← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights critical vulnerabilities under active exploitation, including a high-severity Apache ActiveMQ flaw added to CISA's KEV catalog and multiple Microsoft Defender zero-days. Additionally, a new ransomware variant is using QEMU VMs to evade endpoint security, and international law enforcement has taken down 53 DDoS-for-hire domains.

THNKEV
Apr 17READ

Apache ActiveMQ Flaw Actively Exploited, Added to CISA KEV

A high-severity remote code execution vulnerability (CVE-2026-34197) in Apache ActiveMQ Classic is under active exploitation and has been added to CISA's Known Exploited Vulnerabilities catalog.

THNEXPLOIT
Apr 17READ

Three Microsoft Defender Zero-Days Actively Exploited

Threat actors are exploiting three recently disclosed zero-day vulnerabilities (codenamed BlueHammer, RedSun, and UnDefend) in Microsoft Defender to gain elevated privileges on compromised systems, with two still unpatched.

BLEEPINGRANSOMWARE
Apr 17READ

Payouts King Ransomware Uses QEMU VMs to Bypass Security

The Payouts King ransomware is employing the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines, effectively bypassing endpoint security solutions.

THNDDoS
Apr 17READ

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

An international law enforcement operation, "Operation PowerOFF," has taken down 53 domains and identified over 75,000 cybercriminals involved in DDoS-for-hire services.

BLEEPINGPATCH
Apr 17READ

Microsoft Warns of Windows Servers Entering Reboot Loops After April Patches

Microsoft has issued a warning that some Windows domain controllers are experiencing restart loops after installing the April 2026 security updates.

SECURITYWEEKMALWARE
Apr 17READ

ZionSiphon Malware Targets ICS in Water Facilities

A new operational technology (OT) malware, ZionSiphon, has been discovered, specifically configured to target and sabotage Israeli water treatment and desalination plants.

SECURITYWEEKVULN
Apr 17READ

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI, involving an indirect prompt injection chained with a sandbox bypass and remote tunnel feature, could grant shell access to developer machines.

THN
Apr 17READ

NIST Limits CVE Enrichment Due to Surge in Submissions

The National Institute of Standards and Technology (NIST) is adjusting its National Vulnerability Database (NVD) process, limiting CVE enrichment to only those meeting specific criteria due to a 263% surge in submissions.

Generated twice daily from public security RSS feeds. Informational only.