DJBSEC's CyberNews 2026-04-15

Created in April 15, 2026

2026   ·   Daily News   ·   News

Fortinet Patches 11 Vulnerabilities Across Products

Fortinet has released patches addressing 11 vulnerabilities affecting multiple products in its portfolio. The flaws range in severity and could allow attackers to execute code, access sensitive data, or disrupt services. Given Fortinet’s widespread use in enterprise security environments, the potential impact is significant. Organizations that delay patching may be exposed to active threats. Security teams are urged to prioritize updates and review affected systems.
Read More

Black Basta Affiliates Target Senior Executives

Affiliates of the Black Basta ransomware group are increasingly targeting senior executives in their campaigns. By focusing on high-level individuals, attackers aim to gain access to sensitive corporate systems and data. This approach often involves tailored phishing and social engineering techniques. The strategy increases the likelihood of successful compromise and larger payouts. Organizations should implement stronger protections for executive accounts.
Read More

APT Activity Highlights Growing Cyber Espionage Tensions

Recent reports detail escalating activity among advanced persistent threat groups, reflecting growing geopolitical tensions. These groups are engaging in cyber espionage campaigns targeting critical sectors. The activity underscores the increasing role of cyber operations in global conflicts. Organizations in targeted industries face heightened risk. Enhanced monitoring and threat intelligence are essential defenses.
Read More

Fortinet SQL Injection Vulnerability Actively Exploited

A Fortinet SQL injection vulnerability is being actively exploited by attackers in the wild. The flaw could allow unauthorized access to databases and sensitive information. Exploitation may lead to further compromise of affected systems. Security experts warn that unpatched devices are at immediate risk. Organizations should apply patches and monitor for suspicious activity.
Read More

Hackers Weaponize Obsidian Shell Commands Plugin

Attackers are weaponizing the Obsidian Shell Commands plugin to execute malicious commands on user systems. By exploiting plugin functionality, they can run unauthorized scripts without detection. This highlights risks associated with third-party plugins and extensions. Users may unknowingly expose their systems by installing unverified tools. Security best practices include limiting plugin use and verifying sources.
Read More

Attackers Bypass Phishing Email Protections

Cybercriminals are developing new techniques to bypass phishing email protections. These methods allow malicious emails to evade detection by security filters. As a result, more phishing attempts are reaching end users. This increases the likelihood of credential theft and malware infections. Organizations should enhance email security and user awareness training.
Read More

A large-scale analysis of 216 million security findings has revealed key trends in vulnerabilities and threats. The data highlights common weaknesses and patterns exploited by attackers. Insights from the analysis can help organizations prioritize security efforts. It also underscores the scale of the cybersecurity challenge. Continuous monitoring and improvement are critical.
Read More

APT41 Targets Linux Cloud Servers for Credential Theft

APT41 is targeting Linux cloud servers to steal credentials and gain persistent access. The campaign focuses on cloud environments where valuable data and access tokens are stored. By compromising servers, attackers can expand their reach within organizations. This reflects the growing importance of cloud security. Organizations should strengthen protections and monitor for anomalies.
Read More

Zero-Day Exploit Disables CrowdStrike EDR

A zero-day vulnerability has been identified that can disable CrowdStrike’s endpoint detection and response (EDR) tool. This allows attackers to bypass critical security defenses. Such exploits significantly increase the risk of undetected attacks. Security teams must remain vigilant for signs of tampering. Updates and mitigations are expected to address the issue.
Read More

Malicious Chrome Extensions Steal User Data

Researchers have identified 108 malicious Chrome extensions designed to steal user data. These extensions can capture credentials, browsing activity, and sensitive information. Many appear legitimate, making them difficult to detect. The campaign highlights risks within browser extension ecosystems. Users should review installed extensions and remove suspicious ones.
Read More

CISA Adds New Exploited Vulnerabilities to KEV List

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws are actively being targeted by attackers. Inclusion in the KEV list signals the urgency of patching affected systems. Organizations are required to address these vulnerabilities promptly. The update highlights ongoing threats to widely used technologies.
Read More

FortiSandbox Vulnerability Enables Command Execution

A vulnerability in FortiSandbox could allow attackers to execute arbitrary commands on affected systems. The flaw poses significant risk to environments using the sandbox for threat analysis. Exploitation could undermine security operations and expose systems. Fortinet has released patches to address the issue. Organizations should update systems and review configurations.
Read More



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-04-16
  • DJBSEC's CyberNews 2026-04-14
  • DJBSEC's CyberNews 2026-04-13
  • DJBSEC's CyberNews 2026-04-10
  • DJBSEC's CyberNews 2026-04-09