ThreatPulse — April 20, 2026 | 10 threats, personalised for Ethan Andrews

        April 20, 2026

ThreatPulse — April 20, 2026 | 10 threats, personalised for Ethan Andrews

ThreatPulse — April 20, 2026

    Personalised for Ethan Andrews
     |  Detection Engineer
     |  Detection: KQL

10
Items

0
Critical

4
High

0
CISA KEV

40/100

CVE-2026-6581: A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPIn

CVSS 8.8
EPSS 0.0%
nvd.nist.gov

HIGHKQLCVE-2026-6581

No analysis available.

    Source: nvd.nist.gov

38/100

CVE-2026-6563: A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoByI

CVSS 8.8
EPSS 0.0%
nvd.nist.gov

HIGHKQLCVE-2026-6563

No analysis available.

    Source: nvd.nist.gov

38/100

CVE-2026-6560: A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_B

CVSS 8.8
EPSS 0.0%
nvd.nist.gov

HIGHKQLCVE-2026-6560

No analysis available.

    Source: nvd.nist.gov

20/100

BlueHammer & RedSun: Windows Defender CVE-2026-33825 Zero-day Vulnerability Explained

CVSS 7.8
EPSS 0.0%
picussecurity.com

HIGHKQLCVE-2026-33825

No analysis available.

    Source: picussecurity.com

22/100

A Deep Dive Into Attempted Exploitation of CVE-2023-33538

CVSS N/A
EPSS 0.0%
unit42.paloaltonetworks.com

KQLCVE-2023-33538

SummaryA Deep Dive Into Attempted Exploitation of CVE-2023-33538 CVEs: CVE-2023-33538 CVSS: 0.0 | EPSS: 0.0% | Priority: 2.5/100 ATT&CK: N/A Detection language: KQL Source: unit42.paloaltonetworks.com -- https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/ CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 appeared first on Unit 42 .

    Source: unit42.paloaltonetworks.com

3/100

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

CVSS N/A
EPSS 0.0%
microsoft.com

KQL

No analysis available.

    Source: microsoft.com

3/100

Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)

CVSS N/A
EPSS 0.0%
unit42.paloaltonetworks.com

KQL

SummaryThreat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) CVEs: N/A CVSS: 0.0 | EPSS: 0.0% | Priority: 2.7/100 ATT&CK: N/A Detection language: KQL Source: unit42.paloaltonetworks.com -- https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/ Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) appeared first on Unit 42 .

    Source: unit42.paloaltonetworks.com

2/100

IaC Inventory: A Unified View Across Code, Deployments, and Cloud

CVSS N/A
EPSS 0.0%
wiz.io

KQL

No analysis available.

    Source: wiz.io

2/100

This old-school scam is still working

CVSS N/A
EPSS 0.0%
malwarebytes.com

KQL

No analysis available.

    Source: malwarebytes.com

2/100

Containing a domain compromise: How predictive shielding shut down lateral movement

CVSS N/A
EPSS 0.0%
microsoft.com

KQL

No analysis available.

    Source: microsoft.com

ThreatPulse — Automated Threat Intelligence

Unsubscribe  | 
  Update Preferences

                                Don't miss what's next. Subscribe to Ethan Andrews:

            Email address (required)