Article Read Time
1. Operation PowerOFF Dismantles Global DDoS-for-Hire Empire
On April 13, a sweeping international law enforcement operation spanning 21 countries struck a decisive blow against the DDoS-for-hire ecosystem. Authorities seized 53 domains, arrested four individuals, and exposed databases containing over 3 million criminal user accounts tied to commercial DDoS services used by more than 75,000 cybercriminals. The operation is now entering a prevention phase, with Europol deploying search engine ads targeting young people drawn to DDoS tools and adding on-chain warning messages to illicit cryptocurrency payments.
Source: The Hacker News
2. Microsoft’s Massive April Patch Tuesday Fixes SharePoint Zero-Day
Microsoft released patches for 165 vulnerabilities in its April 2026 Patch Tuesday update, making it the second-largest patch release in the company’s history. The headliner: CVE-2026-32201, an actively exploited SharePoint Server spoofing vulnerability that allows attackers to view sensitive information and tamper with disclosed data over a network. CISA immediately added the flaw to its Known Exploited Vulnerabilities catalog, giving federal agencies until April 28 to remediate.
Source: SecurityWeek
3. 108 Malicious Chrome Extensions Caught Stealing Google and Telegram Data
Security researchers uncovered a coordinated campaign involving 108 Chrome Web Store extensions, all communicating with the same command-and-control server. Published under five fake developer identities and collectively installed roughly 20,000 times, the extensions steal Google account credentials via OAuth2, hijack Telegram Web sessions, inject ads, and open arbitrary URLs on browser launch. Source code analysis revealed Russian-language comments across several of the add-ons. Users who installed any of the affected extensions are urged to remove them immediately and revoke active sessions.
Source: BleepingComputer
4. NIST Overhauls the National Vulnerability Database with Risk-Based Triage
Faced with a 263% surge in CVE submissions between 2020 and 2025, NIST announced on April 15 that it will no longer fully analyze every submitted vulnerability. Under the new model, only CVEs appearing in CISA’s KEV catalog, those affecting federal government software, or those tied to software deemed critical under Executive Order 14028 will receive full enrichment with CVSS scores and detailed analysis. Everything else falls into a “Not Scheduled” category, receiving only a CVE ID and description. All backlogged CVEs published before March 1, 2026, have also been moved to this reduced-priority status.
Source: Help Net Security
5. Critical Apache ActiveMQ Flaw Under Active Exploitation
CISA added CVE-2026-34197, a high-severity vulnerability in Apache ActiveMQ Classic with a CVSS score of 8.8, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. The flaw allows remote attackers to compromise messaging infrastructure, and federal agencies have been given until April 30, 2026, to apply patches. The vulnerability arrives alongside ongoing exploitation of CVE-2026-3055 in Citrix NetScaler ADC/Gateway, which lets attackers read sensitive data directly from appliance memory.
Source: The Hacker News