Defending OSS

~Socket~
OSS remains vital despite recent supply chain attacks by TeamPCP and North Korean actors.
-
IOCs: (None identified)
-
#OSS #SupplyChain #threatintel

Breach & Build — Cybersecurity, CVE & Tech News Breaking cybersecurity news, CVE vulnerability disclosures, CVSS scores, EPSS data, and technology analysis.

🚨 CVE Weekly Roundup | 2026-04-03 – 2026-04-10

🔍 1,111 CVEs tracked (-146 vs last week)
⚠️ 2 actively exploited (0.2%)
🔴 91 critical (CVSS 9.0+)

Our weekly threat breakdown — what actually matters this week

#cybersecurity #CVE #threatintel #infosec

breachandbuild.com/cve-tracking...

Adobe 0-day seen in the wild This is an interesting find. PDF exploits are rare and this one looks to be very targeted. Also "yummy_adobe_exploit_uwu.pdf" is a malware naming convention that reminds me why I love this community. I’m struggling to come up with some good detections for this one though. I was hoping for the process tree behavior but this seems very common with acrobat.exe: ``` Acrobat.exe (PID:6416) “manual.pdf” ├── AdobeCollabSync.exe -c (PID:3520) ├── AdobeCollabSync.exe -c (PID:5424) [stealth_timeo...

We've been tracking this Adobe 0-day in Acrobat Reader. Still no patch from Adobe (and no word on affected versions). Per the discoverer, this attack has been ongoing for months.

discourse.ifin.netwo...

#Adobe #0day #ThreatIntel #IFIN

Every time LE slaps a seizure banner on a leak site, half the industry acts like the campaign is over. Meanwhile Cl0p is quietly testing how much “disruption” they can route around. Your risk model still assumes takedowns are real stops?

#AlphaHunt #ThreatIntel #Ransomware

Fraud teams keep looking for dodgy bettors. The real action is proxy networks using casinos and apps as money-transfer rails for scam centres and trafficking crews. If you’re not fusing cage + device + payment telemetry, you’re blind on purpose.

#AlphaHunt #ThreatIntel

21 IPs generated nearly half of all RDP scanning on the internet in 48 hours. Then vanished — for the second time in 30 days.

🔗 www.greynoise.io/blog/ip-addresses-behind...

#ThreatIntel #RDP #CyberSecurity #InfoSec #ThreatHunting

Just 21 IP Addresses Are Now Behind Nearly Half of All RDP Scanning on the Internet GreyNoise uncovers a concentrated RDP scanning campaign, revealing infrastructure patterns, rapid traffic shifts that impact detection, and recommendations for defenders.

21 IPs generated nearly half of all RDP scanning on the internet in 48 hours. Then vanished — for the second time in 30 days.

🔗 www.greynoise.io/blog/ip-addr...

#ThreatIntel #RDP #CyberSecurity #InfoSec #ThreatHunting

CTI Daily Brief: 2026-04-09 - Flannel cross-node RCE (CVE-2026-32241), iOS kexploit, Iranian ICS targeting, CPUID supply-chain compromise 52 reports processed. Critical Flannel cross-node RCE and an iOS 18/26 kexploit headline the day. Iranian state-backed actors targeting ~4,000 US Rockwell PLCs, a CPUID supply-chain compromise pushing trojanised CPU-Z/HWMonitor, and sustained ransomware pressure from Qilin, The Gentlemen, Inc Ransom, and PEAR dominate the operational picture.

iOS 18 & iOS 26 “kexploit” full-root exploit — WIP darksword (CRITICAL)

CVE-2026-32241 — Flannel cross-node remote code execution (CRITICAL)

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

Full brief: intel.overresearched.net/2026/04/10/c...

#Daily #ThreatIntel #iOS #CVE

🔥 The 5 Threats That Actually Mattered This Week (April 06 – 12, 2026)

breachandbuild.com/top-cyber-threats-this-w...

#cybersecurity #infosec #threatintel

The Collapse of the Patch Window

~Talos~
Vulnerability exploitation is accelerating rapidly, shrinking the patch window to days or hours.
-
IOCs: React2Shell
-
#React2Shell #ThreatIntel #Vulnerability

Google Chrome Security Advisory AV26-337

~Cybergcca~
Google released security updates for Chrome Desktop to address multiple vulnerabilities.
-
IOCs: (None identified)
-
#GoogleChrome #ThreatIntel #Vulnerability

CYBER THREAT INTELLIGENCE BRIEFING Nation-State Threat Landscape Assessment Reporting Period: February 24 – April 10, 2026

Latest intelligence brief on the cyber capabilities on Iran, Russia, China, and North Korea. #russia #china #northkorea #iran #cybersecurity #threatintel #cyberattacks

CYBER THREAT INTELLIGENCE BRIEFING open.substack.com/pub/cyberwar...

HWMonitor Download Compromised Observable: CPUID Downloads with Malware Observable Type: Supply Chain compromise (?) Details: Users reporting getting a malware executable while downloading HWMonitor software from the official CPUID website A discussion on Reddit from an everyday user, with some analysis in the comments: Reddit - Please wait for verification Some press coverage: https://cybernews.com/security/cpuid-hwmonitor-hwinfo-cpuz-deliver-malware/

CPUID downloads were temporarily compromised earlier today. We have a thread compiling analysis and IoCs for you to investigate:

discourse.ifin.netwo...

#ThreatIntel #IFIN #ThreatIntelligence

Thank you @talosintelligence.com for being #PIVOTcon26 Gold Sponsor 🥳
Read more about Cisco Talos: talosintelligence.com
Talos powers the Cisco portfolio with comprehensive intelligence.

Our sponsors: pivotcon.org#sponsors
#ThreatIntel #CTI #ThreatResearch

Hearing HWMonitor was compromised

cybernews.com/security/cpuid-hwmonitor...

www.reddit.com/r/pcmasterrace/comments/...

#ThreatIntel

CVE-2026-34976

Why are open-source databases still shipping with missing auth checks?

CVE-2026-34976.
Dgraph GraphQL database.
CVSS 10.0.

www.yazoul.net/advisory/cve/cve-2026-34...

#InfoSec #ThreatIntel

Adobe Reader Zero-Day Exploited

~Sophos~
An actively exploited Adobe Reader zero-day uses malicious PDFs to steal data and execute code.
-
IOCs: ado-read-parser[. ]com, 169[. ]40[. ]2[. ]68, 188[. ]214[. ]34[. ]20
-
#Adobe #ThreatIntel #ZeroDay

NK Hijacks Axios npm

~Socket~
North Korean actors socially engineered the Axios maintainer to deploy malware and steal npm publish access.
-
IOCs: (None identified)
-
#SupplyChain #ThreatIntel #npm

Microsegmentation for CJIS Compliance

~Akamai~
Microsegmentation helps government agencies enforce Zero Trust and meet CJIS compliance by restricting lateral movement.
-
IOCs: (None identified)
-
#CJIS #Microsegmentation #ThreatIntel #ZeroTrust

[DEEP RESEARCH] Who’s Most Likely to Abuse MCP Integrations? UNC3944, TraderTraitor, UNC6293 Three intrusion sets already excel at getting users to approve tools and auth flows. This assessment is probabilistic: it highlights who is best positioned to adapt that tradecraft to MCP-style…

Most teams threat-model MCP like it’s another API surface. The crews lining up for it treat it like a social-engineering buffet: “install this tool, approve this repo, authorize this device.” No exploit required.

Full piece here: blog.alphahunt.io/deep-researc...

#AlphaHunt #ThreatIntel

The industry loves preparing for the last Iran headline. PLCs are real. That does not make them the only lane that matters. The interesting question is which “not supposed to be the main thing” path becomes the main thing anyway.

#AlphaHunt #ThreatIntel

Wahoo! 🍄 Krybit claims to have breached Megasurf (ZA), a South African internet service provider & data center operator.

Energy sector data centers are prime targets for ransomware. We'll keep an eye on this one.

💀 #Energy #DataBreach #CTI #ThreatIntel

CTI Daily Brief: 2026-04-08 — Adobe Reader Zero-Day Exploited in Wild; Marimo RCE Weaponised in Under 10 Hours; Qilin Ransomware Surge 89 reports processed across 15 sources. Critical zero-day exploitation of Adobe Reader ongoing since December. Marimo Python notebook RCE exploited within 10 hours of disclosure. CISA ICS advisory for Contemporary Controls BASC 20T PLC (CVE-2025-13926). Multiple OpenPrinting CUPS critical RCEs disclosed. Qilin ransomware group continues high-tempo operations across legal, education, and maritime sectors.

🔴 Adobe Reader zero-day exploited since Dec — no patch
🔴 Marimo RCE weaponised in under 10hrs
🔴 CISA ICS: CVE-2025-13926 (CVSS 9.8)
🟠 Smart Slider supply chain hits 900K+ sites
🟠 Qilin ransomware surging

Full brief: intel.overresearched.net/2026/04/09/c...

#Daily #ThreatIntel #InfoSec #Ransomware

SaaS Notification Weaponization

~Talos~
Attackers weaponize SaaS notifications (GitHub, Jira) to bypass email security for phishing.
-
IOCs: CVE-2026-1731, LucidRook, Medusa
-
#Phishing #SaaS #ThreatIntel

Elastic at Defence Cyber Marvel 2026

~Elastic~
Elastic details its infrastructure and AI-driven security deployments for the UK MoD's Defence Cyber Marvel 2026 exercise.
-
IOCs: (None identified)
-
#CyberExercise #ElasticSecurity #ThreatIntel

CCCS Advisory Digest: Apr 9, 2026

~Cybergcca~
Security advisories issued for HPE, Juniper Networks, Qualcomm, and Tenable products. Apply updates.
-
IOCs: (None identified)
-
#Patch #ThreatIntel #Vulnerability

This Diamond Model from our “Cat’s Got Your Files: Lynx Ransomware” report illustrates the four core elements of the intrusion.

See how all four vertices aligned for full-domain compromise 👇
thedfirreport.com/2025/12/17/c...

#DFIR #ThreatIntel #Ransomware #BlueTeam #CyberSecurity

CVE-2026-34208

Most companies won't patch this for 3 weeks. Attackers need 3 hours.

CVE-2026-34208.
SandboxJS prior to version 0.8.36.
CVSS 10.0.
Global object protection bypass leads to RCE.

www.yazoul.net/advisory/cve/cve-2026-34...

#InfoSec #ThreatIntel

In-Memory Loader Drops ScreenConnect

~Zscaler~
A fake Adobe Reader lure uses an obfuscated VBScript and in-memory .NET loader to bypass UAC and deploy ScreenConnect.
-
IOCs: x0. at, Acrobat_Reader_V112_6971. vbs
-
#Malware #ScreenConnect #ThreatIntel

OpenClaw AI Red Teaming Experiment

~Sophos~
Sophos successfully used the OpenClaw AI agent for automated red teaming, finding 23 actionable issues and reducing AD recon time from days to hours.
-
IOCs: (None identified)
-
#AI #OpenClaw #RedTeaming #ThreatIntel