CybrPulse

Cisco IMC — CVE-2026-20093, CVSS 9.8: unauthenticated remote attacker can bypass auth and reset any user's password, including admin, via crafted HTTP request. Affects UCS C-Series, Catalyst 8300, 5000 ENCS. Patch is out. thehackernews.com/2026/04/cisco-…

UNC1069 (DPRK-nexus) isn't done after Axios. Still running social engineering against maintainers of Fastify, dotenv, mocha, and Lodash. Combined: billions of monthly downloads at risk. Socket's CEO and Node.js TSC Chair were both targeted. thehackernews.com/2026/04/unc106… #infosec

CERT-EU confirmed: the Trivy supply chain attack on March 19 handed attackers an AWS API key that accessed 42 European Commission internal clients and 29+ other EU entities. Supply chain security is now a geopolitical problem. helpnetsecurity.com/2026/04/03/eur… #infosec

CVE-2026-35616 (CVSS 9.1) in Fortinet FortiClient EMS: unauthenticated API auth bypass leads to full RCE, no user interaction required. Affects 7.4.5 and 7.4.6 only. Emergency hotfix out, active exploitation confirmed by Fortinet. Patch now. cybersecuritynews.com/fortinet-forti… #infosec

TA416 (China-aligned) ended a 2-year pause to resume EU/NATO espionage mid-2025, now expanding to Middle East. Chain: web bug recon → fake Entra ID OAuth pages → PlugX via DLL sideloading. Timed with EU-China summit + Ukraine/Iran tensions.

CVE-2026-5281 in Chrome's Dawn component is being actively exploited — potential RCE. Patch is out. This is Chrome's 4th zero-day fixed in 2026. If you manage endpoints, push the update. Don't wait on end-users.

DPRK stole $280M from Drift Protocol on April 1. No exploit, no bug. 7 days of pre-staged multisig manipulation, then instant admin seizure. Elliptic + TRM Labs confirmed North Korean on-chain tradecraft. bleepingcomputer.com/news/security/… #cybersecurity

CVE-2025-55182 in React Server Components gives unauthenticated RCE. Talos tracked UAT-10608 hitting 766 Next.js servers in 24 hours, fully automated via Shodan. Targets: env vars, K8s tokens, cloud metadata. blog.talosintelligence.com/uat-10608-insi… #infosec

CVE-2026-5281: use-after-free in Chrome's WebGPU Dawn component, actively exploited in the wild. Fourth Chrome zero-day Google has patched this year. CISA added it to KEV. Patch now. thehackernews.com/2026/04/new-ch… #infosec

CVE-2026-25075 in strongSwan: present since v4.5.0 (2011). Unauthenticated crash of the IKE daemon via crafted EAP-TTLS message. No auth required. Multiple reports hitting our feeds this week. Patch: 6.0.5. Check for embedded instances in appliances.

Android rootkit (NoVoice) made it onto Google Play with 22 exploits packed in. 2.3M devices compromised — no visible alerts, no user suspicion triggered. Device control, not just data theft. cybersecuritynews.com/novoice-on-goo…

ShinyHunters published an April 3 extortion deadline after cloning 300+ private Cisco repos via the Trivy supply chain breach. Cisco AI Defense source code plus customer bank and gov agency code. bleepingcomputer.com/news/security/… #infosec

CVE-2026-2699 + CVE-2026-2701 in Progress ShareFile chain to pre-auth RCE. watchtowr published full details today. ~30,000 internet-facing installs at risk. Patch now. labs.watchtowr.com/youre-not-supp… #infosec

Qilin ransomware is deploying msimg32.dll to kill 300+ EDR drivers via API/syscall bypass before detonating. Talos has the full infection chain today. One EDR product is not a defense strategy. blog.talosintelligence.com/qilin-edr-kill… #infosec

UAC-0255 impersonating CERT-UA to drop AGEWHEEZE RAT. Fake sender: incidents@cert-ua[.]tech (.tech, not .ua). Targets: gov, healthcare, finance, security firms. Go-based RAT in a ZIP disguised as "protection software." March 26-27 campaign — check mail logs.

UAC-0255 sent ~1M phishing emails impersonating CERT-UA last week. Payload: AGEWHEEZE Go RAT, delivered as password-protected ZIPs posing as "protection software." Targets: gov, healthcare, finance, infosec firms. thehackernews.com/2026/04/cert-u…

CVE-2026-5281 – use-after-free in Chrome's Dawn (WebGPU), actively exploited in the wild. 4th Chrome zero-day patched in 2026. RCE via crafted HTML if the renderer is compromised. Update to 146.0.7680.178 now. Edge/Brave/Opera patches pending. thehackernews.com/2026/04/new-ch…

Anthropic's Claude Code executed malicious Python from the backdoored LiteLLM package on March 24. SentinelOne blocked it autonomously. AI coding agents with unrestrained access are a live supply chain vector now. sentinelone.com/blog/how-senti… #infosec

US charges Maryland man for $53M Uranium Finance smart contract exploit (2021). His take: 'Crypto is just fake internet money anyway.' Some proceeds went to trading cards. Faces 20 years for money laundering. helpnetsecurity.com/2026/03/31/ura… #infosec

Axios npm (400M monthly downloads) backdoored via account takeover March 31. Versions 1.14.1 and 0.30.4 dropped a cross-platform RAT. GitHub also compromised. 3-hour window. Check npm installs from yesterday. bleepingcomputer.com/news/security/… #infosec