📰 DAILY THREAT BRIEFING
Thursday, April 23, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 23, 2026.

  1. ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904, (Thu, Apr 23rd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  2. Apple fixes bug that let the FBI recover deleted Signal messages
    — Bleeping Computer

    Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notificatio…
  3. 'The Gentlemen' Rapidly Rises to Ransomware Prominence
    — Dark Reading

    Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its…
  4. New Mirai campaign exploits RCE flaw in EoL D-Link routers
    — Bleeping Computer

    A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link D…
  5. Kyber ransomware gang toys with post-quantum encryption on Windows
    — Bleeping Computer

    A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyb…
  6. Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
    — The Hacker News

    Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert publish…
  7. Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
    — The Hacker News

    Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm t…
  8. Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
    — The Hacker News

    The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targ…
  9. DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
    — Dark Reading

    A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.
  10. When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
    — Unit 42

    Unit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabili…
  11. ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
    — SANS ISC

    [This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6474 in last 30 days).
Critical: 4 · High: 4 · Medium: 11 · Low: 1. View full dashboard →

  1. CVE-2026-41990
    — CVSS 4.0 (MEDIUM)

    Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
  2. CVE-2026-41989
    — CVSS 6.7 (MEDIUM)

    Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
  3. CVE-2026-41988
    — CVSS 3.2 (LOW)

    uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.
  4. CVE-2026-41233
    — CVSS 5.4 (MEDIUM)

    Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have t…
  5. CVE-2026-41232
    — CVSS 5.0 (MEDIUM)

    Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email ad…
  6. CVE-2026-40529
    — CVSS 4.7 (MEDIUM)

    CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface.
  7. CVE-2026-41231
    — CVSS 7.5 (HIGH)

    Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::…
  8. CVE-2026-41230
    — CVSS 8.5 (HIGH)

    Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. …
  9. CVE-2026-41229
    — CVSS 9.1 (CRITICAL)

    Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin w…
  10. CVE-2026-41228
    — CVSS 9.9 (CRITICAL)

    Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of availabl…
  11. CVE-2026-3361
    — CVSS 6.4 (MEDIUM)

    The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl_address' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output es…
  12. CVE-2026-3007
    — CVSS 5.4 (MEDIUM)

    Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature.
  13. CVE-2026-3844
    — CVSS 9.8 (CRITICAL)

    The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it po…
  14. CVE-2026-2951
    — CVSS 5.4 (MEDIUM)

    The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input sanitization and…
  15. CVE-2026-41679
    — CVSS 10.0 (CRITICAL)

    Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessibl…
  16. CVE-2026-41208
    — CVSS 8.8 (HIGH)

    Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker…
  17. CVE-2026-41182
    — CVSS 5.3 (MEDIUM)

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutp…
  18. CVE-2026-41180
    — CVSS 7.5 (HIGH)

    PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the down…
  19. CVE-2026-1923
    — CVSS 6.4 (MEDIUM)

    The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitizatio…
  20. CVE-2026-6878
    — CVSS 5.6 (MEDIUM)

    A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely.…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 23, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com