EPISODE · Apr 9, 2026 · 4 MIN
Apr 09, 2026 · #21
from Security Brief Daily · host Security Brief Daily
Episode 21 — 09 Apr 2026 1. Hackers use pixel-large SVG trick to hide credit card stealer Source: Bleeping Computer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate... 2. CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday Source: Bleeping Computer CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. Tracked as CVE-2026-1340 , this critical-severity code injection flaw... 3. 13-year-old bug in ActiveMQ lets hackers remotely execute commands Source: Bleeping Computer Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. The flaw was uncovered using the Claude AI assistant, which identified an exploit... 4. Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins Source: Bleeping Computer An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28,... 5. Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices Source: The Hacker News Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of... 6. APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies Source: The Hacker News 7. Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Source: The Hacker News Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to... 8. Russia Hacked Routers to Steal Microsoft Office Tokens Source: Krebs on Security Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon...
What this episode covers
Episode 21 — 09 Apr 2026 1. Hackers use pixel-large SVG trick to hide credit card stealer Source: Bleeping Computer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate... 2. CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday Source: Bleeping Computer CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. Tracked as CVE-2026-1340 , this critical-severity code injection flaw... 3. 13-year-old bug in ActiveMQ lets hackers remotely execute commands Source: Bleeping Computer Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. The flaw was uncovered using the Claude AI assistant, which identified an exploit... 4. Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins Source: Bleeping Computer An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28,... 5. Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices Source: The Hacker News Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of... 6. APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies Source: The Hacker News 7. Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Source: The Hacker News Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to... 8. Russia Hacked Routers to Steal Microsoft Office Tokens Source: Krebs on Security Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon...
NOW PLAYING
Apr 09, 2026 · #21
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.