Daily Intel Brief — 2026-04-11

CVE-2026-1731 Actively Exploited in Ransomware Attacks

WhatCVE-2026-1731 (CVSS 9.8) is a critical vulnerability added to CISA's KEV catalog and is being actively exploited in ransomware campaigns.

Source[External: www.greenbone.net](www.greenbone.net)

Applies toGeneral

Why it mattersThis represents an immediate, high-severity threat requiring urgent patching prioritization.

New Black Hat USA Attack Techniques from PortSwigger

WhatPortSwigger Research released new, practical web application attack techniques presented at Black Hat USA 2026.

Source[External: x.com](x.com)

Applies toGeneral Web Apps

Why it mattersThese are likely novel exploitation methods that will soon be seen in active attacks.

Five New Actively Exploited CVEs Added to CISA KEV

WhatCISA urgently added five new vulnerabilities to its Known Exploited Vulnerabilities catalog, spanning PHP tools, file transfer systems, network OS, email security, and sudo.

Source[External: windowsforum.com](windowsforum.com)

Applies toGeneral

Why it mattersThese vulnerabilities have transitioned from theoretical risk to confirmed active exploitation.

March 2026's Hottest Open-Source Security Tools

WhatNewly highlighted tools include BlacksmithAI (AI pen-testing framework), mquire (Linux memory forensics), cloud-audit (fast AWS scanner), and Plumber (CI/CD pipeline misconfiguration scanner).

Source[External: www.helpnetsecurity.com](www.helpnetsecurity.com)

Applies toGeneral / Tooling

Why it mattersThese tools represent the latest capabilities available to both attackers and defenders.

Nuclei Templates v10.2.x Covers 10 Actively Exploited KEVs

WhatThe latest Nuclei templates release includes 106 new templates covering 57 CVEs, 10 of which are on CISA's KEV list.

Source[External: projectdiscovery.io](projectdiscovery.io