Apr 22, 2026 · #34 episode artwork

EPISODE · Apr 22, 2026 · 4 MIN

Apr 22, 2026 · #34

from Security Brief Daily · host Security Brief Daily

Episode 34 — 22 Apr 2026 1. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 2. Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Source: Bleeping Computer Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. The security flaw, tracked as CVE-2026-32201 , affects SharePoint Enterprise Server 2016,... 3. CISA flags new SD-WAN flaw as actively exploited in attacks Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. Catalyst SD-WAN Manager (formerly known as... 4. Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Source: Bleeping Computer Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. Apache ActiveMQ is the most popular open-source multi-protocol message broker... 5. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium... 6. ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty Source: Krebs on Security A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022... 7. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 8. Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles Source: The Hacker News Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell...

Episode 34 — 22 Apr 2026 1. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 2. Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Source: Bleeping Computer Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. The security flaw, tracked as CVE-2026-32201 , affects SharePoint Enterprise Server 2016,... 3. CISA flags new SD-WAN flaw as actively exploited in attacks Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. Catalyst SD-WAN Manager (formerly known as... 4. Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Source: Bleeping Computer Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. Apache ActiveMQ is the most popular open-source multi-protocol message broker... 5. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium... 6. ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty Source: Krebs on Security A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022... 7. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 8. Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles Source: The Hacker News Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell...

NOW PLAYING

Apr 22, 2026 · #34

0:00 4:56

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Security Brief Daily?

This episode is 4 minutes long.

When was this Security Brief Daily episode published?

This episode was published on April 22, 2026.

What is this episode about?

Episode 34 — 22 Apr 2026 1. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation...

Can I download this Security Brief Daily episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!