A critical security flaw in the Python-based Terrarium sandbox, tracked as CVE-2026-5752, was disclosed on April 22, 2026. Rated 9.3 on CVSS, the vulnerability allows attackers to execute arbitrary code with root privileges and escape the container via JavaScript prototype chain traversal. This flaw poses significant security risks for systems using the Terrarium sandbox.
Microsoft has identified a code change in the Microsoft Graph API as the cause of ongoing Universal Print sharing issues, which began affecting users in April 2026. The problem prevents users from creating certain printer shares, impacting enterprise printing workflows. Microsoft is working to resolve the issue and restore full functionality.
Arkham Intelligence tracked 75,701 ETH moving into new wallets on April 21, linked to the $292 million Kelp DAO exploit. Suspected Lazarus Group actors are routing stolen funds through THORChain and Umbra, with $175 million ETH involved. The ongoing laundering efforts show the scale of the attack and the challenges in tracing stolen crypto.
On April 21, 2026, Mastercard became a charter member of the Blockchain Security Standards Council (BSSC), joining Coinbase, Fireblocks, and others. Claire Le Gal will represent Mastercard on the BSSC board. The company aims to contribute to security and privacy standards, aligning with its Multi-Token Network initiative. This move emphasizes Mastercard’s focus on enhancing blockchain security protocols.
Dogecoin (DOGE) is consolidating below a key resistance level, with recent volume spikes exceeding $800 million on April 16 and whale accumulation of over $330 million in the past week. Analysts suggest bullish momentum and large holder activity could trigger a significant price move, potentially breaking above the $0.10 resistance, which has held since early 2023.
A new Linux variant of the GoGra malware uses the Microsoft Graph API for communication, leveraging legitimate Microsoft infrastructure to evade detection. The malware, which relies on an Outlook inbox for stealthy payload delivery, highlights evolving security threats targeting Linux systems. This development underscores the importance of monitoring cloud-based communication channels for potential malicious activity.
Greek firm MARISKS warns of Bitcoin and USDT scams targeting shipping companies in the Strait of Hormuz, where vessels face military fire. Unknown actors are extorting shipping firms for crypto to bypass blockades, with at least one tanker hit by Iranian gunfire on April 18. The scam highlights crypto's role in geopolitical conflicts.
