CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog
[webapps] FortiWeb 8.0.2 - Remote Code Execution
FortiWeb 8.0.2 - Remote Code Execution
https://www.exploit-db.com/exploits/52502
FortiWeb 8.0.2 - Remote Code Execution
https://www.exploit-db.com/exploits/52502
Exploit Database
FortiWeb 8.0.2 - Remote Code Execution
FortiWeb 8.0.2 - Remote Code Execution. CVE-2025-64446 . webapps exploit for Multiple platform
[local] 7-Zip 24.00 - Directory Traversal
7-Zip 24.00 - Directory Traversal
https://www.exploit-db.com/exploits/52501
7-Zip 24.00 - Directory Traversal
https://www.exploit-db.com/exploits/52501
Exploit Database
7-Zip 24.00 - Directory Traversal
7-Zip 24.00 - Directory Traversal. CVE-2025-11001 . local exploit for Multiple platform
[local] SQLite 3.50.1 - Heap Overflow
SQLite 3.50.1 - Heap Overflow
https://www.exploit-db.com/exploits/52499
SQLite 3.50.1 - Heap Overflow
https://www.exploit-db.com/exploits/52499
Exploit Database
SQLite 3.50.1 - Heap Overflow
SQLite 3.50.1 - Heap Overflow. CVE-2025-6965 . local exploit for Windows platform
[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
Microsoft MMC MSC EvilTwin - Local Admin Creation
https://www.exploit-db.com/exploits/52498
Microsoft MMC MSC EvilTwin - Local Admin Creation
https://www.exploit-db.com/exploits/52498
Exploit Database
Microsoft MMC MSC EvilTwin - Local Admin Creation
Microsoft MMC MSC EvilTwin - Local Admin Creation. CVE-2025-26633 . local exploit for Windows platform
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure.
"Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices," Darktrace said in a new report.
https://thehackernews.com/2026/04/new-chaos-variant-targets-misconfigured.html
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure.
"Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices," Darktrace said in a new report.
https://thehackernews.com/2026/04/new-chaos-variant-targets-misconfigured.html
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks.
Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures.
"Built for
https://thehackernews.com/2026/04/masjesu-botnet-emerges-as-ddos-for-hire.html
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks.
Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures.
"Built for
https://thehackernews.com/2026/04/masjesu-botnet-emerges-as-ddos-for-hire.html
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX.
"PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro
https://thehackernews.com/2026/04/apt28-deploys-prismex-malware-in.html
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX.
"PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro
https://thehackernews.com/2026/04/apt28-deploys-prismex-malware-in.html
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity
Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.
The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and
https://thehackernews.com/2026/04/shrinking-iam-attack-surface-through.html
The Fragmented State of Modern Enterprise Identity
Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.
The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and
https://thehackernews.com/2026/04/shrinking-iam-attack-surface-through.html
Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities.
The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,&
https://thehackernews.com/2026/04/anthropics-claude-mythos-finds.html
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities.
The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,&
https://thehackernews.com/2026/04/anthropics-claude-mythos-finds.html
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems.
"The threat actor's packages were designed to impersonate legitimate developer tooling [...], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated
https://thehackernews.com/2026/04/n-korean-hackers-spread-1700-malicious.html
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems.
"The threat actor's packages were designed to impersonate legitimate developer tooling [...], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated
https://thehackernews.com/2026/04/n-korean-hackers-spread-1700-malicious.html
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday.
"These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial
https://thehackernews.com/2026/04/iran-linked-hackers-disrupt-us-critical.html
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday.
"These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial
https://thehackernews.com/2026/04/iran-linked-hackers-disrupt-us-critical.html
Threat Actors Get Crafty With Emojis to Escape Detection
When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.
https://www.darkreading.com/cyber-risk/emojis-power-covert-threat-actor-communications
When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.
https://www.darkreading.com/cyber-risk/emojis-power-covert-threat-actor-communications
Dark Reading
Threat Actors Get Crafty With Emojis to Escape Detection
When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.
https://www.darkreading.com/application-security/ai-led-remediation-crisis-prompts-hackerone-pause-bug-bounties
Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.
https://www.darkreading.com/application-security/ai-led-remediation-crisis-prompts-hackerone-pause-bug-bounties
Dark Reading
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.
Fraud Rockets Higher in Mobile-First Latin America
Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.
https://www.darkreading.com/cyberattacks-data-breaches/fraud-mobile-first-latin-america
Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.
https://www.darkreading.com/cyberattacks-data-breaches/fraud-mobile-first-latin-america
Dark Reading
Fraud Rockets Higher in Mobile-First Latin America
Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.
Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus
https://www.darkreading.com/cybersecurity-operations/full-sail-university-ibm-cyber-defense-range-aws-cloud-range
https://www.darkreading.com/cybersecurity-operations/full-sail-university-ibm-cyber-defense-range-aws-cloud-range
Dark Reading
Full Sail University to Open IBM Cyber Defense Range
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
https://www.darkreading.com/remote-workforce/pluralsight-launches-secureready-cybersecurity-teams
https://www.darkreading.com/remote-workforce/pluralsight-launches-secureready-cybersecurity-teams
Dark Reading
Pluralsight Launches SecureReady to Build Cybersecurity Teams
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
Attackers compromised Internet-facing OT devices and caused file and display manipulation, operational disruption, and financial losses across sectors.
https://www.darkreading.com/ics-ot-security/iranian-threat-actors-us-critical-infrastructure-exposed-plcs
Attackers compromised Internet-facing OT devices and caused file and display manipulation, operational disruption, and financial losses across sectors.
https://www.darkreading.com/ics-ot-security/iranian-threat-actors-us-critical-infrastructure-exposed-plcs
Dark Reading
Iran Disrupts US Critical Infrastructure Via Exposed PLCs
Attackers compromised Internet-facing OT devices and caused file and display manipulation, operational disruption, and financial losses across sectors.