Infosec bits for 2026 week 18

Anele Siwela | April 30, 2026, 10:24 a.m.

Cybersecurity News:

Linux cryptographic code flaw offers fast route to root [Thomas Claburn, The Register]

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware [Ionut Arghire, Security Week]

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs [Ravie Lakshmanan, The hacker news]

Vidar Malware Hides Payloads in JPEG and TXT Files [Aditya Kumar, Security Boulevard]

Vulnerabilities & Patches:

Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise [Guru Baran, Cybersecurity News]

Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017 [Lucas Martin, Cyber Press]

Notepad++ Vulnerability Allows Attackers to Crash Application, Leak Memory Data [Guru Baran, Cybersecurity News]

CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog [Eric Geller, Cyber security dive]

Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools [Guru Baran, Cybersecurity News]

Malware:

Lazarus Hackers Attacking macOS Users With ‘Mach-O Man’ Malware Kit [Balaji N, Cybersecurity News]

Researchers unearth industrial sabotage malware that predated Stuxnet by 5 year [Lucian Constantin, CSO Online]

Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware [Benjamin Read, Merav Bar, Shay Berkovich, Gili Tikochinski, Wiz]

Firestarter' malware survives Cisco firewall patches [Juha Saarinen, itnews]