unit 42

    Unit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabili…
  11. ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
    — SANS ISC

    [This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6492 in last 30 days).
Critical: 4 · High: 5 · Medium: 11 · Low: 0. View full dashboard →

  1. CVE-2026-41231
    — CVSS 7.5 (HIGH)

    Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::…
  2. CVE-2026-41230
    — CVSS 8.5 (HIGH)

    Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. …
  3. CVE-2026-41229
    — CVSS 9.1 (CRITICAL)

    Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin w…
  4. CVE-2026-41228
    — CVSS 9.9 (CRITICAL)

    Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of availabl…
  5. CVE-2026-3361
    — CVSS 6.4 (MEDIUM)

    The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl_address' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output es…
  6. CVE-2026-3007
    — CVSS 5.4 (MEDIUM)

    Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature.
  7. CVE-2026-3844
    — CVSS 9.8 (CRITICAL)

    The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it po…
  8. CVE-2026-2951
    — CVSS 5.4 (MEDIUM)

    The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input sanitization and…
  9. CVE-2026-41679
    — CVSS 10.0 (CRITICAL)

    Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessibl…
  10. CVE-2026-41208
    — CVSS 8.8 (HIGH)

    Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker…
  11. CVE-2026-41182
    — CVSS 5.3 (MEDIUM)

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutp…
  12. CVE-2026-41180
    — CVSS 7.5 (HIGH)

    PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the down…
  13. CVE-2026-1923
    — CVSS 6.4 (MEDIUM)

    The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitizatio…
  14. CVE-2026-6878
    — CVSS 5.6 (MEDIUM)

    A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely.…
  15. CVE-2026-6874
    — CVSS 4.3 (MEDIUM)

    A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance …
  16. CVE-2026-5935
    — CVSS 7.3 (HIGH)

    IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validati…
  17. CVE-2026-5926
    — CVSS 6.5 (MEDIUM)

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.…
  18. CVE-2026-4919
    — CVSS 4.8 (MEDIUM)

    IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia…
  19. CVE-2026-4918
    — CVSS 5.5 (MEDIUM)

    IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p…
  20. CVE-2026-4917
    — CVSS 4.9 (MEDIUM)

    IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary …

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 23, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com