← Latest brief

Security news.

·Morning Brief

Today's security brief highlights critical vulnerabilities and active exploitation, including a remote code execution flaw in the Protobuf library and an Apache ActiveMQ vulnerability added to CISA's KEV catalog. We also see continued activity from ransomware groups employing novel evasion techniques and the evolving landscape of phishing attacks.

BLEEPINGVULN
Apr 18READ

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers.

THNBREACH
Apr 18READ

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Grinex, a cryptocurrency exchange sanctioned by the U.K. and U.S., has suspended operations after a $13.74 million hack it attributes to Western intelligence agencies.

THNBREACH
Apr 18READ

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting CVE-2024-3721 in TBK DVR devices and EoL TP-Link Wi-Fi routers to deploy Mirai-botnet variants for DDoS attacks.

SECURITYWEEKEXPLOIT
Apr 17READ

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

The remote code execution vulnerability CVE-2026-34197 in Apache ActiveMQ, patched earlier this month, is now being actively exploited.

BLEEPINGRANSOMWARE
Apr 17READ

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is employing the QEMU emulator to run hidden virtual machines via a reverse SSH backdoor, aiming to bypass endpoint security.

THNEXPLOIT
Apr 17READ

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress warns that threat actors are actively exploiting three recently disclosed zero-day vulnerabilities (codenamed BlueHammer, RedSun, and UnDefend) in Microsoft Defender to gain elevated privileges.

BLEEPINGPATCH
Apr 17READ

Microsoft: Some Windows servers enter reboot loops after April patches

Microsoft has issued a warning that some Windows domain controllers are experiencing restart loops after installing the April 2026 security updates.

DARK READINGPHISHING
Apr 17READ

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

Following disruptions to the Tycoon 2FA platform, threat actors are now reusing its tools across other phishing kits and adopting device code phishing techniques.

Generated twice daily from public security RSS feeds. Informational only.