April, 2026 - Security Ticks

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Don't miss, enterprise, firewall, Hot stuff, News, OWASP, Progress, security update, vulnerability, web application security / SecurityTicks

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit […]

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

botnet, D-Link, Malware & Threats, Mirai, router / SecurityTicks

Mirai Botnet Targets Flaw in Discontinued D-Link Routers 2026-04-22 at 14:47 By Ionut Arghire The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication. The post Mirai Botnet Targets Flaw in Discontinued D-Link Routers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Mirai Botnet Targets Flaw in Discontinued D-Link Routers Read More »

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data

SBOM, supply chain, Supply Chain Security, VEX / SecurityTicks

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data 2026-04-22 at 14:47 By Kevin Townsend Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions. The post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data Read More »

Claude Mythos Finds 271 Firefox Vulnerabilities

AI, Artificial Intelligence, Claude, Featured, Firefox, Mythos, Vulnerabilities, vulnerability / SecurityTicks

Claude Mythos Finds 271 Firefox Vulnerabilities 2026-04-22 at 14:47 By Eduard Kovacs All the flaws could have also been found by an elite human researcher, according to Mozilla. The post Claude Mythos Finds 271 Firefox Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Claude Mythos Finds 271 Firefox Vulnerabilities Read More »

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

macOS malware, Nation-State, North Korea / SecurityTicks

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks 2026-04-22 at 14:47 By Ionut Arghire The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities. The post North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks Read More »

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Uncategorized / SecurityTicks

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack 2026-04-22 at 14:47 By Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack Read More »

Toxic Combinations: When Cross-App Permissions Stack into Risk

Uncategorized / SecurityTicks

Toxic Combinations: When Cross-App Permissions Stack into Risk 2026-04-22 at 14:47 By On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private

Toxic Combinations: When Cross-App Permissions Stack into Risk Read More »

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor

Uncategorized / SecurityTicks

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor 2026-04-22 at 13:48 By Threat Hunter Team Campaign appears to have been targeted at India and Afghanistan. This article is an excerpt from SECURITY.COM View Original Source

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor Read More »

Another DeFi protocol hacked as Sui-based Volo hit by $3.5M exploit

Uzbekistan creates state-backed crypto mining zone with tax breaks

Stratiphy reopens tax-free route to crypto ETNs for UK investors

Database world trying to build natural language query systems again – this time with LLMs

Uncategorized / SecurityTicks

Database world trying to build natural language query systems again – this time with LLMs 2026-04-22 at 13:48 By Lindsay Clark Text-to-SQL might be useful for analysts and DBAs, but be cautious with general user adoption Over the past few years, database and analytics vendors have hopped on a bandwagon that may take us all

Database world trying to build natural language query systems again – this time with LLMs Read More »

Forget call centers, local energy prices mean Britain’s latest offshoring wave is AI projects

Uncategorized / SecurityTicks

Forget call centers, local energy prices mean Britain’s latest offshoring wave is AI projects 2026-04-22 at 13:48 By Dan Robinson Brit firms look to run tech overseas as govt tries to support ‘sovereign’ creators One in five UK firms have already moved AI workloads abroad due to high energy costs, in findings likely to alarm

Forget call centers, local energy prices mean Britain’s latest offshoring wave is AI projects Read More »

Why Indian Enterprises Are a Prime Target for Dark Web Credential Markets

cyber news, Dark Web Monitoring, darkweb, Threat Intelligence / SecurityTicks

Why Indian Enterprises Are a Prime Target for Dark Web Credential Markets 2026-04-22 at 13:48 By Ashish Khaitan The underground economy of stolen credentials has matured into a structured, high-volume marketplace, and Indian enterprises are at the center. What makes this trend notable is not just the scale of cyber incidents in India, but the

Why Indian Enterprises Are a Prime Target for Dark Web Credential Markets Read More »

Tencent’s QClaw AI agent app arrives on Windows and macOS

agentic AI, AI, News, OpenClaw, Tencent / SecurityTicks

Tencent’s QClaw AI agent app arrives on Windows and macOS 2026-04-22 at 13:48 By Sinisa Markovic Tencent has opened an international beta of QClaw, an AI agent application aimed at consumers in Canada, Japan, Singapore, South Korea, and the United States. The first wave is capped at 20,000 users. Additional markets are scheduled to follow.

Tencent’s QClaw AI agent app arrives on Windows and macOS Read More »

Phishing reclaims the top initial access spot, attackers experiment with AI tools

Cisco, cybercrime, cybersecurity, News, phishing, report, scams / SecurityTicks

Phishing reclaims the top initial access spot, attackers experiment with AI tools 2026-04-22 at 13:48 By Anamarija Pogorelec Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial access could be determined, according to Cisco Talos. It is

Phishing reclaims the top initial access spot, attackers experiment with AI tools Read More »

OneDrive updates focus on AI, access control, and compliance

Microsoft, News, OneDrive, update / SecurityTicks

OneDrive updates focus on AI, access control, and compliance 2026-04-22 at 13:48 By Anamarija Pogorelec Microsoft OneDrive’s recent updates focus on improving intelligence, collaboration, and administrative control. “Last year, we made a promise: your files should work for you, not the other way around. That meant reimagining OneDrive not just as a place to store

OneDrive updates focus on AI, access control, and compliance Read More »

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

AI, Artificial Intelligence, Malware, Malware & Threats, Vulnerabilities, vulnerability / SecurityTicks

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals 2026-04-22 at 13:47 By Eduard Kovacs Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware. The post Google Antigravity in Crosshairs of Security Researchers, Cybercriminals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals Read More »

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Uncategorized / SecurityTicks

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug 2026-04-22 at 13:47 By Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug Read More »

Oil crisis? What oil crisis? IT spending de-coupled from wider war shock

Uncategorized / SecurityTicks

Oil crisis? What oil crisis? IT spending de-coupled from wider war shock 2026-04-22 at 11:49 By Lindsay Clark Gartner sees accelerating growth in IT spending, powered by cloud and AI infrastructure investment A day after the International Energy Agency (IEA) said the US/Israel/Iran war was creating the worst energy crisis ever faced by the ‌world,

Oil crisis? What oil crisis? IT spending de-coupled from wider war shock Read More »

April 2026