📰 DAILY THREAT BRIEFING
Thursday, April 23, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 23, 2026.

  1. Apple fixes iOS bug that retained deleted notification data
    — Bleeping Computer

    Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notificatio…
  2. 'The Gentlemen' Rapidly Rises to Ransomware Prominence
    — Dark Reading

    Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its…
  3. New Mirai campaign exploits RCE flaw in EoL D-Link routers
    — Bleeping Computer

    A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link D…
  4. Kyber ransomware gang toys with post-quantum encryption on Windows
    — Bleeping Computer

    A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyb…
  5. Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
    — The Hacker News

    Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert publish…
  6. Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
    — The Hacker News

    Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm t…
  7. Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
    — The Hacker News

    The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targ…
  8. DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
    — Dark Reading

    A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.
  9. When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
    — Unit 42

    Unit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabili…
  10. ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  11. [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
    — SANS ISC

    [This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity…
  12. Ransomware Negotiator Pleads Guilty to BlackCat Scheme
    — Dark Reading

    A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6513 in last 30 days).
Critical: 3 · High: 10 · Medium: 6 · Low: 1. View full dashboard →

  1. CVE-2026-41455
    — CVSS 8.5 (HIGH)

    WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers …
  2. CVE-2026-41454
    — CVSS 8.3 (HIGH)

    WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Att…
  3. CVE-2026-41177
    — CVSS 5.5 (MEDIUM)

    Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The application fails t…
  4. CVE-2026-41175
    — CVSS 8.1 (HIGH)

    Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could r…
  5. CVE-2026-40517
    — CVSS 7.8 (HIGH)

    radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in…
  6. CVE-2026-41167
    — CVSS 9.1 (CRITICAL)

    Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strin…
  7. CVE-2026-41166
    — CVSS 7.0 (HIGH)

    OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, in…
  8. CVE-2026-40937
    — CVSS 8.3 (HIGH)

    RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validat…
  9. CVE-2026-40882
    — CVSS 7.6 (HIGH)

    OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import…
  10. CVE-2026-34068
    — CVSS 6.8 (MEDIUM)

    nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts `UpdateValidator` transactions that set `new_voting_key=Some(…)` whil…
  11. CVE-2026-34067
    — CVSS 3.1 (LOW)

    nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed proof where `history.len() != positions.len()` due …
  12. CVE-2026-33733
    — CVSS 7.2 (HIGH)

    EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template pat…
  13. CVE-2026-33656
    — CVSS 9.1 (CRITICAL)

    EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to …
  14. CVE-2026-34066
    — CVSS 5.3 (MEDIUM)

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_numbe…
  15. CVE-2026-34065
    — CVSS 7.5 (HIGH)

    nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro …
  16. CVE-2026-34064
    — CVSS 5.3 (MEDIUM)

    nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, b…
  17. CVE-2026-34063
    — CVSS 7.5 (HIGH)

    Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbou…
  18. CVE-2026-34062
    — CVSS 5.3 (MEDIUM)

    nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partia…
  19. CVE-2026-33471
    — CVSS 9.6 (CRITICAL)

    nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u1…
  20. CVE-2026-41469
    — CVSS 5.2 (MEDIUM)

    Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbo…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 23, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com