📰 DAILY THREAT BRIEFING
Friday, April 24, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 24, 2026.

  1. ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  2. Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
    — Dark Reading

    The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimolog…
  3. Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
    — Dark Reading

    The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for on…
  4. Hackers exploit file upload bug in Breeze Cache WordPress plugin
    — Bleeping Computer

    Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on t…
  5. China-Backed Hackers Are Industrializing Botnets
    — Dark Reading

    China's state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable wa…
  6. Frontier AI and the Future of Defense: Your Top Questions Answered
    — Unit 42

    What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking. The post F…
  7. Bitwarden CLI npm package compromised to steal developer credentials
    — Bleeping Computer

    The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealin…
  8. Trigona ransomware attacks use custom exfiltration tool to steal data
    — Bleeping Computer

    Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and mo…
  9. UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
    — The Hacker News

    A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Tea…
  10. Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
    — The Hacker News

    Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings fr…
  11. ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
    — The Hacker News

    You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small ch…
  12. Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
    — SANS ISC

    Apple yesterday released iOS/iPadOS 26.4.2 and iOS/iPadOS 18.7.8. This update fixes a single Notification Services vulnerability, CVE-2026-2…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6373 in last 30 days).
Critical: 0 · High: 9 · Medium: 11 · Low: 0. View full dashboard →

  1. CVE-2026-6947
    — CVSS 7.5 (HIGH)

    DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain …
  2. CVE-2026-6393
    — CVSS 4.3 (MEDIUM)

    The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relie…
  3. CVE-2026-5488
    — CVSS 5.3 (MEDIUM)

    The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get_ads_acc…
  4. CVE-2026-41485
    — CVSS 7.7 (HIGH)

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user with permission to creat…
  5. CVE-2026-41324
    — CVSS 7.5 (HIGH)

    basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised…
  6. CVE-2026-41323
    — CVSS 8.1 (HIGH)

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission contr…
  7. CVE-2026-41319
    — CVSS 6.5 (MEDIUM)

    MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses …
  8. CVE-2026-41318
    — CVSS 5.4 (MEDIUM)

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for i…
  9. CVE-2026-41068
    — CVSS 7.7 (HIGH)

    Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. H…
  10. CVE-2026-2028
    — CVSS 5.3 (MEDIUM)

    The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in all versions up to, and inclu…
  11. CVE-2026-41316
    — CVSS 8.1 (HIGH)

    ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object i…
  12. CVE-2026-41309
    — CVSS 8.2 (HIGH)

    Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pix…
  13. CVE-2026-41305
    — CVSS 6.1 (MEDIUM)

    PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when stringifying CSS ASTs.…
  14. CVE-2026-40254
    — CVSS 4.2 (MEDIUM)

    FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()` function catches …
  15. CVE-2026-33318
    — CVSS 8.8 (HIGH)

    Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three we…
  16. CVE-2026-33317
    — CVSS 8.7 (HIGH)

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entr…
  17. CVE-2026-32952
    — CVSS 5.3 (MEDIUM)

    go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `…
  18. CVE-2026-31956
    — CVSS 4.3 (MEDIUM)

    Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/r…
  19. CVE-2026-31955
    — CVSS 4.9 (MEDIUM)

    Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.4.1 allow…
  20. CVE-2026-31953
    — CVSS 6.4 (MEDIUM)

    Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 allows an authenticat…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 24, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com