Show Notes - 2026-04-23
Stories Covered
- Today:
- Microsoft Defender Insufficient Granularity of Access Control (CVE-2026-33825) [Critical Alerts]
- Checkmarx Supply Chain Compromise: Docker Images and VS Code Extensions Poisoned [Critical Alerts]
- ASP.NET Core DataProtection Cryptographic Signature Bypass (CVE-2026-40372) [Critical Alerts]
- Kyber Ransomware Implements Post-Quantum Encryption on Windows [Ransomware & Extortion]
- "The Gentlemen" Ransomware Group Rapidly Scales Operations [Ransomware & Extortion]
- BlueLeaks 2.0: Navigate360 Breach Exposes 8.3M Anonymous Tips [Ransomware & Extortion]
- CanisterSprawl: Self-Propagating npm Supply Chain Worm [Business & Infrastructure Threats]
- LiteLLM, Axios, and CPU-Z Supply Chain Attacks Stopped by Behavioral Detection [Business & Infrastructure Threats]
- SBOM Data Struggles: Are SBOMs Failing? [Business & Infrastructure Threats]
- Mirai Botnet Targets Discontinued D-Link Routers [Business & Infrastructure Threats]
- Malicious npm and PyPI Packages Deploy LLM Proxy Infrastructure [Business & Infrastructure Threats]
- Xinference Python Package Compromised by Credential Stealer [Business & Infrastructure Threats]
- UK NCSC Endorses Passkeys, Recommends Moving Away from Passwords [General Security News]
- Microsoft Teams Introduces Efficiency Mode for Constrained Hardware [General Security News]
- Firefox and Thunderbird 150 Released [General Security News]
- CVE-2026-6507: Dnsmasq DHCP Bootreply Out-of-Bounds Write [Vulnerability Disclosures]
- CVE-2026-3219: pip Concatenated Archive Vulnerability [Vulnerability Disclosures]
- Linux Kernel CVEs (ksmbd, ext4, xfs, CAN, SCSI, DRM, dmaengine, netfilter, Bluetooth) [Vulnerability Disclosures]
- CVE-2026-27820, CVE-2026-5928, CVE-2026-35239, CVE-2026-22005: Various Buffer Overflow and Memory Issues [Vulnerability Disclosures]
CVEs Referenced
CVE-2026-22005, CVE-2026-27820, CVE-2026-31432, CVE-2026-31439, CVE-2026-31441, CVE-2026-31444, CVE-2026-31448, CVE-2026-31450, CVE-2026-31452, CVE-2026-31454, CVE-2026-31455, CVE-2026-31461, CVE-2026-31464, CVE-2026-31474, CVE-2026-31476, CVE-2026-31477, CVE-2026-31478, CVE-2026-31480, CVE-2026-31495, CVE-2026-31502, CVE-2026-31512, CVE-2026-31530, CVE-2026-3219, CVE-2026-33825, CVE-2026-35239, CVE-2026-40372, CVE-2026-5928, CVE-2026-6507
Indicators of Compromise
Domains:
checkmarx[.]cx, api-monitor[.]com, icp0[.]io
Fler avsnitt av Cyber Threat Brief
Visa alla avsnitt av Cyber Threat BriefCyber Threat Brief med Carolina Clear Tech, LLC finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.
