https://cybermedics.journoportfolio.comRSS Feed for CM-SECenThu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.htmlA critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal," according to a description of the flaw in CVE.org. Developed by Cohere AI as an open-source project, Terrarium is...Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.htmlhttps://thehackernews.com/2026/04/mustang-pandas-new-lotuslite-variant.htmlCybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than financially motivated objectives," Acronis researchers Subhajeet Singha and Santiago Pontiroli said in an ana...Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/mustang-pandas-new-lotuslite-variant.htmlhttps://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.htmlMicrosoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw. "Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network," Microsoft s...Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.htmlhttps://thehackernews.com/2026/04/toxic-combinations-when-cross-app.htmlOn January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents, stored in the same unencrypted table as the tokens needed to hijack the agent itself. This is the shape...Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.htmlhttps://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.htmlCybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky. "Two batch scripts are responsible for initiating the destructive phase of the attack and preparing the environment for executing the final wiper payload," th...Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.htmlhttps://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.htmlThe threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses," the Symantec and Carbon Black Threat Hunter Team said in a report shared with The Hacker News. The cybersecurity company said it identified artifa...Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.htmlhttps://thehackernews.com/2026/04/self-propagating-supply-chain-worm.htmlCybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data, in a tactic reminiscent of TeamPCP's CanisterWorm to make the infrastructure resilient to takedowns....Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.htmlhttps://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.htmlCybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The Docker repository has been archived as of writing. "Analysis of the poisoned image indicates that the...Thu, 23 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.htmlhttps://www.cisa.gov/news-events/alerts/2026/04/22/cisa-adds-one-known-exploited-vulnerability-catalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant r...Thu, 23 Apr 2026 00:00:00 +0100https://www.cisa.gov/news-events/alerts/2026/04/22/cisa-adds-one-known-exploited-vulnerability-cataloghttps://cybersecuritynews.com/checkmarx-kics-compromised/A significant supply chain attack targeting the official checkmarx/kics Docker Hub repository, where threat actors pushed trojanized images capable of harvesting and exfiltrating sensitive developer credentials and infrastructure secrets. Docker’s internal monitoring flagged suspicious activity around KICS image tags on April 22, 2026, and promptly alerted Socket researchers. The investigation revealed that attackers had overwritten existing tags, including v2.1.20 and alpine while also in...Thu, 23 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/checkmarx-kics-compromised/https://www.thecyberwire.com/podcasts/daily-podcast/2536/notesMythos leaks. The DOD preps a more aggressive cyber strategy. A former FBI cyber official urges homicide charges for hospital ransomware deaths. Lotus Wiper targeted the Venezuelan energy and utilities sector. Over 1,300 SharePoint servers remain unpatched against a spoofing vulnerability. The Harvester APT group deploys a new Linux version of its GoGra backdoor. A new LOTUSLITE backdoor targets India’s banking sector. The Mirai botnet exploits discontinued routers. Our guest is Brian Vecci, Fie...Wed, 22 Apr 2026 00:00:00 +0100https://www.thecyberwire.com/podcasts/daily-podcast/2536/noteshttps://www.exploit-db.com/exploits/52510The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerabl...Wed, 22 Apr 2026 00:00:00 +0100https://www.exploit-db.com/exploits/52510https://www.exploit-db.com/exploits/52511The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerabl...Wed, 22 Apr 2026 00:00:00 +0100https://www.exploit-db.com/exploits/52511https://www.exploit-db.com/exploits/52512The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerabl...Wed, 22 Apr 2026 00:00:00 +0100https://www.exploit-db.com/exploits/52512https://cybersecuritynews.com/emergency-net-10-0-7-update-patch/Microsoft has issued an emergency out-of-band (OOB) security update for .NET 10, releasing version 10.0.7 on April 21, 2026, to address a critical elevation of privilege vulnerability discovered in the Microsoft.AspNetCore.DataProtection NuGet package. The out-of-band release was prompted after customers began reporting decryption failures in their ASP.NET Core applications following the standard Patch Tuesday .NET 10.0.6 update. These issues were tracked publicly in ASP.NET Core issue #66...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/emergency-net-10-0-7-update-patch/https://cybersecuritynews.com/crowdstrike-logscale-vulnerability/CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to read arbitrary files directly from the server’s filesystem without authentication. The vulnerability resides in a specific cluster API endpoint within CrowdStrike LogScale. If this endpoint is exposed, a remote attacker can leverage it to traverse the server’s directory structur...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/crowdstrike-logscale-vulnerability/https://cybersecuritynews.com/1370-sharepoint-servers-vulnerable/A critical spoofing vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-32201, remains unpatched on over 1,370 internet-facing IP addresses worldwide, according to fresh scanning data from the Shadowserver Foundation, even as the flaw sits on CISA’s Known Exploited Vulnerabilities (KEV) catalog with confirmed active exploitation in the wild. CVE-2026-32201 is rooted in improper input validation (CWE-20) within Microsoft Office SharePoint Server’s request processing component. By...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/1370-sharepoint-servers-vulnerable/https://cybersecuritynews.com/bamboo-data-center-and-server-vulnerability-2/Atlassian has disclosed two significant security vulnerabilities affecting its Bamboo Data Center and Server product, including a critical OS command injection flaw and a high-severity denial-of-service issue tied to a third-party dependency. Organizations running affected versions are strongly urged to apply patches immediately. The most severe of the two vulnerabilities, tracked as CVE-2026-21571, carries a CVSS score of 9.4 (Critical) and affects Bamboo Data Center and Server across multip...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/bamboo-data-center-and-server-vulnerability-2/https://cybersecuritynews.com/sim-farm-as-a-service-network/A global investigation has uncovered an industrial-scale mobile proxy ecosystem powered by a shared control platform called ProxySmart, with 87 exposed control panels spanning 17 countries and at least 94 physical phone-farm locations enabling large-scale fraud, bot activity, and identity evasion at commercial scale. In February 2026, infrastructure intelligence firm Infrawatch investigated self-proclaimed “SIM Farm as a Service” offerings and identified the physical backbone behind them: rac...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/sim-farm-as-a-service-network/https://cybersecuritynews.com/compromised-namastex-npm-packages/A serious supply chain threat has surfaced in the npm ecosystem. Malicious versions of packages belonging to Namastex.ai have been found carrying CanisterWorm malware, a self-propagating backdoor that mirrors the attack style of the threat actor known as TeamPCP. The attack silently replaces legitimate package contents with infected code and continues spreading across every namespace the stolen credentials can reach. The campaign follows a pattern that has become a signature of TeamPCP op...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/compromised-namastex-npm-packages/https://cybersecuritynews.com/new-dindoor-backdoor-abuses-deno-runtime/A newly identified backdoor called DinDoor is using the legitimate Deno JavaScript runtime and MSI installer files to quietly slip past security defenses and compromise targeted systems. The malware, tracked as a variant of the Tsundere Botnet, relies on trusted, signed runtime environments instead of deploying standard compiled implants. This makes detection far more difficult in networks where tools like Deno are already allowlisted or not actively monitored. DinDoor is delivered to...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/new-dindoor-backdoor-abuses-deno-runtime/https://cybersecuritynews.com/phishing-defense-layer/Nine out of ten cyber attacks start with phishing. When an incident occurs, it’s often a person who’s held accountable: a compromised employee or a SOC analyst who missed a signal.  But in a corporate environment, this framing doesn’t always apply. If a single human mistake puts the entire company at stake, the real issue might be the lack of a specific phishing defense layer.  Its presence significantly lowers the odds of a breach happening and reduces the dependency on human judgment alo...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/phishing-defense-layer/https://cybersecuritynews.com/new-auraboros-rat-exposes-live-audio-streaming-keylogging/A previously undocumented remote access trojan (RAT) framework called Auraboros C2 has surfaced, exposing an alarming level of open access to victim data, live surveillance capabilities, and browser credential theft. The entire command-and-control (C2) dashboard operates over plain HTTP with no login, no token, and no authentication of any kind, making victim data accessible to anyone who can reach the server’s port. The malware’s C2 panel, hosted on a DigitalOcean server at IP address 17...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/new-auraboros-rat-exposes-live-audio-streaming-keylogging/https://cybersecuritynews.com/claude-mythos-271-zero-days/Anthropic’s latest frontier AI model, Claude Mythos Preview, has identified a staggering 271 zero-day vulnerabilities in Mozilla Firefox marking a seismic shift in AI-powered cybersecurity defense. The findings, addressed in Firefox 150, represent the most significant single batch of security fixes in the browser’s history. The discovery didn’t happen in isolation. Since February 2026, Mozilla’s Firefox security team has been collaborating with Anthropic to scan the browser’s codebase using f...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/claude-mythos-271-zero-days/https://cybersecuritynews.com/microsoft-warns-jasper-sleet-uses-fake-it-worker-identities/A North Korea-linked threat group is quietly getting hired by real companies. Jasper Sleet, a threat actor tied to North Korea, has been building fake professional identities and using them to land legitimate remote IT jobs, giving them direct access to cloud environments and sensitive internal data. The shift to remote and hybrid work after the COVID-19 pandemic changed how companies hire people. Organizations began relying heavily on online interviews, digital onboarding, and remote access...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/microsoft-warns-jasper-sleet-uses-fake-it-worker-identities/https://cybersecuritynews.com/hackers-use-lotus-wiper-to-destroy-drives/A newly discovered malware called Lotus Wiper has been used in a targeted destructive attack against the energy and utilities sector in Venezuela. Unlike ransomware, this threat does not ask for money or lock files for a ransom payment. Instead, it permanently destroys data, wipes entire drives, and leaves systems in a state from which recovery is simply not possible. The attack came to light against a backdrop of rising geopolitical tensions in the Caribbean region during late 2025 and e...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/hackers-use-lotus-wiper-to-destroy-drives/https://cybersecuritynews.com/cybercriminals-exploit-french-fintech-accounts/Organized fraud networks are now using a new method to move stolen money in France. They create fake business accounts on freelancer fintech platforms and use those accounts as mule accounts to launder funds quickly, often before anyone can trace the money. This is not a simple scam by one bad actor. It is a structured fraud operation built to avoid detection at every stage. Fintech platforms such as Revolut, Wise, and N26 offer fast, remote account opening, streamlined KYC, and business-...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/cybercriminals-exploit-french-fintech-accounts/https://cybersecuritynews.com/malicious-google-ads-target-crypto-users/Cybercriminals are now using Google’s own advertising platform to steal cryptocurrency from unsuspecting users. They place fake ads that look exactly like real links to popular crypto applications, and when users click on them, they land on websites designed to drain their wallets or trick them into giving away their secret recovery phrases. This type of attack is not new, but it has grown sharply in 2026. In March alone, activity reached a significant peak, with threat actors running fak...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/malicious-google-ads-target-crypto-users/https://cybersecuritynews.com/109-fake-github-repositories-used/A large-scale malware distribution campaign has been uncovered involving 109 fake GitHub repositories that were used to trick users into downloading two dangerous malware tools named SmartLoader and StealC. The campaign was carefully built around cloned versions of legitimate open-source projects, making it hard for everyday users to spot the difference between what was real and what was fake. The threat actor behind this campaign copied real GitHub projects, republished them under differ...Wed, 22 Apr 2026 00:00:00 +0100https://cybersecuritynews.com/109-fake-github-repositories-used/https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.htmlThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as follows - It's worth noting that CISA added CVE-2024-27198, another flaw impacting on-premise versions of JetBrains TeamCity, to the KEV catalog in March 2024. It's not known at this stage if both vulne...Wed, 22 Apr 2026 00:00:00 +0100https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html