EPISODE · Apr 22, 2026 · 4 MIN
Apr 22, 2026 · #34
from Security Brief Daily · host Security Brief Daily
Episode 34 — 22 Apr 2026 1. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 2. Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Source: Bleeping Computer Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. The security flaw, tracked as CVE-2026-32201 , affects SharePoint Enterprise Server 2016,... 3. CISA flags new SD-WAN flaw as actively exploited in attacks Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. Catalyst SD-WAN Manager (formerly known as... 4. Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Source: Bleeping Computer Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. Apache ActiveMQ is the most popular open-source multi-protocol message broker... 5. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium... 6. ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty Source: Krebs on Security A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022... 7. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 8. Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles Source: The Hacker News Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell...
What this episode covers
Episode 34 — 22 Apr 2026 1. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 2. Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Source: Bleeping Computer Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. The security flaw, tracked as CVE-2026-32201 , affects SharePoint Enterprise Server 2016,... 3. CISA flags new SD-WAN flaw as actively exploited in attacks Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. Catalyst SD-WAN Manager (formerly known as... 4. Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Source: Bleeping Computer Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. Apache ActiveMQ is the most popular open-source multi-protocol message broker... 5. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium... 6. ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty Source: Krebs on Security A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022... 7. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 8. Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles Source: The Hacker News Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell...
NOW PLAYING
Apr 22, 2026 · #34
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.