Cyber Defense Command Center
Real-time security intelligence and threat monitoring
SYSTEM SECURE
HIGH
8:10 pm, April 17, 2026
Payouts King ransomware uses QEMU VMs to bypass endpoint security
Payouts King ransomware uses QEMU VMs to bypass endpoint security.
INFO
3:10 pm, April 17, 2026
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
The article discusses how threat actors verify trust in underground credit card shops based on data quality, reputation, and survivability.
HIGH
3:10 pm, April 17, 2026
Grinex exchange blames "Western intelligence" for $13.7M crypto hack
Grinex exchange suffered a $13.7M crypto hack attributed to Western intelligence agencies.
INFO
2:10 pm, April 17, 2026
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.
The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (
INFO
1:10 pm, April 17, 2026
Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery
The webinar highlights the evolving threat of cyberattacks, particularly phishing, and the need for MSPs to integrate security and recovery strategies to mitigate risks and ensure business continuity.
INFO
12:10 pm, April 17, 2026
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
Google blocked 8.3B policy-violating ads in 2025 and launched Android 17 privacy overhaul.
HIGH
10:10 am, April 17, 2026
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
CISA warns of active exploitation of a high-severity Apache ActiveMQ vulnerability patched after 13 years undetected.
LOW
8:10 am, April 17, 2026
Man gets 30 months for selling thousands of hacked DraftKings accounts
A 23-year-old was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts.
INFO
8:10 am, April 17, 2026
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
NIST limits CVE enrichment due to 263% surge in vulnerability submissions.
HIGH
8:10 am, April 17, 2026
Microsoft: Some Windows servers enter reboot loops after April patches
Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates.
HIGH
7:10 am, April 17, 2026
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
Operation PowerOFF disrupts 53 DDoS domains, exposing 3 million criminal accounts and arresting 4 individuals.
CRITICAL
7:10 am, April 17, 2026
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting recently disclosed Windows zero-days to gain SYSTEM or elevated administrator permissions.
CRITICAL
4:10 am, April 17, 2026
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
Apache ActiveMQ CVE-2026-34197 is under active exploitation and has been added to CISA KEV catalog.
INFO
2:10 am, April 17, 2026
ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
INFO
1:10 am, April 17, 2026
Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
Introduction to a Lumma Stealer infection with Sectop RAT (ArechClient2) on April 17th.
INFO
11:10 pm, April 16, 2026
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
The latest wave of "Operation PowerOFF," on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries. [...]
CRITICAL
10:10 pm, April 16, 2026
ZionSiphon malware designed to sabotage water treatment systems
New malware ZionSiphon targets water treatment systems to sabotage operations.
CRITICAL
9:10 pm, April 16, 2026
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A proof-of-concept exploit for a Microsoft Defender zero-day, dubbed 'RedSun,' grants SYSTEM privileges.
HIGH
7:10 pm, April 16, 2026
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Newly discovered PowMix botnet targets Czech workers with randomized C2 traffic.
INFO
5:10 pm, April 16, 2026
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
MEDIUM
4:10 pm, April 16, 2026
Google expands Gemini AI use to fight malicious ads on its platform
Google utilizes Gemini AI to enhance detection and blocking of malicious ads on its platform.
HIGH
2:10 pm, April 16, 2026
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
Multiple threats disclosed, including a Defender 0-Day, SonicWall brute-force attacks, and a 17-year-old Excel RCE vulnerability.
INFO
2:10 pm, April 16, 2026
Most "AI SOCs" Are Just Faster Triage. That's Not Enough.
AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. [...]
INFO
2:10 pm, April 16, 2026
New ATHR vishing platform uses AI voice agents for automated attacks
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. [...]
INFO
1:10 pm, April 16, 2026
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.
For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most
HIGH
12:10 pm, April 16, 2026
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
Taboola routed logged-in banking sessions to Temu without bank knowledge or user consent.
INFO
12:10 pm, April 16, 2026
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors.
Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage
CRITICAL
12:10 pm, April 16, 2026
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Cisco patches critical flaws in Identity Services and Webex enabling code execution.
CRITICAL
12:10 pm, April 16, 2026
Cisco says critical Webex Services flaw requires customer action
Cisco patches critical improper certificate validation flaw in Webex Services requiring customer action.
INFO
11:10 am, April 16, 2026
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month. [...]
INFO
9:10 am, April 16, 2026
US nationals behind DPRK IT worker 'laptop farm' sent to prison
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. [...]
MEDIUM
8:10 am, April 16, 2026
Microsoft: April Windows Server 2025 update may fail to install
Microsoft is investigating an installation issue with the April KB5082063 security update on some Windows Server 2025 systems.
INFO
7:10 am, April 16, 2026
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp.
The activity, which was observed between March and April
INFO
2:10 am, April 16, 2026
ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)
This is a podcast episode from SANS Internet Storm Center, dated Thursday, April 16th, 2026.
INFO
12:10 am, April 16, 2026
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
A guest diary entry by Alec Jaffe discusses compromised DVRs and finding them in the wild.
INFO
11:10 pm, April 15, 2026
Critical Nginx UI auth bypass flaw now actively exploited in the wild
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]
HIGH
10:10 pm, April 15, 2026
New AgingFly malware used in attacks on Ukraine govt, hospitals
AgingFly malware targets Ukraine govt and hospitals, stealing auth data from Chromium-based browsers and WhatsApp.
INFO
9:10 pm, April 15, 2026
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]
INFO
6:10 pm, April 15, 2026
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails.
"By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
INFO
6:10 pm, April 15, 2026
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. [...]
INFO
5:10 pm, April 15, 2026
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft awards $2.3 million for cloud and AI vulnerabilities found during Zero Day Quest hacking contest.
CRITICAL
3:10 pm, April 15, 2026
CISA flags Windows Task Host vulnerability as exploited in attacks
CISA warns of exploited Windows Task Host vulnerability allowing SYSTEM privileges.
INFO
2:10 pm, April 15, 2026
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases.
Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database
CRITICAL
2:10 pm, April 15, 2026
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A critical authentication bypass vulnerability (CVE-2026-33032) in nginx-ui allows for full Nginx server takeover and is under active exploitation.
INFO
2:10 pm, April 15, 2026
Rolling Networks: Securing the Transportation Sector
The transportation sector faces emerging cyber threats due to increased connectivity and attack surfaces in modern trucks.
INFO
1:10 pm, April 15, 2026
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
The article discusses the rapid adoption of AI across industries and its implications for security and exposure validation.
MEDIUM
12:10 pm, April 15, 2026
Microsoft: April updates trigger BitLocker key prompts on some servers
Microsoft confirmed that April updates trigger BitLocker key prompts on some servers.
MEDIUM
11:10 am, April 15, 2026
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
Microsoft fixed a bug causing unexpected upgrades to Windows Server 2025 from Windows Server 2019 and 2022.
CRITICAL
9:10 am, April 15, 2026
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft patches a zero-day vulnerability in SharePoint and 168 other vulnerabilities, with 8 rated Critical and 157 rated Important.
INFO
6:10 am, April 15, 2026
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
OpenAI has launched GPT-5.4-Cyber, a variant of its GPT-5.4 model optimized for defensive cybersecurity use cases, expanding access for security teams.
AI Testing
