What's happening in cyber, in plain English
We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.
- LowAdvisoryCisco PSIRT — security advisories· 24 Apr 2026· summary pending
Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptive Security Appliance
- HighAdvisoryCisco PSIRT — security advisories· 24 Apr 2026· summary pending
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-39987 Marimo Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
Defending Against China-Nexus Covert Networks of Compromised Devices
Defending against china-nexus covert networks of compromised devices executive summary Defending against China-nexus covert networks of compromised devices Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of comprom
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
SpiceJet Online Booking System
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. The following versions of SpiceJet Online Booking System are affected: Online Booking System vers:all/* (CVE-2026-6375, CVE-2026-6376)
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
Milesight Cameras
View CSAF Summary Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. The following versions of Milesight Cameras are affected: MS-Cxx63-PD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-
- HighAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
Intrado 911 Emergency Gateway (EGW)
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read, modify, or delete files. The following versions of Intrado 911 Emergency Gateway (EGW) are affected: Emergency Gateway 7.x (CVE-2026-6074) Emergency Gateway 6.x (C
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
Carlson Software VASCO-B GNSS Receiver
View CSAF Summary Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. The following versions of Carlson Software VASCO-B GNSS Receiver are affected: VASCO-B GNSS Receiver
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. The following versions of Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera are
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
Yadea T5 Electric Bicycle
View CSAF Summary Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. The following versions of Yadea T5 Electric Bicycle are affected: T5 Electric Bicycle vers:all/* (
- LowAdvisoryCISA — cybersecurity advisories· 23 Apr 2026· summary pending
FIRESTARTER Backdoor
Malware Analysis Report at a Glance Malware Name FIRESTARTER Original Publication April 23, 2026 Executive Summary The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained from a forensic investigation. CISA
- MediumAdvisoryCisco PSIRT — security advisories· 22 Apr 2026· summary pending
Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulner
- HighAdvisoryCisco PSIRT — security advisories· 22 Apr 2026· summary pending
Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elev
- CriticalAdvisoryCisco PSIRT — security advisories· 22 Apr 2026· summary pending
Cisco Catalyst SD-WAN Vulnerabilities
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For more information abou
- LowAdvisoryCISA — cybersecurity advisories· 22 Apr 2026· summary pending
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a fre
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
View CSAF Summary RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) a
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
View CSAF Summary RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBO
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Silex Technology SD-330AC and AMC Manager
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. The following versions of Silex Technology SD-3
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
SenseLive X3050
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. The following versions of SenseLive X3050 are affected: X3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Hardy Barth Salia EV Charge Controller
View CSAF Summary Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. The following versions of Hardy Barth Salia EV Charge Controller are affected: Salia Board Fi
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens Industrial Edge Management
View CSAF Summary Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Zero Motorcycles Firmware
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware. The following versions of Zero Motorcycles
- MediumAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens Analytics Toolkit
View CSAF Summary Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the af
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens SINEC NMS
View CSAF Summary SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new versi
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens SINEC NMS
View CSAF Summary Siemens SINEC NMS when used with User Management Component (UMC) contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens SCALANCE
View CSAF Summary SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. The following versions of Sie
- LowAdvisoryCISA — cybersecurity advisories· 21 Apr 2026· summary pending
Siemens TPM 2.0
View CSAF Summary The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affec
- LowAdvisoryCISA — cybersecurity advisories· 20 Apr 2026· summary pending
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2023-27351 PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199 JetBrains TeamCity Relative Path Traver
- LowAdvisoryCISA — cybersecurity advisories· 20 Apr 2026· summary pending
Supply Chain Compromise Impacts Axios Node Package Manager
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 Axios is an HTTP client for JavaScript that developers common
- CriticalAdvisoryCisco PSIRT — security advisories· 16 Apr 2026· summary pending
Cisco Webex Services Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate va
Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.