Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [15 Apr 2026]

admin
Cybersecurity News | Daily Recap [15 Apr 2026]
Daily Recap, Microsoft released April 2026 updates fixing 167 flaws, including two zero-days in SharePoint (CVE-2026-32201) and Defender (CVE-2026-33825), and urged urgent Office/Defender patches for Windows 11 25H2/24H2, Windows 10 ESU, and Windows Server 2025. The roundup also covers extortion-linked incidents involving Kraken and McGraw-Hill, the JanaWare Adwind RAT campaign targeting Turkey, and policy moves such as Virginia’s geolocation ban and Russia blocking Bluesky, alongside AI defense advances like OpenAI’s GPT-5.4 Cyber.
#SharePoint #Defender #Kraken #McGrawHill #JanaWare #AdwindRAT #Turkey #Virginia #Bluesky #OpenAI #GPT54Cyber

Microsoft & Windows

  • Microsoft April updates fix 167 flaws including 2 zero-days (SharePoint CVE-2026-32201, Defender CVE-2026-33825) and urge priority Office/Defender updates – Patch Tuesday, Patch Details
  • Windows 11 cumulative updates KB5083769 & KB5082052 add features and security fixes for builds 25H2/24H2 and 23H2Win11 Updates
  • Windows 10 KB5082200 ESU delivers April fixes (including .rdp phishing protections and Secure Boot updates) for ESU/LTSC customers – Win10 ESU
  • April KB5082063 may force BitLocker recovery on some Windows Server 2025 machines with specific PCR7 TPM/Secure Boot Group Policy settings; Microsoft recommends policy rollback or KIR – BitLocker Prompt
  • Microsoft fixed an issue causing unexpected in-place upgrades from Server 2019/2022 to Windows Server 2025 and re-enabled the upgrade offer – Server Upgrade Fix
  • Windows now warns users and disables risky local redirections when opening .rdp files to block credential-theft phishing attacks (abused by groups like APT29) – RDP Protections

Vulnerabilities & Patches

  • CISA warns of an exploited Windows Task Host privilege-escalation bug CVE-2025-60710 affecting Windows 11/Server 2025 and issued a two-week remediation order after Microsoft’s earlier patch – Task Host
  • Ivanti Neurons ITSM flaws (CVE-2026-4913, CVE-2026-4914) allow session persistence or stored XSS; cloud mitigations and patched 2025.4 release were issued for customers – Ivanti ITSM
  • Adobe released patches for 55 vulnerabilities across 11 products, including critical RCEs in Acrobat Reader and ColdFusion (priority fixes recommended) – Adobe Patches
  • New PHP Composer flaws enable arbitrary command execution; maintainers released patches—update dependencies and CI pipelines promptly – Composer Flaws

Web Threats & Ad‑fraud

  • More than 100 malicious Chrome extensions stole Google OAuth2 tokens, harvested accounts, opened backdoors and facilitated ad fraud via a Contabo-linked infrastructure in a coordinated campaign—check and remove affected IDs – Chrome Extensions, Extension Campaign
  • The AI-driven “Pushpaganda” scheme used search-poisoning and AI-generated news to push scareware via Google Discover, generating roughly 240 million bid requests tied to 113 domains in one week and enabling fast ad-laundering – Pushpaganda Scam

Ransomware & Extortion

  • Extortion victims include crypto-exchange Kraken (extorted after an insider breach) and McGraw‑Hill (limited Salesforce-hosted page exposure amid extortion claims linked to ShinyHunters)—investigations ongoing – Kraken Extorted, McGraw‑Hill Breach
  • The long-running JanaWare campaign uses a polymorphic Adwind RAT, Turkish-language notes, geofencing and Tor to target users in Turkey and disable security controls before AES encryption—patch defenses and block delivery vectors – JanaWare Campaign

Industry & Guidance

  • Trucks are “rolling networks” of telematics, ELDs and cloud services that expand attack surface; NMFTA and industry groups push MFA, segmentation, patching and collaboration to reduce ransomware and cargo-theft risk – Transport Security
  • Sophos CISO Ross McKerchar discusses leadership, hiring, AI-driven attack evolution, burnout and product trust gaps from his 18-year journey to CISO – CISO Interview

AI & Defensive Tools

  • OpenAI expanded its Trusted Access for Cyber program and launched GPT‑5.4 Cyber to provide identity-verified defenders advanced AI for defensive workflows while managing dual‑use risks – OpenAI TAC

Policy & Censorship

  • Virginia enacted a ban on the sale of precise geolocation data, adding momentum to similar state-level privacy restrictions – Virginia GeoBan
  • Russia appears to have blocked the decentralized social network Bluesky amid broader restrictions on foreign platforms and intermittent connectivity controls – Russia Blocks Bluesky

Security Engineering

  • Google added a Rust-based DNS parser to the Pixel 10 modem to improve memory-safety and reduce parsing vulnerabilities in device networking stacks – DNS Parser

Cybersecurity News | Daily Recap – hendryadrian.com