[webapps] RomM 4.4.0 - XSS_CSRF Chain

RomM 4.4.0 - XSS_CSRF Chain
https://www.exploit-db.com/exploits/52505

[webapps] Jumbo Website Manager - Remote Code Execution

Jumbo Website Manager - Remote Code Execution
https://www.exploit-db.com/exploits/52504

[local] ZSH 5.9 - RCE

ZSH 5.9 - RCE
https://www.exploit-db.com/exploits/52503

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk.
"This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender
https://thehackernews.com/2026/04/engagelab-sdk-flaw-exposed-50m-android.html

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook.
"LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and
https://thehackernews.com/2026/04/uat-10362-targets-taiwanese-ngos-with.html

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't.
This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in
https://thehackernews.com/2026/04/threatsday-bulletin-hybrid-p2p-botnet.html

The Hidden Security Risks of Shadow AI in Enterprises

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creating new blind spots in what is known as shadow AI. While similar to the phenomenon of
https://thehackernews.com/2026/04/the-hidden-security-risks-of-shadow-ai.html

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025.
The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact ("Invoice540.pdf") first appeared on the VirusTotal platform on November 28, 2025. A second
https://thehackernews.com/2026/04/adobe-reader-zero-day-exploited-via.html

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX.
Two of the targets included prominent Egyptian journalists and government critics, Mostafa
https://thehackernews.com/2026/04/bitter-linked-hack-for-hire-campaign.html

Russia's 'Fancy Bear' APT Continues Its Global Onslaught

Victims don't need to match the cybercrime group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.
https://www.darkreading.com/threat-intelligence/russias-fancy-bear-apt-continues-global-onslaught

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

Under the alias 'Chaotic Eclipse,' a researcher released a PoC exploit for a zero-day flaw that allows for system takeover by a local user, citing an undisclosed beef with Microsoft.
https://www.darkreading.com/vulnerabilities-threats/bluehammer-windows-exploit-microsoft-bug-disclosure-issues

Do Ceasefires Slow Cyberattacks? History Suggests Not

The cybersecurity community is waiting with bated breath to see if Iranian hackers will honor a ceasefire that doesn't actually name or directly involve them.
https://www.darkreading.com/cybersecurity-analytics/ceasefires-slow-cyberattacks-history

Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers

Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
https://www.darkreading.com/threat-intelligence/russia-forest-blizzard-logins-soho-routers

Saskatoon Man Charged With Darknet Drug Trafficking After Police Seize Crypto, Narcotics and 130TB of Data

Saskatoon Man Charged With Darknet Drug Trafficking After Police Seize Crypto, Narcotics and 130TB of Data
https://darkwebinformer.com/saskatoon-man-charged-with-darknet-drug-trafficking-after-police-seize-crypto-narcotics-and-130tb-of-data/

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]
https://www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security

Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]
https://www.bleepingcomputer.com/news/security/analysis-of-one-billion-cisa-kev-remediation-records-exposes-limits-of-human-scale-security/

CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]
https://www.bleepingcomputer.com/news/security/supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor/

Microsoft: Canadian employees targeted in payroll pirate attacks

A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-canadian-employees-targeted-in-payroll-pirate-attacks/

Google rolls out Gmail end-to-end encryption on mobile devices

Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]
https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

Other noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware.
The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek.
https://www.securityweek.com/in-other-news-cyberattack-stings-stryker-windows-zero-day-china-supercomputer-hack/

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

A critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device.
The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/juniper-networks-patches-dozens-of-junos-os-vulnerabilities/