← Latest brief

Security news.

·Afternoon Brief

Today's cybersecurity news highlights critical vulnerabilities and active exploitation. A severe flaw in the Protobuf library allows JavaScript code execution, while a Mirai variant is exploiting a TBK DVR vulnerability. Additionally, the Apache ActiveMQ flaw (CVE-2026-34197) has been added to CISA's KEV catalog due to active exploitation.

BLEEPINGVULN
Apr 18READ

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers.

THNBREACH
Apr 18READ

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting CVE-2024-3721, a medium-severity command injection vulnerability in TBK DVR devices, to deploy Mirai-botnet variants.

THNKEV
Apr 17READ

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity remote code execution flaw in Apache ActiveMQ Classic, CVE-2026-34197, has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.

THNBREACH
Apr 18READ

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

The Kyrgyzstan-incorporated cryptocurrency exchange Grinex has suspended operations after a $13.74 million hack, which the exchange blames on Western intelligence agencies.

BLEEPINGRANSOMWARE
Apr 17READ

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is leveraging the QEMU emulator to run hidden virtual machines on compromised systems, effectively bypassing endpoint security measures.

DARK READINGPHISHING
Apr 17READ

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

Following the disruption of the Tycoon 2FA platform, threat actors are now adopting device code phishing to trick victims into granting account access through legitimate new-device login flows.

DARK READING
Apr 17READ

How NIST's Cutback of CVE Handling Impacts Cyber Teams

NIST has decided to reduce its CVE data enrichment efforts, leading to industry and ad hoc coalitions stepping in to help fill the gap for cyber teams.

BLEEPINGVULN
Apr 18READ

Microsoft Teams right-click paste broken by Edge update bug

Microsoft has issued a warning that a recent Edge browser update introduced a bug that prevents right-click paste functionality in Microsoft Teams desktop client chats.

Generated twice daily from public security RSS feeds. Informational only.