Bitcoin Depot 8-K cybersecurity incident disclosure
Bitcoin Depot Inc. filed Form 8-K Item 1.05 disclosing a material cybersecurity incident discovered on March 23, 2026. An unauthorized party accessed company IT systems and transferred approximately 50.903 Bitcoin (valued at $3.665 million) from company-controlled wallets without authorization. The company engaged cybersecurity experts and law enforcement, contained the incident to its corporate environment, and has not identified evidence of customer PII exfiltration. Investigation and remediation efforts remain ongoing.
Bitcoin Depot Cybersecurity Incident Disclosure (Form 8-K Item 1.05)
Bitcoin Depot filed a Form 8-K Item 1.05 disclosure with the SEC reporting a material cybersecurity incident. The filing describes the nature of the incident, the date of discovery, and its scope. As a publicly traded company, Bitcoin Depot is subject to SEC cybersecurity disclosure rules requiring prompt reporting of material cyber events.
CVE-2026-1340 Ivanti EPMM Code Injection Vulnerability Added to KEV Catalog
CISA added CVE-2026-1340, an Ivanti Endpoint Manager Mobile (EPMM) code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risk as a frequent attack vector for malicious cyber actors targeting federal enterprises. Federal Civilian Executive Branch agencies are required to remediate vulnerabilities identified in the KEV Catalog pursuant to BOD 22-01.
CBP Arrests Five Fugitives in Five Days at Southern Border
U.S. Customs and Border Protection officers in the Laredo Field Office arrested five individuals with active felony warrants between March 27 and March 31, 2026. The arrests occurred at ports of entry including the Colombia-Solidarity Bridge in Laredo and the Gateway Bridge in Brownsville, Texas. Charges among the five fugitives included indecency with a child, homicide and abuse of office, aggravated assault with a deadly weapon, and burglary of a habitation.
Apache Cassandra Multiple Vulnerabilities - Privilege Escalation, Information Disclosure, DoS
CERT-Bund issued a security advisory warning of multiple vulnerabilities in Apache Cassandra database systems with a CVSS Base Score of 8.8. The flaws affect versions prior to 4.1.11, 5.0.7, and 4.0.20 across Linux, Windows, and UNIX platforms. Attackers can exploit these vulnerabilities to achieve privilege escalation, disclose information, and execute denial-of-service attacks.
Windows privilege escalation, NT AUTHORITYSYSTEM access, unpatched
Windows privilege escalation, NT AUTHORITYSYSTEM access, unpatched
Multiples vulnérabilités dans les produits Mozilla
CERT-FR published security advisory CERTFR-2026-AVI-0404 alerting to multiple remote code execution vulnerabilities in Mozilla Firefox, Firefox ESR, and Thunderbird. Firefox ESR versions before 115.34.1 and 140.9.1, Firefox before 149.0.2, and Thunderbird versions before 140.9.1 and 149.0.2 are affected. Five CVEs are referenced including CVE-2026-5731 through CVE-2026-5735.
Multiples vulnérabilités dans OpenSSL - Avis CERT-FR 2026-AVI-0403
CERT-FR issued an advisory alerting organizations to multiple critical vulnerabilities in OpenSSL affecting versions 1.0.2 through 3.6.x. Seven CVEs were identified including CVE-2026-28386 through CVE-2026-28390 and CVE-2026-31789-CVE-2026-31790. The vulnerabilities enable remote code execution, denial of service, and data confidentiality breaches. Organizations running affected OpenSSL versions must apply vendor patches immediately.
HPE Aruba Private 5G Core - Security Policy Bypass Vulnerability
CERT-FR issued a security advisory warning of a vulnerability (CVE-2026-23818) in HPE Aruba Networking Private 5G Core versions prior to 1.25.3.1. The flaw allows attackers to bypass security policies. Organizations using the affected product must apply patches referenced in HPE security bulletin HPESBNW05032.
Multiple Vulnerabilities in Microsoft Products
CERT-FR issued an advisory warning of 14 unpatched vulnerabilities across Microsoft products, spanning CVEs from CVE-2026-33936 through CVE-2026-35177, disclosed between March 29 and April 8, 2026. The vulnerabilities affect multiple Microsoft products and could allow remote code execution, privilege escalation, or information disclosure. Affected organizations are advised to consult Microsoft Security Response Center bulletins and apply available patches immediately.
Vulnerability in Moxa Products - Privilege Escalation and Remote DoS
CERT-FR issued a security advisory (CERTFR-2026-AVI-0405) alerting organizations to multiple vulnerabilities affecting 15 series of Moxa industrial computing and networking devices running Windows 7, 10, or 11. The vulnerabilities allow privilege escalation, remote denial of service, data integrity compromise, confidentiality breaches, and security policy bypass. Affected products include BXP-A100, BXP-A101, BXP-C100, DA-680, DA-681C, DA-682C, DA-720, DA-820C, DA-820E, DRP-A100, DRP-C100, EXPC-F2120W, EXPC-F2150W, MC-1100, and MC-1200 series.
SingCERT Security Bulletin: Critical Vulnerabilities Week of 8 April 2026
The Cyber Security Agency of Singapore (CSA) through SingCERT issued its weekly Security Bulletin for 8 April 2026, summarizing critical and high-severity vulnerabilities from NIST's National Vulnerability Database (NVD). The bulletin catalogs multiple CVEs with CVSS scores of 10.0, affecting Microsoft Azure services, ChurchCRM, Dgraph, SandboxJS, Juju, and Samsung Exynos processors. Organizations are advised to review affected products and apply available patches.
STIX XML Indicators of Compromise for Threat Intelligence
CISA ICS-CERT published STIX XML indicators of compromise (IOCs) for threat intelligence purposes. The advisory includes structured XML data containing malicious indicators that organizations can use to detect and identify potential cyber threats targeting industrial control systems and critical infrastructure. These IOCs are designed for integration with security monitoring tools, SIEM systems, and threat intelligence platforms.
CISA ICS-CERT STIX Threat Data - ICS and Enterprise Attack Patterns
CISA published a STIX bundle (AA26-097A) containing structured threat intelligence data with attack patterns for Industrial Control Systems (ICS) and enterprise environments. The bundle includes MITRE ATT&CK mapped techniques covering initial access, command and control, data manipulation, and impact vectors relevant to both ICS and enterprise networks.
Iranian APT Actors Exploit Rockwell PLCs Across US Critical Infrastructure
CISA, FBI, NSA, EPA, DOE, and US Cyber Command issued a joint advisory warning that Iran-affiliated APT actors are conducting active exploitation of internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers across U.S. critical infrastructure. The advisory documents malicious interactions with PLC project files and manipulation of HMI and SCADA displays causing operational disruptions and financial losses in Water, Energy, and Government Services sectors. Agencies recommend immediate review of provided IOCs and implementation of specific mitigations including network isolation of OT devices.
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
CISA, FBI, NSA, EPA, DOE, and US Cyber Command issued a joint cybersecurity advisory on April 7, 2026 warning that Iranian-affiliated APT actors are conducting active exploitation targeting internet-facing OT devices including Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) across U.S. critical infrastructure. The advisory covers Water and Wastewater Systems and Energy sectors, providing TTPs, IOCs, and specific mitigations including removing PLCs from direct internet exposure and monitoring OT-specific ports.
Critical CVSS 8.8 Vulnerabilities Expose SQL Credentials in Mitsubishi Electric GENESIS64 and ICONICS Suite
CISA ICS-CERT issued advisory ICSA-26-097-01 disclosing two critical vulnerabilities (CVE-2025-14815, CVE-2025-14816) with CVSS 8.8 score in Mitsubishi Electric GENESIS64 and ICONICS Suite products affecting versions 10.97.3 and below. The vulnerabilities stem from cleartext storage of SQL Server credentials in local SQLite cache files, potentially allowing local attackers to obtain plaintext credentials and access, tamper with, or destroy data.
Data processing system peripheral device management using component certificates
USPTO granted Patent US12598081B2 to Dell Products L.P. covering methods for managing data processing systems using digital certificates to authenticate and control peripheral device functions. The system employs a management controller operating independently of the CPU to enable or disable peripheral functions including Reliability, Availability, and Serviceability (RAS) reporting. The patent establishes intellectual property rights for digital certificate-based device authentication in computing environments.
Facilitating token use authentication for access tokens using stochastic images
USPTO granted patent US12598072B2 to Capital One Services, LLC on April 7, 2026, covering methods for facilitating token use authentication using stochastic images generated by machine learning models. The patent describes a system that detects authentication requests, retrieves previously displayed images, generates new images using stochastic ML models, and authenticates users based on image selection recognition. The patent contains 19 claims and was filed on November 10, 2023.
FortiClientEMS Vulnerability CVE-2026-35616 Actively Exploited
CERT-FR issued advisory CERTFR-2026-AVI-0400 warning of active exploitation of CVE-2026-35616 in Fortinet FortiClientEMS. The vulnerability allows remote code execution, privilege escalation, and security policy bypass on affected versions 7.4.x through 7.4.5. Organizations running vulnerable FortiClientEMS deployments are urged to apply patches immediately.
Multiple vulnerabilities in GLPI - RCE, SQL injection, XSS
CERT-FR issued a security advisory alerting organizations to multiple critical vulnerabilities in GLPI, an IT asset management and helpdesk software. The vulnerabilities affect GLPI versions 11.0.x prior to 11.0.6 and versions prior to 10.0.24, enabling remote code execution, SQL injection, and cross-site scripting attacks. Five CVEs are referenced: CVE-2026-25932, CVE-2026-26026, CVE-2026-26027, CVE-2026-26263, and CVE-2026-29047. Organizations using affected GLPI versions should apply vendor-provided patches immediately.
Multiples vulnérabilités dans Google Android - Déni de service
CERT-FR issued security advisory CERTFR-2026-AVI-0399 alerting to multiple vulnerabilities in Google Android. The vulnerabilities affect Android versions prior to 14, 15, 16, and 16-qpr2, and could allow attackers to cause denial of service conditions. The advisory references CVE-2025-48651 and CVE-2026-0049, with patches released by Google on April 6, 2026.
BOE Technology info security issuing system patent, Apr
BOE Technology info security issuing system patent, Apr
Network access using hardware-based security
USPTO granted patent US12598078B2 to Sophos Limited covering hardware-based security for network authentication. The patent describes endpoint devices using hardware-bound security systems to authenticate to enterprise networks, with cryptographically validated challenge-response protocols. The patent was applied for on February 15, 2023, under application number 18110051, with 20 claims granted.
Salesforce multi-tenant data access control with cloud token security
USPTO granted Salesforce patent US12598193B2 covering fine granularity control of data access and usage across multi-tenant systems. The system validates user access requests against data source permissions and creates cloud-specific tokens converted from cloud-neutral tokens, establishing temporary IAM roles and policies with automatic expiration.
Atlassian patent, access controls for authenticated and public users
The USPTO granted Patent US12598189B2 to Atlassian Pty Ltd covering a content collaboration system that manages dual access controls for authenticated users and unauthenticated public users. The system provides synchronized content caching and hierarchical visibility controls for publicly accessible digital content across enterprise environments.
Privileged account security system and method for managing access
USPTO granted patent US12598187B2 to Saudi Arabian Oil Company for a system and method managing privileged account access. The technology disables privileged accounts upon creation and enables them only after user authentication for elevated rights requests, reducing the likelihood of system compromise. This is a routine IP event establishing enforceable patent rights for the assignee.
Intelligent Resource Allocation Based on Security Profile of Edge Device Network
USPTO granted Patent US12598186B2 to Bank of America Corporation covering a system for intelligent resource allocation in edge device networks using quantum computing simulations for security testing. The system includes edge devices executing computing tasks, a resource deployment subsystem for anomaly detection, and a quantum computing subsystem for executing simulated attacks across network configurations to determine security scores and optimal deployments.
KPMG AZSA Blockchain Patent - Standardized Crypto Data Analysis
The USPTO granted Patent US12598087B2 to KPMG AZSA LLC for a cryptographic asset blockchain processing system that standardizes blockchain data analysis across multiple implementation methods. The invention converts blockchain transaction data (quantity, unit price, transaction partners) into a standardized format for accounting audits and large-scale data analysis. The patent contains 18 claims and was filed on August 25, 2021.
Cryptographic method certifies backup data retention lock status
USPTO granted Patent US12598082B2 to Dell Products L.P. on April 7, 2026, covering a cryptographic method for certifying retention lock status of backup data in deduplication storage systems. The patent describes encrypting retention lock status to create a certified token that can be inspected and audited by backup software. The invention addresses opaque data not interpreted by filesystems, returning retention lock information in cleartext format.
Raytheon cryptographic device verification using hash challenge-response
The USPTO granted Patent US12598083B2 to Raytheon Company covering systems and methods for electronic device authenticity verification using hash challenge-response protocols. The patent discloses methods for generating stimuli, recording responses, hashing those responses, and comparing resulting keys against root node hash values for device verification. The patent contains 20 claims and is classified under CPC H04L 9/3278 and related cryptographic hash categories.
Correlating Remote Attestation Quotes with VNF Resource Allocation
The USPTO granted Patent US12598085B2 to Telefonaktiebolaget L M Ericsson (publ) on April 7, 2026. The patent covers methods for correlating remote attestation quotes with virtualized network function (VNF) resource allocation events to ensure VNF components operate in legitimate contexts. The patent names four inventors and includes 23 claims covering the attestation correlation methodology.
Dynamic generation of digital certificate requests
The USPTO granted patent US12598077B2 to Zebra Technologies Corporation for a method of dynamically generating digital certificate requests using CSR input templates. The patent covers a server-based system that transmits CSR templates with dynamic field definitions to multiple client devices, receives completed CSRs with attribute values, and installs corresponding digital certificates. The patent was filed on September 23, 2022, and contains 16 claims.
Detection and survival method against adversarial attacks on automated systems
The USPTO granted Patent US12598075B2 to Morgan State University covering methods for device authentication and intrusion detection in BACnet MS/TP building automation networks. The patent describes an extended message format using hashed device identifiers and physical unclonable functions (PUFs) to prevent adversaries from exploiting known device IDs. The invention reallocates data field bytes to create an extended header CRC field for transmitting authentication hashes.
Method for deriving a partial signature with partial verification
USPTO granted patent US12598076B2 to Orange for a method of deriving a partial cryptographic signature for a subset of messages. The invention generates anonymized signature elements and verification elements allowing selective message subset verification while maintaining signature integrity.
Secretary Mullin visits Western NC, FEMA relief update
DHS Secretary Markwayne Mullin visited Western North Carolina on April 7, 2026, to provide an update on FEMA disaster relief efforts following Tropical Storm Helene and Hurricane Florence. The Secretary received an emergency management briefing in Lake Lure, met with Chimney Rock residents and local leadership, and hosted a roundtable discussion with Senator Budd, Representatives Edwards and Moore, FEMA Administrator Evans, and first responders.
Distributed encryption key allocation - Zoom Communications
USPTO granted patent US12598060B2 to Zoom Communications, Inc. for a distributed encryption key allocation system enabling customers of a communications platform to control their own encryption keys for encrypting and decrypting data including conference recordings, voicemails, emails, and calendar tokens. The patent covers a key broker server mapping encryption requests to customer key management servers based on user identifiers.
End-to-end transport layer security
The USPTO granted Wells Fargo Bank, N.A. Patent US12598059B1 for end-to-end transport layer security. The invention covers methods for establishing session keys between start, end, and intermediate nodes for data encryption and MAC generation, with encrypted data relayed without intermediate node re-encryption. This is a standard patent grant conferring exclusive rights to the assignee.
Methods and systems for a 2-qubit multi-user quantum key distribution protocol
USPTO granted Patent US12598062B2 to Huawei Technologies Canada Co., Ltd. covering a method of quantum key distribution using 2-qubit entanglement among three parties (operator O, Alice, and Bob) for multi-user QKD. The patent includes 12 claims related to qubit measurement, encoding, CHSH inequality verification, and quantum key reconciliation.
History access for end-to-end (E2E) secure content
USPTO granted Patent No. US12598061B2 to Cisco Technology Inc. for a method enabling secure access to historical cryptographic keys by new joiners to encrypted conversations. The invention uses an encrypted skip list that can be stored on untrusted servers, providing logarithmic complexity random access and log-scale overhead for linear access to conversation content.
Managing Data Encryption During System Upgrades - Red Hat Patent
The USPTO granted Patent US12598065B2 to Red Hat, Inc. covering a system for managing data encryption during system upgrades. The patent contains 20 claims related to detecting component upgrades on computing devices with encrypted data, deactivating links between PCR values and decryption keys prior to boot, provisioning alternative network server links for key authorization, and updating PCR values post-boot.
Systems and methods for distributed trust model and framework
USPTO granted Patent US12598071B2 to Cable Television Laboratories, Inc. covering a distributed trust management system for network communication ecosystems. The patent includes 20 claims directed to trust specification, analysis, evaluation, and monitoring engines for managing trust relationships between participating entities in a network.
Monitoring in distributed computing system
USPTO granted Mastercard International Inc. Patent US12598069B2 covering methods and systems for monitoring services in distributed computing environments. The patent, with 20 claims, describes coordinated monitoring processes where computing nodes track service performance and share monitoring information across the distributed system. The patent was filed on July 2, 2024, establishing intellectual property rights in distributed monitoring technology.
Clock security for statistical object generation
The USPTO granted Invisinet Technologies LLC Patent US12598063B2 for clock security methods in cryptographic keying information generation. The patent covers operating an activation agent to access clock values and generate keying information including clock offsets and async reset values through an object activation service.
Keycloak Information Disclosure Vulnerability (CVSS 3.7)
CERT-Bund issued a security advisory (WID-SEC-2026-0970) reporting an information disclosure vulnerability in Keycloak, an open-source identity and access management platform. The vulnerability carries a CVSS Base Score of 3.7 (low severity) and allows remote anonymous attackers to potentially expose sensitive information. Affected systems include Keycloak deployments running on Linux and UNIX operating systems.
Red Hat Enterprise Linux crun Privilege Escalation Vulnerability, CVSS 7.8
CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 7.8) in Red Hat Enterprise Linux's crun container runtime. The flaw allows local attackers to escalate privileges on affected systems. Versions prior to RHEL 9 and RHEL 10 are affected. System administrators should apply available mitigations or updates immediately.
Samsung Android Multiple Critical Vulnerabilities CVSS 9.8
CERT-Bund issued a critical security advisory regarding multiple vulnerabilities in Samsung Android OS versions prior to SMR-APR-2026. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote attackers to escalate privileges, bypass security measures, disclose information, and manipulate files. Organizations and consumers using affected Samsung Android devices face immediate risk of exploitation.
IBM Maximo Asset Management DoS Vulnerability - CVSS 5.3
CERT-Bund published security advisory WID-SEC-2026-0965 disclosing a Denial of Service vulnerability in IBM Maximo Asset Management versions prior to 7.6.1.3 IF037. The vulnerability carries a CVSS Base Score of 5.3 (medium) and a Temporal Score of 4.6. Remote anonymous attackers can exploit this flaw to conduct DoS attacks against affected installations running on Linux, UNIX, or Windows systems.
Google Android Multiple Vulnerabilities CVSS 7.3
CERT-Bund issued a security advisory warning of multiple vulnerabilities in Google Android with a CVSS Base Score of 7.3 (high severity) and Temporal Score of 6.4 (medium). The vulnerabilities affect Android devices with security patch levels prior to April 1, 2026 and April 5, 2026. Remote attackers can exploit these flaws to conduct unspecified attacks and denial of service attacks against affected devices.
CUPS Vulnerability Allows Code Execution with Administrator Rights
CERT-Bund issued a security advisory regarding a vulnerability in CUPS (Common Unix Printing System) that allows local attackers to execute arbitrary code with administrator privileges. The vulnerability has a CVSS Base Score of 5.2 (medium) and affects multiple operating systems including Linux, UNIX, and Windows. Organizations using CUPS should assess their exposure and apply available patches or workarounds.
RHEL fontforge Remote Code Execution Vulnerability - CVSS 8.8
CERT-Bund issued a security advisory regarding a critical vulnerability (CVSS 8.8) in Red Hat Enterprise Linux's fontforge component affecting versions prior to RHEL 10, RHEL 9, and RHEL Extended Update Support 9.6. The vulnerability allows remote, unauthenticated attackers to execute arbitrary code on affected systems. Organizations running affected RHEL distributions should apply available mitigations or patches immediately.
FasterXML Jackson Vulnerability - Security Bypass (CVSS 7.5)
CERT-Bund issued a security advisory regarding a vulnerability in FasterXML Jackson versions 3.0.0 through 3.1.0. The vulnerability, with a CVSS Base Score of 7.5, allows remote anonymous attackers to bypass security measures in the JSON processing library. Affected platforms include Linux, Windows, UNIX, and other operating systems running Java applications that utilize the library.
Avahi DoS Vulnerability Advisory - CVSS 5.5 Medium Severity
CERT-Bund issued advisory WID-SEC-2026-0975 regarding a denial of service vulnerability in Avahi, an open-source network service discovery implementation for Linux/UNIX systems. The vulnerability (CVSS Base Score 5.5, Temporal Score 5.0) allows a local attacker to crash the Avahi service, impacting system availability. Affected products include Open Source avahi versions prior to 0.9-rc4. Organizations running vulnerable Avahi installations should apply patches immediately.
ICE Arrests Rapists, Pedophiles, and Arsonists
DHS announced that ICE arrested criminal illegal aliens convicted of serious crimes including aggravated sexual assault of a child, sexual battery, lewd and lascivious acts with a child, arson, and robbery. The announcement highlighted that nearly 70% of ICE arrests involve illegal aliens charged or convicted of crimes in the United States.