Your Security Digest · 29 apr

Today, 11 things to read.

5 actively exploited · 6 to skim · 1 to act on

tracked11

critical0

active exploit5

showing 11 of 160·sorted by date desc

Apr 2010d ago

highother

Microsoft: Teams increasingly abused in helpdesk impersonation attacks

Microsoft has issued a warning that threat actors are increasingly using Microsoft Teams to impersonate IT helpdesk staff, tricking employees into granting access to enterprise networks. Attackers leverage legitimate tools for access and lateral movement, making detection difficult. Developers and enterprise users should be cautious of unsolicited Teams messages requesting credentials or remote access, and organizations should review their external Teams communication policies.

affectedMicrosoftsocial675 · flat

Apr 2010d ago

highwebexploited in the wild

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

A weekly security roundup covers multiple active threats including a Vercel-related hack, push notification fraud, QEMU being abused as an attack vector, and new Android remote access trojans (RATs) emerging in the wild. The attacks share a common theme of abusing trusted pathways—third-party tools, browser extensions, update channels, and legitimate software—to gain internal access rather than breaking systems directly. Developers should care because supply chain trust assumptions are being systematically exploited across multiple platforms and tooling ecosystems.

affectedinternal access rather than breaking systems directlysocial924 · up

Apr 2010d ago

highsupply-chain

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Researchers discovered a design-level vulnerability in the Model Context Protocol (MCP), a framework used to connect AI models with external tools and data sources. The flaw allows attackers to achieve remote code execution on any system running a vulnerable MCP implementation, potentially compromising the broader AI supply chain. Developers building AI-powered applications with MCP integrations should audit their implementations immediately, as this is an architectural issue rather than a simple patch-and-fix bug.

affectedAnthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chainsocial503 · down

Apr 2010d ago

highother

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Researchers at Darktrace have identified a new malware called ZionSiphon specifically designed to target Israeli water treatment and desalination facilities. The malware establishes persistence, tampers with configuration files, and scans for operational technology (OT) services on local networks, posing a significant threat to critical water infrastructure. Developers working on OT/ICS systems or critical infrastructure software should be aware of targeted malware capable of bridging IT and OT environments.

affectedIsraeli water treatment and desalination facilitiessocial681 · flat

Apr 2010d ago

highweb

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Vercel suffered a security breach after a third-party AI tool, Context.ai, was compromised, allowing attackers to take over an employee's Google Workspace account and gain unauthorized access to certain internal Vercel systems. A limited number of customer credentials were exposed as a result. Developers using Vercel should monitor for any suspicious activity and consider rotating credentials, as supply chain attacks through third-party tools remain a significant and growing threat vector.

affectedunauthorized access to certain internal Vercel systemssocial692 · up

Apr 1614d ago

highcritical-infrastructureexploited in the wild

AVEVA Pipeline Simulation

software contains a missing authorization vulnerability (CVE-2026-5387) with a CVSS v3 score of 9.1, allowing unauthenticated attackers to escalate privileges and perform administrator-level actions. Exploiting this flaw could enable modification of simulation parameters, training configurations, and training records in pipeline simulation systems used in critical manufacturing infrastructure worldwide. Developers and operators using AVEVA Pipeline Simulation should apply patches or mitigations immediately, as the high CVSS score and lack of authentication requirement make this a serious risk.

affectedpipeline simulation systems used in critical manufacturing infrastructure worldwidesocial963 · up

Apr 1614d ago

highexploitationexploited in the wild

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added a new Apache ActiveMQ vulnerability (CVE-2026-34197) involving improper input validation to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Organizations running Apache ActiveMQ are at risk, as this type of vulnerability is a common attack vector for malicious actors. Developers and administrators using ActiveMQ should prioritize patching immediately, as federal agencies are required to remediate and all organizations are strongly urged to do the same.

affectedCISA Adds One Known Exploited Vulnerability to Catalogsocial852 · up

Apr 1614d ago

highcritical-infrastructure

Horner Automation Cscape and XL4, XL7 PLC

Horner Automation's Cscape engineering software and XL4/XL7 PLCs used in critical manufacturing have a weak password requirements vulnerability (CVE-2026-6284, CVSS 9.1) that allows network-accessible attackers to brute force credentials with no rate limiting or complexity enforcement. Affected versions include Cscape v10.0, XL7 PLC v15.60, and XL4 PLC v16.32.0. Developers and engineers integrating or managing industrial control systems should apply patches or mitigations immediately, as successful exploitation could grant unauthorized access to operational technology environments.

affectedversions include Cscape v10social714 · up

Apr 1416d ago

highexploitationexploited in the wild

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation: a Microsoft Office Remote Code Execution flaw (CVE-2009-0238) and a Microsoft SharePoint Server Improper Input Validation vulnerability (CVE-2026-32201). Federal agencies are required to patch these by a set deadline, and all organizations are strongly urged to remediate them promptly. Developers and admins running Microsoft Office or SharePoint should prioritize applying available patches immediately given confirmed active exploitation.

affectedCISA Adds Two Known Exploited Vulnerabilities to Catalogsocial969 · up

Apr 0723d ago

highidentityexploited in the wild

Russia Hacked Routers to Steal Microsoft Office Tokens

Russian military intelligence hackers exploited known vulnerabilities in older routers to silently harvest Microsoft Office authentication tokens across more than 18,000 networks. The attack required no malware deployment, making it difficult to detect through traditional security tools. Developers should care because this demonstrates how infrastructure-level compromises can bypass application-layer security, putting any organization using Microsoft Office at risk of credential theft without any user interaction.

affectedRussia Hacked Routers to Steal Microsoft Office Tokenssocial997 · up

Apr 0624d ago

highransomware

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

German authorities have publicly identified 31-year-old Russian national Daniil Maksimovich Shchukin as 'UNKN', the leader behind the notorious REvil and GandCrab ransomware-as-a-service (RaaS) operations. He is accused of conducting at least 130 ransomware attacks against victims in Germany between 2019 and 2021. Developers and organizations should be aware that law enforcement continues to make progress in attributing major ransomware operations, and the REvil/GandCrab infrastructure and tactics remain a reference point for understanding modern ransomware threats.

affectedGermany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrabsocial748 · flat

scanning advisory feeds…