===================== = End-of-Day report = =====================
Timeframe: Freitag 17-04-2026 18:00 − Montag 20-04-2026 18:00 Handler: Guenes Holler Co-Handler: n/a
===================== = News = =====================
∗∗∗ LLM-basierte Schwachstellensuche ∗∗∗ --------------------------------------------- Nachdem sich Open Source Maintainer 2025 noch über eine Flut an minderwertigen Sicherheitshinweisen beschwert hatten, die durch LLM-basierte Schwachstellensuche ausgelöst wurde, so hat sich das Bild 2026 gedreht. --------------------------------------------- https://www.cert.at/de/aktuelles/2026/4/llm-basierte-schwachstellensuche
∗∗∗ Payouts King ransomware uses QEMU VMs to bypass endpoint security ∗∗∗ --------------------------------------------- The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. --------------------------------------------- https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-...
∗∗∗ Critical flaw in Protobuf library enables JavaScript code execution ∗∗∗ --------------------------------------------- Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Googles Protocol Buffers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-flaw-in-protobuf-lib...
∗∗∗ WhatsApp Leaks User Metadata to Attackers ∗∗∗ --------------------------------------------- Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity. --------------------------------------------- https://www.darkreading.com/endpoint-security/whatsapp-leaks-user-metadata
∗∗∗ Jugendschutz und Sicherheit: EU-App für Altersnachweis nach zwei Minuten gehackt ∗∗∗ --------------------------------------------- Sicherheitsexperten kritisieren die neue Jugendschutz-App der EU. Die EU-Kommission verteidigt sich und sieht keine aktuellen Probleme. --------------------------------------------- https://www.golem.de/news/jugendschutz-und-sicherheit-eu-app-fuer-altersnach...
∗∗∗ Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet ∗∗∗ --------------------------------------------- Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. --------------------------------------------- https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html
∗∗∗ $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims ∗∗∗ --------------------------------------------- Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said its suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. --------------------------------------------- https://thehackernews.com/2026/04/1374m-hack-shuts-down-sanctioned-grinex.ht...
∗∗∗ I meant to do that! AI vendors shrug off responsibility for vulns ∗∗∗ --------------------------------------------- AI vendors: "You need to use AI to fight AI threats (and do everything else in your corporate IT environment)." Also AI vendors: "That's not a security flaw; it's working as intended." --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2026/04/19/ai_vendors_re...
∗∗∗ Ransomware-Angriffe fordern Ermittler heraus ∗∗∗ --------------------------------------------- Ransomware-Banden setzen auf KI und das Darknet, um kritische Infrastruktur zu treffen. Ermittler in Koblenz agieren zunehmend proaktiv. --------------------------------------------- https://www.heise.de/news/Proaktive-Ermittlungen-gegen-Cybercrime-auf-Landes...
∗∗∗ Fake-ÖAMTC-Mail zu angeblichem Notfall-Rettungswerkzeug ∗∗∗ --------------------------------------------- Derzeit kursieren betrügerische E-Mails, die angeblich vom ÖAMTC stammen. In diesen werden Fahrzeughalter:innen zum Kauf eines angeblich verpflichtenden „Notfall-Rettungswerkzeugs” gedrängt. Die Nachricht ist gefälscht und soll zum Kauf in einem problematischen Online-Shop verleiten. --------------------------------------------- https://www.watchlist-internet.at/news/fake-oeamtc-mail-zu-angeblichem-notfa...
∗∗∗ ID Austria: Warnung vor Betrugsmasche mit abgelaufenen Zertifikaten ∗∗∗ --------------------------------------------- Den Umstand, dass bald 300.000 Zertifikate ablaufen, nutzen Kriminelle aus. Entsprechende SMS sind aber immer ein Betrugsversuch, warnen die Behörden. --------------------------------------------- https://www.derstandard.at/story/3000000317241/id-austria-warnung-vor-betrug...
∗∗∗ Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) ∗∗∗ --------------------------------------------- Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. --------------------------------------------- https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/
∗∗∗ MAD Bugs: Even "cat readme.txt" is not safe ∗∗∗ --------------------------------------------- Codex found a bug turning "cat readme.txt" into arbitrary code execution. --------------------------------------------- https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not
∗∗∗ Anthropics Claude Mythos Launch Is Built on Misinformation ∗∗∗ --------------------------------------------- A primary-source investigation for developers and security researchers who want the real story about what the Data says about Mythos. --------------------------------------------- https://www.artificialintelligencemadesimple.com/p/anthropics-claude-mythos-...
∗∗∗ Some secret management belongs in your HTTP proxy ∗∗∗ --------------------------------------------- Larger organizations commit to centralizing secrets management in a service. When done well, these services solve a lot of issues around secrets, at the cost of creating a lot of ops overhead (which is why they are limited to larger organizations) and engineering complexity. Smaller organizations have, until now, lived with the pain. But the pain has become far more significant with agents. --------------------------------------------- https://blog.exe.dev/http-proxy-secrets
∗∗∗ NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets ∗∗∗ --------------------------------------------- NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge. --------------------------------------------- https://socket.dev/blog/nist-officially-stops-enriching-most-cves?utm_medium...
===================== = Vulnerabilities = =====================
∗∗∗ Zero-Day-Lücken unter Beschuss: Angriffe auf Windows-Systeme beobachtet ∗∗∗ --------------------------------------------- Hacker haben drei kürzlich bekanntgewordene Sicherheitslücken im Windows Defender ausgenutzt. Nur für eine davon gibt es bisher einen Patch. --------------------------------------------- https://www.golem.de/news/zero-day-luecken-unter-beschuss-angriffe-auf-windo...
∗∗∗ Mehr als ein Dutzend Root-Lücken gefährden Dell PowerProtect Data Domain ∗∗∗ --------------------------------------------- In aktuellen Versionen von Dell PowerProtect Data Domain haben die Entwickler Schwachstellen geschlossen. --------------------------------------------- https://heise.de/-11263713
∗∗∗ n8n: Wichtiges Sicherheitsupdate in Sicht ∗∗∗ --------------------------------------------- Offensichtlich ist die Automatisierungsplattform n8n angreifbar. Die Entwickler wollen am Mittwochmittag ein Sicherheitsupdate veröffentlichen. --------------------------------------------- https://heise.de/-11264561
∗∗∗ Xenbits XSA-488 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-488.html
∗∗∗ LWN Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1068681/
∗∗∗ Vercel April 2026 security incident ∗∗∗ --------------------------------------------- https://vercel.com/kb/bulletin/vercel-april-2026-security-incident