On April 20, 2026, CISA added eight new vulnerabilities to its KEV catalog, including three affecting Cisco Catalyst SD-WAN Manager, with active exploitation confirmed. One notable flaw is CVE-2023-27351 in PaperCut, rated 8.2 on the CVSS scale. The agency set federal deadlines for addressing these vulnerabilities in April and May 2026 to enhance security.
A security firm has warned about scam messages falsely claiming to offer safe transit through the Strait of Hormuz. These messages aim to spread misinformation, potentially disrupting maritime security and influencing market perceptions. The scam highlights ongoing risks of digital misinformation in the Web3 space, emphasizing the need for vigilance against false claims that could impact security and trading activities.
US and Iran are holding ceasefire talks in Pakistan amid rising tensions following a naval incident. The diplomatic efforts aim to reduce regional instability, which could impact global markets. The talks, occurring in April 2026, highlight ongoing tensions that threaten to escalate further, emphasizing the fragile state of US-Iran relations and their potential influence on the broader geopolitical landscape.
CISA has issued a four-day deadline for U.S. government agencies to address a newly identified SD-WAN flaw in Catalyst SD-WAN Manager, which is actively being exploited in attacks. The security agency flagged the vulnerability on April 21, 2026, emphasizing the urgent need for agencies to patch their systems to prevent potential breaches.
A Dune Analytics report reveals nearly 50% of Layerzero applications use basic security configurations, raising cross-chain risk concerns after recent exploits. Most Layerzero dApps rely on the lowest DVN security level, highlighting vulnerabilities in the rapidly growing cross-chain ecosystem and the need for improved security measures to prevent future breaches.
Chinese advanced persistent threat (APT) groups are reportedly targeting Indian banks and Korean policy circles, with limited effort indicated by outdated tactics. The activity highlights ongoing cyber espionage concerns in the region, though specific dates and amounts were not disclosed. The campaign underscores the persistent security risks facing financial and governmental sectors in Asia.
Arbitrum has frozen $71 million in ETH linked to the Kelp DAO exploit, which occurred in April 2026. The move aims to secure the funds and prevent further misuse following the security breach. The incident highlights ongoing risks within DeFi platforms and the importance of proactive security measures in the Web3 space.
