ScanForge Security Digest 2615-01

April 9, 2026200 items

43 critical0 high10 news

SECURITY DIGEST SUMMARY This week presented a significant threat landscape with 43 critical vulnerabilities identified, though no actively exploited zero-days were added to CISA's catalog. Notable critical issues include authorization bypasses in ORY Oathkeeper, multiple vulnerabilities in CI4MS affecting access control and data validation, arbitrary code execution in NocoBase workflows, and SSL/TLS session protection weaknesses in Mbed TLS. Organizations should prioritize patching these critical vulnerabilities, particularly those affecting identity/access systems and no-code platforms. Concurrent threats include new macOS stealer campaigns, an emerging DDoS-for-hire botnet targeting IoT devices, and active exploitation of Ivanti EPMM requiring immediate federal remediation by Sunday.

Critical

10.0 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes H CVE-2026-33494

9.9 CI4MS 5 CVEs

CVE-2026-34571, CVE-2026-34569, CVE-2026-34568, CVE-2026-34567, CVE-2026-34566

9.9 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterpris CVE-2026-34156

9.8 An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient p CVE-2026-34877

9.8 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occ CVE-2026-34875

9.8 An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers CVE-2026-30285

9.8 An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 a CVE-2026-30283

9.8 An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers CVE-2026-30278

9.8 An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite crit CVE-2026-30281

9.8 An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to o CVE-2026-30276

9.8 Roo Code's command auto-approval module contains a critical OS command injection vulnerability that CVE-2026-30307

9.8 SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code executio CVE-2026-3060

Security News

New macOS stealer campaign uses Script Editor in ClickFix attack Bleeping Computer

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the Click

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday Bleeping Computer

CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in I

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy The Hacker News

Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misco

13-year-old bug in ActiveMQ lets hackers remotely execute commands Bleeping Computer

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone und

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices The Hacker News

Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service

Fraud Rockets Higher in Mobile-First Latin America Dark Reading

Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many

Data Leakage Vulnerability Patched in OpenSSL SecurityWeek

A total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL. The post

Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus Dark Reading

Exploits & Threats

[local] SQLite 3.50.1 - Heap Overflow

[webapps] Horilla v1.3 - RCE

[local] Microsoft MMC MSC EvilTwin - Local Admin Creation

[local] 7-Zip 24.00 - Directory Traversal

[webapps] xibocms 3.3.4 - RCE