📰 DAILY THREAT BRIEFING
Friday, April 24, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 24, 2026.

  1. Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
    — Dark Reading

    The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for on…
  2. Hackers exploit file upload bug in Breeze Cache WordPress plugin
    — Bleeping Computer

    Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on t…
  3. China-Backed Hackers Are Industrializing Botnets
    — Dark Reading

    China's state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable wa…
  4. Frontier AI and the Future of Defense: Your Top Questions Answered
    — Unit 42

    What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking. The post F…
  5. Bitwarden CLI npm package compromised to steal developer credentials
    — Bleeping Computer

    The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealin…
  6. Trigona ransomware attacks use custom exfiltration tool to steal data
    — Bleeping Computer

    Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and mo…
  7. UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
    — The Hacker News

    A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Tea…
  8. Bad Memories Still Haunt AI Agents
    — Dark Reading

    Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will …
  9. Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
    — The Hacker News

    Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings fr…
  10. ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
    — The Hacker News

    You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small ch…
  11. Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
    — SANS ISC

    Apple yesterday released iOS/iPadOS 26.4.2 and iOS/iPadOS 18.7.8. This update fixes a single Notification Services vulnerability, CVE-2026-2…
  12. Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System
    — Unit 42

    Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proacti…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6437 in last 30 days).
Critical: 5 · High: 7 · Medium: 8 · Low: 0. View full dashboard →

  1. CVE-2026-40630
    — CVSS 9.8 (CRITICAL)

    A vulnerability in 
    SenseLive

    X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device …

  2. CVE-2026-40623
    — CVSS 8.1 (HIGH)

    A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement …
  3. CVE-2026-40620
    — CVSS 9.8 (CRITICAL)

    A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The servi…
  4. CVE-2026-40431
    — CVSS 5.3 (MEDIUM)

    A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and con…
  5. CVE-2026-39462
    — CVSS 8.1 (HIGH)

    A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a facto…
  6. CVE-2026-35503
    — CVSS 9.8 (CRITICAL)

    A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-sid…
  7. CVE-2026-35064
    — CVSS 7.5 (HIGH)

    A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and ma…
  8. CVE-2026-31952
    — CVSS 7.6 (HIGH)

    Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS re…
  9. CVE-2026-29051
    — CVSS 4.4 (MEDIUM)

    melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint –persist-lint-results` (opt-in flag, also usable via `melange build –persist…
  10. CVE-2026-29050
    — CVSS 6.1 (MEDIUM)

    melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-requ…
  11. CVE-2026-27843
    — CVSS 9.1 (CRITICAL)

    A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or d…
  12. CVE-2026-27841
    — CVSS 8.1 (HIGH)

    A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce serv…
  13. CVE-2026-25775
    — CVSS 9.8 (CRITICAL)

    A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests fr…
  14. CVE-2026-25720
    — CVSS 5.4 (MEDIUM)

    A vulnerability exists in SenseLive

    X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentica…

  15. CVE-2026-1789
    — CVSS 4.9 (MEDIUM)

    A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small offic…
  16. CVE-2026-6732
    — CVSS 6.5 (MEDIUM)

    A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit t…
  17. CVE-2026-41361
    — CVSS 7.1 (HIGH)

    OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to byp…
  18. CVE-2026-41360
    — CVSS 6.7 (MEDIUM)

    OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution …
  19. CVE-2026-41359
    — CVSS 7.1 (HIGH)

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endp…
  20. CVE-2026-41358
    — CVSS 5.4 (MEDIUM)

    OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user repl…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 24, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com