📰 DAILY THREAT BRIEFING
Saturday, April 25, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of April 25, 2026.

  1. ADT confirms data breach after ShinyHunters leak threat
    — Bleeping Computer

    Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is…
  2. The npm Threat Landscape: Attack Surface and Mitigations
    — Unit 42

    Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The…
  3. Firestarter malware survives Cisco firewall updates, security patches
    — Bleeping Computer

    Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure F…
  4. TGR-STA-1030: New Activity in Central and South America
    — Unit 42

    Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New A…
  5. Windows Update gets new controls to reduce forced restarts
    — Bleeping Computer

    Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption …
  6. FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
    — The Hacker News

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower devi…
  7. US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
    — Dark Reading

    Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.
  8. Glasswing Secured the Code. The Rest of Your Stack Is Still on You
    — Dark Reading

    Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to ta…
  9. NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
    — The Hacker News

    The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national p…
  10. AI Phishing Is No. 1 With a Bullet for Cyberattackers
    — Dark Reading

    In the past six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to …
  11. Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
    — The Hacker News

    The AI Agent Authority Gap – From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in …
  12. ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6099 in last 30 days).
Critical: 4 · High: 7 · Medium: 8 · Low: 1. View full dashboard →

  1. CVE-2026-42171
    — CVSS 7.8 (HIGH)

    NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return …
  2. CVE-2026-41488
    — CVSS 3.1 (LOW)

    LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF…
  3. CVE-2026-41481
    — CVSS 6.5 (MEDIUM)

    LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters
    1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe_url() but th…
  4. CVE-2026-41478
    — CVSS 9.9 (CRITICAL)

    Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privile…
  5. CVE-2026-41248
    — CVSS 9.1 (CRITICAL)

    Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middl…
  6. CVE-2026-6968
    — CVSS 5.9 (MEDIUM)

    Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy…
  7. CVE-2026-6967
    — CVSS 5.9 (MEDIUM)

    Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integ…
  8. CVE-2026-6966
    — CVSS 5.3 (MEDIUM)

    Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplic…
  9. CVE-2026-41477
    — CVSS 7.8 (HIGH)

    Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands wit…
  10. CVE-2026-41433
    — CVSS 8.4 (HIGH)

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workloa…
  11. CVE-2026-41429
    — CVSS 8.8 (HIGH)

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path…
  12. CVE-2026-41428
    — CVSS 9.1 (CRITICAL)

    Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url i…
  13. CVE-2026-41426
    — CVSS 6.1 (MEDIUM)

    pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown li…
  14. CVE-2026-41425
    — CVSS 5.4 (MEDIUM)

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in…
  15. CVE-2026-41244
    — CVSS 4.7 (MEDIUM)

    Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 integrity seal during t…
  16. CVE-2026-41492
    — CVSS 9.8 (CRITICAL)

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via…
  17. CVE-2026-41421
    — CVSS 8.8 (HIGH)

    SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg a…
  18. CVE-2026-41419
    — CVSS 7.6 (HIGH)

    4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as bo…
  19. CVE-2026-41418
    — CVSS 5.3 (MEDIUM)

    4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint (POST /api/access-tokens). When an invalid usern…
  20. CVE-2026-41414
    — CVSS 7.4 (HIGH)

    Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIM_RS_BOT…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · April 25, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com