Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Apr 22, 2026
Security & Infrastructure Tools
Kyber ransomware gang toys with post-quantum encryption on Windows
Rapid7 reveals a new Kyber ransomware operation targeting Windows and VMware ESXi, with one variant claiming post-quantum Kyber1024 encryption. Two variants were observed in March 2026 using the same campaign ID and Tor-based infrastructure: a Windows Rust-based encryptor that uses Kyber1024 (and X25519) to protect AES-CTR bulk encryption, and an ESXi-focused variant that encrypts datastore files, can terminate VMs, and deface management interfaces. The Windows payload appends the .#~~~ extension, shuts down services, deletes backups, wipes event logs, and can terminate Hyper-V VMs; the ESXi variant enumerates VMs, encrypts datastores, and defaces interfaces. A Linux ESXi variant reportedly uses ChaCha8 with RSA-4096 for key wrapping. Despite Kyber1024 branding, Rapid7 notes Kyber is not used for direct file encryption; files are effectively unrecoverable without the attacker key. So far, at least one victim is publicly listed—a large U.S. defense contractor and IT services provider.
By TechLogHub
Apr 22, 2026
Security & Infrastructure Tools
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
This post exposes Caller-as-a-Service, a structured, scalable fraud operation that treats phone scams like a professional business. It maps a full attack lifecycle with distinct roles—from data sourcing and infrastructure to live-call agents—supervision, and varied compensation models. It explains underground recruitment tactics (including “proof-of-profit” visuals and English-language targeting), how stolen data fuels campaigns, and the shift toward industrialized social engineering. The piece also outlines defender and individual implications, recommending stronger identity verification, behavioral analytics, and MFA, and it highlights Flare’s ability to detect leaked data and recruitment activity to preempt attacks.
By TechLogHub
Apr 22, 2026
Security & Infrastructure Tools
Microsoft Releases Emergency Patches for Critical ASP.NET Core Privilege Escalation Flaw
Microsoft issued out-of-band security updates to patch a critical ASP.NET Core Data Protection vulnerability (CVE-2026-40372) that could allow attackers to forge authentication cookies and escalate to SYSTEM privileges. The flaw stems from a regression in DataProtection packages 10.0.0–10.0.6, where the HMAC validation used the wrong bytes, enabling forged payloads to bypass authenticity checks and decrypt prior payloads in auth cookies, antiforgery tokens, TempData, and OIDC state. If exploited, attackers could impersonate a privileged user and cause the app to issue legitimately signed tokens to themselves; those tokens remain valid after upgrading unless the DataProtection key ring is rotated. Microsoft urges updating Microsoft.AspNetCore.DataProtection to 10.0.7 and redeploying to reject forged payloads, and to rotate the key ring to invalidate any minted tokens. The advisory notes the vulnerability can also enable file disclosure and data modification, without impacting system availability. Related context includes earlier CVE-2025-55315 and other Windows Server updates released in April 2026.
By TechLogHub
Apr 22, 2026
Security & Infrastructure Tools
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
More than 1,300 Microsoft SharePoint servers remain online and unpatched against CVE-2026-32201, a spoofing vulnerability affecting SharePoint Server 2016, 2019, and Subscription Edition. Exploitation could allow attackers to view or modify sensitive data with a low-complexity, no-interaction attack, though it cannot disable access to the resource. Microsoft released patches in April 2026, but Shadowserver reports only a small number of systems have been updated. CISA added CVE-2026-32201 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to patch by April 28 under BOD 22-01. The April Patch Tuesday also fixed 167 vulnerabilities, including two zero-days.
By TechLogHub