Episode 25 — 13 Apr 2026
1. Critical Marimo pre-auth RCE flaw now under active exploitation
Source: Bleeping Computer
Hackers started exploiting a critical vulnerability in the Marimo open-source reactive Python notebook platform just 10 hours after its public disclosure. The flaw allows remote code execution without authentication in Marimo versions 0.20.4 and earlier. It tracked as...
2. Over 20,000 crypto fraud victims identified in international crackdown
Source: Bleeping Computer
An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. Dubbed "Operation Atlantic," this joint action took place last month, and...
3. OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
Source: The Hacker News
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that...
4. Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Source: The Hacker News
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the...
5. CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Source: The Hacker News
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan...
