← Latest brief

Security news.

·Morning Brief

Today's cybersecurity news highlights active exploitation of critical vulnerabilities, including a high-severity Apache ActiveMQ flaw and multiple Microsoft Defender zero-days. We also see the continued evolution of phishing tactics following the disruption of Tycoon 2FA, and a significant cryptocurrency exchange hack.

THNBREACH
Apr 18READ

$13.74M Hack Shuts Down Sanctioned Grinex Exchange

Grinex, a cryptocurrency exchange sanctioned by the U.K. and U.S., has suspended operations after a $13.74 million hack it attributes to Western intelligence agencies.

THNEXPLOIT
Apr 18READ

Mirai Variant Nexcorium Exploits CVE-2024-3721

A Mirai variant, Nexcorium, is exploiting CVE-2024-3721 in TBK DVRs and flaws in end-of-life TP-Link Wi-Fi routers to build a DDoS botnet.

SECURITYWEEKPHISHING
Apr 18READ

Tycoon 2FA Phishing Tactics Evolve After Disruption

Following the disruption of the Tycoon 2FA platform, threat actors are reusing its tools in other phishing kits and adopting device code phishing techniques to bypass MFA.

BLEEPINGRANSOMWARE
Apr 17READ

Payouts King Ransomware Uses QEMU VMs to Bypass Security

The Payouts King ransomware is employing the QEMU emulator to run hidden virtual machines via a reverse SSH backdoor, aiming to bypass endpoint security solutions.

THNEXPLOIT
Apr 17READ

Three Microsoft Defender Zero-Days Actively Exploited

Threat actors are actively exploiting three recently disclosed zero-day vulnerabilities (BlueHammer, RedSun, UnDefend) in Microsoft Defender to gain elevated privileges on compromised systems, with two still unpatched.

THNKEV
Apr 17READ

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV

CISA has added a high-severity Apache ActiveMQ Classic vulnerability (CVE-2026-34197) to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild.

DARK READING
Apr 17READ

NIST's Cutback of CVE Handling Impacts Cyber Teams

NIST has announced changes to its National Vulnerability Database (NVD) operations, limiting CVE data enrichment due to a surge in submissions, which will impact how cyber teams prioritize vulnerabilities.

BLEEPINGPATCH
Apr 17READ

Windows Servers Enter Reboot Loops After April Patches

Microsoft has warned that some Windows domain controllers are experiencing restart loops after installing the April 2026 security updates.

Generated twice daily from public security RSS feeds. Informational only.