🔐 Security & Cloud Weekly Digest

📅 2026-04-17 | 📊 260 bài → 46 (7 ngày) → 46 relevant → Top 46

Tổng tin tức

Critical

Security

Cloud

🔐 Security

đang bị khai thác nginx-ui lỗi (CVE-2026-33032) cho phép Full Nginx Server Takeover

Critical 📰 The Hacker News 📅 15/04 18:26 ⭐ Score: 27

**Mã CVE:** CVE-2026-33032
**Mức độ:** Nghiêm trọng - Đang bị khai thác
A recently disclosed nghiêm trọng security lỗi impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild
The lỗ hổng in question is CVE-2026-33032 (CVSS score: 9

» Chi tiết

Microsoft Issues Patches for SharePoint zero-day and 168 Other New Vulnerabilities

Critical 📰 The Hacker News 📅 15/04 14:10 ⭐ Score: 24

**Mức độ:** Nghiêm trọng - Đang bị khai thác
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one lỗ hổng that has been actively exploited in the wild
Of these 169 vulnerabilities, 157 are rated

» Chi tiết

Adobe Patches đang bị khai thác Acrobat Reader lỗi CVE-2026-34621

Critical 📰 The Hacker News 📅 12/04 09:55 ⭐ Score: 24

**Mã CVE:** CVE-2026-34621
**Mức độ:** Nghiêm trọng - Đang bị khai thác
Adobe has released emergency updates to fix a nghiêm trọng security lỗi in Acrobat Reader that has come under active exploitation in the wild
The lỗ hổng, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8

» Chi tiết

ShowDoc RCE lỗi CVE-2025-0520 đang bị khai thác on Unpatched Servers

Critical 📰 The Hacker News 📅 14/04 11:20 ⭐ Score: 23

**Mã CVE:** CVE-2025-0520
**Mức độ:** Nghiêm trọng - Đang bị khai thác
A nghiêm trọng security lỗ hổng impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild
The lỗ hổng in question is CVE-2025-0520 (aka CNVD-2020-26585)

» Chi tiết

Cisco Patches Four nghiêm trọng Identity Services, Webex Flaws Enabling Code Execution

Critical 📰 The Hacker News 📅 16/04 16:57 ⭐ Score: 22

**Mã CVE:** CVE-2026-20184
**Mức độ:** Nghiêm trọng - Đang bị khai thác
Cisco has announced patches to address four nghiêm trọng security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service

» Chi tiết

April bản vá Tuesday Fixes nghiêm trọng Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical 📰 The Hacker News 📅 15/04 18:07 ⭐ Score: 22

**Mã CVE:** CVE-2026-27681
**Mức độ:** Nghiêm trọng - Đang bị khai thác
A number of nghiêm trọng vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's bản vá Tuesday releases
Topping the list is an SQL injection lỗ hổng impacting SAP Business Planning a

» Chi tiết

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

Critical 📰 The Hacker News 📅 14/04 11:09 ⭐ Score: 22

**Mã CVE:** CVE-2026-21643
**Mức độ:** Nghiêm trọng - Đang bị khai thác
Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
The list of vulnerabilities is as fol

» Chi tiết

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Critical 📰 The Hacker News 📅 14/04 21:27 ⭐ Score: 19

**Mã CVE:** CVE-2026-40176
**Mức độ:** Nghiêm trọng - Đang bị khai thác
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution
The vulnerabilities have been described as c

» Chi tiết

Three Microsoft Defender Zero-Days đang bị khai thác; Two Still Unpatched

Critical 📰 The Hacker News 📅 17/04 18:51 ⭐ Score: 17

**Mức độ:** Nghiêm trọng - Đang bị khai thác
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems
The activity involves the exploitation of three vulnerabilities that are code

» Chi tiết

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI lỗ hổng Hunting and More

Critical 📰 The Hacker News 📅 13/04 18:31 ⭐ Score: 17

**Mức độ:** Nghiêm trọng - Đang bị khai thác
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan
We are tracking a nghiêm trọng zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that

» Chi tiết

bản vá Tuesday, April 2026 Edition

Critical 📰 Krebs on Security 📅 14/04 21:47 ⭐ Score: 17

**Mức độ:** Nghiêm trọng - Đang bị khai thác
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueH

» Chi tiết

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

Critical 📰 The Hacker News 📅 17/04 08:52 ⭐ Score: 16

**Mã CVE:** CVE-2026-34197
**Mức độ:** Nghiêm trọng - Đang bị khai thác
A recently disclosed high-severity security lỗi in Apache ActiveMQ Classic has come under active exploitation trong thực tế, per the U
Cybersecurity and Infrastructure Security Agency (CISA)

» Chi tiết

Your MTTD Looks Great. Your Post-Alert Gap Doesn't

Critical 📰 The Hacker News 📅 13/04 17:11 ⭐ Score: 16

**Mức độ:** Nghiêm trọng - Đang bị khai thác
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser
Palo Alto Networks' Wendi Whitmore warned that similar capabilities are

» Chi tiết

n8n Webhooks Abused Since October 2025 to Deliver phần mềm độc hại via lừa đảo Emails

Critical 📰 The Hacker News 📅 15/04 22:39 ⭐ Score: 12

**Mức độ:** Nghiêm trọng - Đang bị khai thác
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated lừa đảo campaigns and deliver malicious payloads or fingerprint devices by sending automated

» Chi tiết

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

Critical 📰 The Hacker News 📅 16/04 17:25 ⭐ Score: 11

**Mức độ:** Nghiêm trọng - Đang bị khai thác
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches
Not weak passwords

» Chi tiết

NIST Limits CVE Enrichment After 263% Surge in lỗ hổng Submissions

Critical 📰 The Hacker News 📅 17/04 12:44 ⭐ Score: 10

**Mức độ:** Nghiêm trọng - Đang bị khai thác
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National lỗ hổng Database (NVD), stating it will only enrich those that fulfi

» Chi tiết

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT phần mềm độc hại

High 📰 The Hacker News 📅 13/04 14:45 ⭐ Score: 8

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform,

» Chi tiết

JanelaRAT phần mềm độc hại Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

High 📰 The Hacker News 📅 13/04 22:45 ⭐ Score: 7

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a phần mềm độc hại family called JanelaRAT
A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data asso

» Chi tiết

CPUID vi phạm dữ liệu Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Medium 📰 The Hacker News 📅 12/04 11:24 ⭐ Score: 5

Unknown threat actors compromised CPUID ("cpuid[
]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and dep

» Chi tiết

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

Medium 📰 The Hacker News 📅 14/04 20:00 ⭐ Score: 4

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover&nbs

» Chi tiết

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft phần mềm độc hại Campaign

📰 The Hacker News 📅 16/04 11:50 ⭐ Score: 3

The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver phần mềm độc hại capable

» Chi tiết

☁️ AWS

Building Memory-Intensive Apps with AWS Lambda Managed Instances

Critical 📰 AWS Compute Blog 📅 10/04 19:54 ⭐ Score: 10

**Mức độ:** Nghiêm trọng - Đang bị khai thác
Building memory-intensive applications with AWS Lambda just got easier
AWS Lambda Managed Instances gives you up to 32 GB of memory—3x more than standard AWS Lambda—while maintaining the serverless experience you know

» Chi tiết

AWS Outposts monitoring and reporting: A comprehensive Amazon EventBridge solution

High 📰 AWS Compute Blog 📅 14/04 16:18 ⭐ Score: 8

Organizations using AWS Outposts racks commonly manage capacity from a single AWS account and share resources through AWS Resource Access Manager (AWS RAM) with other AWS accounts (consumer accounts) within AWS Organizations
In this post, we demonst

» Chi tiết

AWS Interconnect is now generally available, with a new option to simplify last-mile connectivity

High 📰 AWS News Blog 📅 14/04 23:54 ⭐ Score: 7

Today, we’re announcing the general availability of AWS Interconnect – multicloud, a managed private connectivity service that connects your Amazon Virtual Private Cloud (Amazon VPC) directly to VPCs on other cloud providers
We’re also introducing A

» Chi tiết

Secure AI agent access patterns to AWS resources using Model Context Protocol

High 📰 AWS Security Blog 📅 14/04 22:52 ⭐ Score: 7

AI agents and coding assistants interact with AWS resources through the Model Context Protocol (MCP)
Unlike traditional applications with deterministic code paths, agents reason dynamically, choosing different tools or accessing different data depen

» Chi tiết

Introducing Anthropic’s Claude Opus 4.7 model in Amazon Bedrock

📰 AWS News Blog 📅 16/04 14:49 ⭐ Score: 3

AWS ra mắt Claude Opus 4
7 in Amazon Bedrock, Anthropic's most intelligent Opus model for advancing performance across coding, long-running agents, and professional work

» Chi tiết

AWS Weekly Roundup: Claude Mythos Preview in Amazon Bedrock, AWS Agent Registry, and more (April 13, 2026)

📰 AWS News Blog 📅 13/04 16:16 ⭐ Score: 3

In my last Week in Review post, I mentioned how much time I’ve been spending on AI-Driven Development Lifecycle (AI-DLC) workshops with customers this year
A common theme in those sessions is the need for better cost visibility

» Chi tiết

🛠️ Infrastructure

Operation PowerOFF Seizes 53 DDoS Domains, để lộ 3 Million Criminal Accounts

High 📰 The Hacker News 📅 17/04 11:16 ⭐ Score: 7

An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals
The ongoing effort, dubbed

» Chi tiết

FBI and Indonesian Police Dismantle W3LL lừa đảo Network Behind $20M Fraud Attempts

Medium 📰 The Hacker News 📅 13/04 20:16 ⭐ Score: 6

Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global lừa đảo operation that leveraged an off-the-shelf toolkit called W3LL to steal thousa

» Chi tiết

Why We Chose the Harder Path: Docker Hardened Images, One Year Later

Medium 📰 Docker Blog 📅 14/04 21:48 ⭐ Score: 4

We're coming up on a year since launching Docker Hardened Images (DHI) last May, and crossing a milestone earlier this month made me stop and reflect on what we've actually been building
Earlier this month, we crossed over 500k daily pulls of DHIs,

» Chi tiết

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

📰 The Hacker News 📅 14/04 14:05 ⭐ Score: 3

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser

» Chi tiết

Why MicroVMs: The Architecture Behind Docker Sandboxes

📰 Docker Blog 📅 16/04 17:14 ⭐ Score: 3

Last week, we launched Docker Sandboxes with a bold goal: to deliver the strongest agent isolation in the market
This post unpacks that claim, how microVMs enable it, and some of the architectural choices we made in this approach

» Chi tiết

How to Analyze Hugging Face for Arm64 Readiness

📰 Docker Blog 📅 13/04 15:59 ⭐ Score: 3

This post is a collaboration between Docker and Arm, demonstrating how Docker MCP Toolkit and the Arm MCP Server work together to scan Hugging Face Spaces for Arm64 Readiness
In our previous post, we walked through migrating a legacy C++ application

» Chi tiết

📊 Other

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

High 📰 The Hacker News 📅 16/04 18:35 ⭐ Score: 7

You know that feeling when you open your feed on a Thursday morning and it's just
This week delivered

» Chi tiết

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Medium 📰 The Hacker News 📅 16/04 23:22 ⭐ Score: 5

Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025
"PowMix employs randomized command-

» Chi tiết

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

Medium 📰 The Hacker News 📅 16/04 15:50 ⭐ Score: 5

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks target

» Chi tiết

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Medium 📰 The Hacker News 📅 15/04 17:00 ⭐ Score: 4

Few technologies have moved from experimentation to boardroom mandate as quickly as AI
Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it

» Chi tiết

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Medium 📰 The Hacker News 📅 10/04 18:53 ⭐ Score: 4

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine

» Chi tiết

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

📰 The Hacker News 📅 14/04 20:26 ⭐ Score: 3

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level

» Chi tiết

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

📰 The Hacker News 📅 11/04 11:32 ⭐ Score: 3

Hungarian domestic intelligence, the national police in El Salvador, and several U
law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc

» Chi tiết

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

📰 The Hacker News 📅 10/04 16:30 ⭐ Score: 3

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions
A new report from LayerX để lộ just how dee

» Chi tiết

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

📰 The Hacker News 📅 14/04 15:50 ⭐ Score: 2

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on

» Chi tiết

Analysis of 216M Security Findings Shows a 4x Increase In nghiêm trọng Risk (2026 Report)

📰 The Hacker News 📅 14/04 15:30 ⭐ Score: 2

**Mức độ:** Critical
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period
The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized nghiêm trọng risk grew by nearly 400%

» Chi tiết

Google Blocks 8.3B Policy-Violating Ads in 2025, ra mắt Android 17 Privacy Overhaul

📰 The Hacker News 📅 17/04 16:17 ⭐ Score: 1

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8
3 billion ads globally and suspended 24

» Chi tiết

OpenAI ra mắt GPT-5.4-Cyber with Expanded Access for Security Teams

📰 The Hacker News 📅 15/04 10:00 ⭐ Score: 1

OpenAI on Tuesday unveiled GPT-5
4-Cyber, a variant of its latest flagship model, GPT‑5

» Chi tiết

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

📰 The Hacker News 📅 13/04 12:20 ⭐ Score: 1

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised
"Out of an abundance of caution, we are taking steps

» Chi tiết