Sign up to save your podcasts
Or
Share Apr 23, 2026 · #35
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Apr 23, 2026 · #35
Episode 35
Security Brief Daily | 23 Apr 2026
In This Episode
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. CVE-2025-29635 allows an attacker to execute arbitrary commands on remote devices by...
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated...
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. Cybersecurity firm Rapid7 retrieved and analyzed two distinct Kyber variants in March 2026 during an...
Article updated with statement from Signal thanking Apple for addressing the vulnerability . Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on...
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to...
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with...
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags,...
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium...
Security Brief Daily is an AI-generated cybersecurity news podcast. Always verify critical information with primary sources.
View all episodes
By Security Brief DailyEpisode 35
Security Brief Daily | 23 Apr 2026
In This Episode
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. CVE-2025-29635 allows an attacker to execute arbitrary commands on remote devices by...
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated...
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. Cybersecurity firm Rapid7 retrieved and analyzed two distinct Kyber variants in March 2026 during an...
Article updated with statement from Signal thanking Apple for addressing the vulnerability . Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on...
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to...
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with...
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags,...
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium...
Security Brief Daily is an AI-generated cybersecurity news podcast. Always verify critical information with primary sources.