Show Notes - 2026-04-03
Stories Covered
- Today:
- CVE-2026-3502 TrueConf Client Code Download Without Integrity Check [Critical Alerts]
- CVE-2025-55182 React2Shell Mass Credential Theft Campaign [Critical Alerts]
- Axios Supply Chain Attack Deploys Cross-Platform RAT [Critical Alerts]
- Akira Ransomware Achieves Encryption in Under One Hour [Ransomware & Extortion]
- Qilin EDR Killer Disables 300+ Security Products [Ransomware & Extortion]
- AI-Enabled BEC Fraud Reaches 54% Click-Through Rate [Ransomware & Extortion]
- Insider Extortion Attempt Locks 254 Servers [Ransomware & Extortion]
- NEXUS Listener Framework (CVE-2025-55182 Campaign) [IOCs & Detection]
- Axios Supply Chain Attack (WAVESHAPER.V2 RAT) [IOCs & Detection]
- Qilin Ransomware EDR Killer [IOCs & Detection]
- vSphere BRICKSTORM Malware Targets Virtualization Layer [Business & Infrastructure Threats]
- Cisco Source Code Theft via Malicious GitHub Action [Business & Infrastructure Threats]
- Cookie-Controlled PHP Webshells in Linux Hosting [Business & Infrastructure Threats]
- Mercor Hit by LiteLLM Supply Chain Attack [Business & Infrastructure Threats]
- Hasbro Attack Remediation May Take Weeks [Business & Infrastructure Threats]
- Microsoft Force-Upgrades Windows 11 24H2 to 25H2 [Windows / AD Security]
- Identity-Based Attacks Dominate Threat Landscape [Windows / AD Security]
- Azure Vulnerabilities Allow Privilege Escalation and Information Disclosure [Windows / AD Security]
- US Bans All Foreign-Made Consumer Routers [General Security News]
- Russia Tightening ISP Requirements to Force Small Providers Off Market [General Security News]
- Newspaper Archive Service Disrupted by Cyberattack [General Security News]
- Python and PostgreSQL Growth Reflects AI-Driven Development [General Security News]
- CVE-2026-20093 and CVE-2026-20160 Cisco Critical Authentication Bypass and RCE [Vulnerability Disclosures]
- CVE-2025-30208 Vite File System Access Bypass [Vulnerability Disclosures]
- CVE-2025-10492 Hitachi Energy Ellipse Jasper Report RCE [Vulnerability Disclosures]
- CVE-2026-27663 and CVE-2026-27664 Siemens SICAM 8 Denial of Service [Vulnerability Disclosures]
- CVE-2025-7741 Yokogawa CENTUM VP Hardcoded Password [Vulnerability Disclosures]
- CVE-2026-34073 Cryptography Library DNS Name Constraint Enforcement [Vulnerability Disclosures]
- Chromium Vulnerabilities in Microsoft Edge [Vulnerability Disclosures]
CVEs Referenced
CVE-2025-10492, CVE-2025-30208, CVE-2025-55182, CVE-2025-7741, CVE-2026-20093, CVE-2026-20160, CVE-2026-26135, CVE-2026-27663, CVE-2026-27664, CVE-2026-32173, CVE-2026-32213, CVE-2026-34073, CVE-2026-3502, CVE-2026-5276, CVE-2026-5277, CVE-2026-5279, CVE-2026-5283, CVE-2026-5289
Indicators of Compromise
Domains:
sfrclak[.]com, 206[.]73
Fler avsnitt av Cyber Threat Brief
Visa alla avsnitt av Cyber Threat BriefCyber Threat Brief med Carolina Clear Tech, LLC finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.
