Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [14 Apr 2026]

admin
Cybersecurity News | Daily Recap [14 Apr 2026]
Daily Recap, Cybersecurity news highlights active malware campaigns such as Mirax Android RAT turning devices into SOCKS5 proxies, JanelaRAT targeting Latin American banks, and Storm infostealer that harvests credentials while evading telemetry. It also covers a wave of critical fixes and CVEs across Kali Forms, ShowDoc, SAP, wolfSSL, Adobe, and notable data breaches at Basic-Fit and Booking.com, plus enforcement actions like the W3LL takedown and AI risk discussions from CSA and Goldman Sachs. #Mirax #JanelaRAT #StormStealer #KaliForms #ShowDoc #SAP #wolfSSL #Adobe #BasicFit #BookingCom #W3LL #Mythos #GoldmanSachs #BrowserGate

Malware & Campaigns

  • Mirax Android RAT is being distributed via Meta ads to Spanish-speaking users, converting infected devices into SOCKS5 residential proxies and reaching over 220,000 accounts – Mirax RAT
  • JanelaRAT (a BX RAT variant) targeted Latin American banks with browser overlays, DLL side-loading and other techniques, logging 14,739 attacks in Brazil in 2025 to steal financial and crypto data – JanelaRAT Attacks
  • Storm infostealer (subscription-based) silently harvests browser credentials, session cookies and crypto wallets by performing server-side decryption and automated cookie restore to evade telemetry – Storm Stealer

Vulnerabilities & Patches

  • An unauthenticated RCE in the Kali Forms WordPress plugin (all versions up to 2.4.9) was publicly disclosed and quickly exploited via manipulated form placeholders – Kali Forms
  • The ShowDoc RCE flaw (CVE-2025-0520) is being actively exploited on unpatched servers, enabling remote command execution – ShowDoc RCE
  • SAP issued April fixes including a critical ABAP CVE-2026-27681 SQL injection affecting BPC and BW and a high-severity missing-authorization CVE-2026-34256; admins are urged to apply the 20 security notes promptly – SAP Patches
  • A critical crypto validation bug in wolfSSL (CVE-2026-5194) can accept too-small hash digests for ECDSA, allowing forged certificates; users should upgrade to wolfSSL 5.9.1 or follow vendor guidance – wolfSSL Bug
  • Adobe released an emergency fix for an Acrobat/Reader zero-day being exploited in the wild—apply updates immediately – Adobe Fix
  • CISA added 6 Known Exploited Vulnerabilities to its catalog, including Fortinet SQLi probes and a Microsoft Exchange deserialization flaw used by Storm-1175 to deliver Medusa ransomware—admins should prioritize mitigations – CISA KEV
  • OpenAI rotated macOS code-signing certificates after a compromised Axios v1.14.1 package hit a GitHub Actions workflow; macOS users must update apps before May 8, 2026 – OpenAI Certs

Data Breaches

  • European gym chain Basic‑Fit confirmed unauthorized access that downloaded personal details for about 1 million members (≈200,000 in the Netherlands); incident was detected and blocked quickly and reported to authorities – Basic-Fit Breach, Basic-Fit Breach, Basic-Fit Breach
  • Booking.com forced reservation PIN resets after unauthorized parties accessed booking information (names, emails, addresses and communications); no payment data was reported breached – Booking Breach, Booking Breach
  • Extortion gang ShinyHunters leaked what it claims are > 78.6 million Rockstar analytics records obtained via stolen Anodot tokens (Snowflake/Zendesk data); Rockstar says impact is limited – Rockstar Leak, Rockstar Leak

Enforcement & Underground

  • The FBI and Indonesian authorities dismantled the W3LL phishing marketplace, seized infrastructure, and arrested an alleged developer after the kit facilitated thousands of credential thefts and over $20M in attempted fraud – W3LL Takedown, W3LL Takedown, W3LL Takedown
  • A TierOne dark‑web forum launched a $10,000 article contest (sponsored by ransomware group cry0) seeking exploit writeups for RCE, IDOR, SSTI, firmware and AV/EDR bypasses, spotlighting underground knowledge-sharing – TierOne Contest

AI Risk & Industry

  • The Cloud Security Alliance urged CISOs to prepare for accelerated AI threats from models like Anthropic’s Claude Mythos by hardening patching, segmentation, MFA and running tabletop exercises before such capabilities proliferate – Mythos Warning
  • Goldman Sachs is proactively assessing Mythos risks and collaborating with Anthropic and partners under Project Glasswing to harden financial systems against AI-driven autonomous vulnerability discovery – Goldman Response

Privacy & Policy

  • Research from the Molly Rose Foundation and YouthInsight finds 61% of Australian 12–15‑year‑olds still access restricted platforms despite the under‑16 social media ban, calling out enforcement gaps and urging stronger regulation – Australia Ban, Australia Ban
  • Claims in the “BrowserGate” exposé that LinkedIn scans browsers for ~6,000 extensions to profile users have been disputed by researchers and LinkedIn, raising GDPR and privacy concerns about extension probing vs. abuse detection – BrowserGate Claims

Cybersecurity News | Daily Recap – hendryadrian.com