TECHZONE™

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-27351 (CVSS score: 8.2) - An improper authentication vulnerability in PaperCut

What the ransom note won't say https://www.welivesecurity.com/en/ransomware/what-ransom-note-doesnt-say/ An attack is what you see, but a business operation is what you're up against

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code. SGLang is a high-performance, open-source serving

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More https://thehackernews.com/2026/04/weekly-recap-vercel-hack-push-fraud.html Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run.

Why Most AI Deployments Stall After the Demo https://thehackernews.com/2026/04/why-most-ai-deployments-stall-after-demo.html The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall because what worked in the demo doesn't survive contact with real operations. The gap between a

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems https://thehackernews.com/2026/04/researchers-detect-zionsiphon-malware.html Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet.

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. "The attacker used that access to take over the employee's Vercel Google Workspace account,

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims https://thehackernews.com/2026/04/1374m-hack-shuts-down-sanctioned-grinex.html Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting

That data breach alert might be a trap https://www.welivesecurity.com/en/scams/data-breach-alert-might-be-trap/ Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot.

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul https://thehackernews.com/2026/04/google-blocks-83b-policy-violating-ads.html Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location permissions in Android, allowing third-party apps to access the contact lists and a user's location in

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions https://thehackernews.com/2026/04/nist-limits-cve-enrichment-after-263.html The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions. "CVEs that do not meet those criteria will still be listed in the NVD but will not

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts https://thehackernews.com/2026/04/operation-poweroff-seizes-53-ddos.html An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to

Supply chain dependencies: Have you checked your blind spot? https://www.welivesecurity.com/en/business-security/supply-chain-dependencies-have-you-checked-your-blind-spot/ Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation https://thehackernews.com/2026/04/apache-activemq-cve-2026-34197-added-to.html A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic https://thehackernews.com/2026/04/newly-discovered-powmix-botnet-hits.html Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections," Cisco Talos

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories https://thehackernews.com/2026/04/threatsday-bulletin-17-year-old-excel.html You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for. Not 

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment https://thehackernews.com/2026/04/webinar-find-and-eliminate-orphaned-non.html In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most