Cybersecurity Highlights: Microsoft Defender Zero-Days, IoT Botnet Disruptions & Anthropic Mythos Findings - April 2026

CybersecSaturday, April 18, 2026

50 articles analyzed by AI / 281 total

Key points

0:00 / 0:00

•In early 2026 and continuing into April, coordinated international law enforcement efforts disrupted massive IoT botnets responsible for major DDoS attacks compromising over three million devices, demonstrating increased global collaboration to combat cyber threats targeting critical IoT infrastructure.[Krebs on Security RSS][The Hacker News RSS]
•Multiple actively exploited zero-day vulnerabilities have been identified across widely used products, including Microsoft Defender, ShowDoc, and Adobe Acrobat Reader, emphasizing a surge in cyberattacks exploiting unpatched critical flaws in 2026. Notably, two Microsoft Defender zero-days remain unpatched, and Adobe's CVE-2026-34621 targets over 60 Brazilian fintech companies.[The Hacker News RSS][The Hacker News RSS][The Hacker News RSS][Google News - Cybersecurity]
•Anthropic's AI model Claude Mythos plays a significant role in identifying thousands of zero-day security flaws as part of Project Glasswing, illustrating the pivotal use of AI in proactive cybersecurity defense efforts during 2024 and 2026.[The Hacker News RSS]
•Recent cyber attacks have exploited novel vectors such as phishing campaigns leveraging automation platforms like n8n, and file upload functionalities in cloud platforms like Tolgee, highlighting the evolving sophistication of threat actors starting late 2025 through early 2026.[The Hacker News RSS][Reddit /r/netsec]
•Critical vulnerabilities in open-source tools such as the Marimo Python notebook were exploited rapidly within hours after public disclosure, demonstrating an urgent need for organizations to improve patch management and vulnerability response times.[The Hacker News RSS]

Relevant articles

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

Law enforcement agencies in the U.S., Canada, and Germany disrupted four major IoT botnets compromising over three million devices such as routers and webcams in March 2026. These botnets were involved in large-scale DDoS attacks, significantly reducing cyberattack capabilities.

Krebs on Security RSS · 3/20/2026, 12:49:19 AM

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

A Mirai variant called Nexcorium exploits CVE-2024-3721 to hijack TBK DVRs and end-of-life TP-Link routers for forming a DDoS botnet. Security researchers at Fortinet and Palo Alto Networks disclosed these findings in 2024, underscoring continuing IoT vulnerabilities.

The Hacker News RSS · 4/18/2026, 6:01:00 AM

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Since October 2025, attackers have exploited the n8n automation platform’s webhooks to deliver malware via phishing emails. This method uses automated email campaigns, posing a significant threat to organizations relying on workflow automation tools.

The Hacker News RSS · 4/15/2026, 5:09:00 PM

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic announced its AI model Claude Mythos detected thousands of zero-day vulnerabilities across major systems in 2024 as part of Project Glasswing. This AI-driven cybersecurity effort involves selected organizations aiming to proactively identify critical flaws.

The Hacker News RSS · 4/8/2026, 9:16:00 AM

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

The Marimo Python notebook RCE vulnerability CVE-2026-39987, with a high CVSS score of 9.3, was exploited within 10 hours of public disclosure in April 2026. The rapid exploitation emphasizes the critical need for swift patching of disclosed flaws.

The Hacker News RSS · 4/10/2026, 7:37:00 AM

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress reported three Microsoft Defender zero-day vulnerabilities actively being exploited in April 2026; two remain unpatched. These include BlueHammer and RedSun, which enable privilege escalation and increase the risk of widespread network compromises.

The Hacker News RSS · 4/17/2026, 1:21:00 PM

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical remote code execution flaw (CVE-2025-0520) affecting ShowDoc servers with a CVSS score of 9.4 is actively exploited in the wild as of April 2026. Unpatched servers remain vulnerable, posing significant risk to affected organizations.

The Hacker News RSS · 4/14/2026, 5:50:00 AM

Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)

A severe security flaw CVE-2026-32251 rated 9.3 CVSS in the Tolgee cloud platform allows attackers to read sensitive files like /etc/passwd through translation file uploads, reported in April 2026. This vulnerability potentially affects multiple users hosting on the platform.

Reddit /r/netsec · 4/8/2026, 11:03:55 AM

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency patches for an actively exploited critical Acrobat Reader vulnerability CVE-2026-34621 scoring 8.6 CVSS in April 2026. The flaw targeted mainly Brazilian fintech firms, with 62 known pre-authenticated attack targets identified.

The Hacker News RSS · 4/12/2026, 4:25:00 AM

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched - The Hacker News

As of April 2026, three zero-day vulnerabilities in Microsoft Defender are actively exploited, with two still unpatched, escalating organizational cybersecurity risks. Immediate patching is urged to prevent privilege escalation and system breaches.

Google News - Cybersecurity · 4/17/2026, 1:21:00 PM