# Top Stories

A critical RCE vulnerability in protobuf.js, Google's JavaScript implementation of Protocol Buffers, now has published proof-of-concept exploit code available. This library is widely used across JavaScript applications, making this a significant supply chain risk for organizations using affected versions.

Threat actors are exploiting CVE-2024-3721 in TBK DVR devices and end-of-life TP-Link routers to deploy Mirai botnet variants called Nexcorium for DDoS attacks. Fortinet and Palo Alto Unit 42 researchers identified this campaign targeting the medium-severity command injection flaw with a CVSS score of 6.3.

Grinex cryptocurrency exchange, sanctioned by the U.S. and U.K., suspended operations after a $13.74 million hack that the company attributes to Western intelligence agencies. The Kyrgyzstan-based exchange claims the attack bore hallmarks of foreign intelligence involvement and required resources available only to "unfriendly states."

CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ discovered in early April, is now being actively exploited in the wild. This represents a rapid weaponization timeline for organizations running the affected message broker software.

ZionSiphon malware has been identified targeting industrial control systems in Israeli water treatment and desalination plants. The malware is specifically configured to operate on systems associated with critical water infrastructure, representing a significant threat to operational technology environments.

Law enforcement from 21 countries coordinated to take down 53 DDoS-for-hire service domains in the latest "PowerOFF" operation. Four individuals were arrested in this international effort targeting distributed denial-of-service attack platforms that sell cheap access to cybercriminals.

A vulnerability in Cursor AI development environment could be chained with sandbox bypass and the platform's remote tunnel feature to gain shell access to developer machines. The flaw involves indirect prompt injection that could compromise developer devices through the AI-powered code editor.

Kejia Wang and Zhenxing Wang were sentenced to prison for facilitating North Korean IT worker schemes by compromising identities of dozens of U.S. persons. The scheme helped North Korean operatives obtain jobs at over 100 U.S. companies, generating revenue for the sanctioned regime.

Microsoft warns that some Windows domain controllers are entering restart loops after installing April 2026 security updates. This creates operational disruption for organizations deploying the latest patches, requiring careful rollout planning for affected systems.

Kamerin Stokes, 23, received a 30-month prison sentence for selling access to tens of thousands of hacked DraftKings accounts. The Memphis resident continued selling stolen credentials through online marketplaces even after pleading guilty to his role in the DraftKings breach.