ThreatsDay Bulletin: Mn tghrat Excel dyal 17 3am l-zero-days jdad f Microsoft Defender
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
ThreatsDay Bulletin: Mn tghrat Excel dyal 17 3am l-zero-days jdad f Microsoft Defender
TL;DR: Had l-osbou3 f-3alam l-ahdidat l-iliktroniya (threat landscape) fih khlit mabin dakchi l-qdim bzaf w dakchi li mkhafni f l-tiknolojoya. CISA dkhlat wahed tghra f Excel mn 2009 l-liesta dyal l-istikhlal l-nachit, w wahed tghra jdida "RedSun" (privilege escalation zero-day) dkhlat l-Microsoft Defender. F nafs l-weqt, hakers mn Korea l-Chamaliya qedrou ikhtarqou l-wallets dyal Zerion b-isti3mal l-handasa l-ijtima3iya (social engineering) b-dik l-istina3i (AI). W hna kima dima, houloum 3la silsilat l-imdad (supply chain) ddar l-wahed l-majmou3a d-plugins dyal WordPress li fiha 180,000 install.
Machakil Microsoft: Thbiqat qdima w zero-days jdad
L-mawdou3 li kitaled had l-osbou3 houwa l-istimrariya dyal tghrat Microsoft.
RedSun Zero-Day: Mn be3d l-kharja dyal "BlueHammer" l-mouakharn, wahed l-bahit smitou "Chaotic Eclipse" kchef 3la tghra jdida madayra l-patch f Microsoft Defender msmmiya RedSun. l-khoubara d-l-amn kiy-akdou tghra katkhalli ay mustakhdim 3adi ioussel l-salahiyat l-SYSTEM f Windows 10, Windows 11, w Windows Server (mn hna l-updates dyal April 2026).
RCE f Excel dyal 17 3am: CISA dkhlat rmiya CVE-2009-0238 l-katalog dyal l-tghrat l-mousstaghalla (KEV). Had l-mochkil dyal (Remote Code Execution) f Microsoft Office Excel kikhalli l-hakers it-hkmou f l-pici kaml 3n tariq malaf fih "object" makhdoum b-niya khayba. L-idarat l-federaliya 3ndhoum l-waqt hta l-28 April 2026 bach islhou had l-bug li 3mrou qrib l-jouj d-l-qroun.
Himayat RDP mn l Phishing: Bach iharsou l-isti3mal l-khayb dyal malafat Remote Desktop (.rdp) mn taraf majmou3at bhal APT29, l-update dyal April 2026 (CVE-2026-26151) wlla kitle3 tanbihat d-l-amn w kigta3 "resource redirection" b-chkl tlqa-i.
l-Crypto taht l-aflow: Zerion t-khtaraq w thbiqat Ledger mzwwra
L-qita3 dyal l-cryptocurrency kla dqqat s3iba had l-osbou3:
- Darba mn Korea l-Chamaliya "UNC1069": L-service dyal l-wallets Zerion 3ln 3la srqa dyal 100,000 dollar mn l-hot wallets dyalhoum l-dakhlia. Had l-ikhtiraq oqa3 mn be3d ma wahed mn l-khddama f l-farriq t-target b-hila dyal "social engineering" makhdouma b-AI. Wakha l-flous li tkhdaw kanou dyal l-cherika l-khassa b l-tajarib, Zerion gat blli l-flous d-l-klian w l-bins l-tahtiya (infrastructure) baqin f l-aman.
- App mzwwr dyal 9.5M dollar: Wahed l-app kaddab smitou "Ledger Live" qder idouz mn l-mouraqaba dyal Apple App Store. Mabin 7 w 13 April 2026, sreq 9.5 malyoun dollar mn aktar mn 50 dahiyat mn be3d ma khlahoum idkhlou l-recovery seed phrases dyalhoum.
- Xinbi Guarantee: Wakha l-3oqubat dyal l-UK, l-souq l-khalit "Xinbi Guarantee" baqi khddam f Telegram, w-dauz aktar mn 21 milyar dollar dyal l-mo3amalat li liha 3alaqa b-ghasil l-amwal w l-matiryel d-l-nasb.
Hojomat silsilat l-imdad w l-binya l-tahtiya
Tasmmum l-plugins dyal WordPress: F wahed l-hila klasik dyal silsilat l-imdad (supply chain), wahed l-hacker chra l-majmou3a d-plugins "Essential Plugin" f l-bdaya d 2025. F chhar out, zra3 "backdoor" kidkhal PHP khayb f malaf wp-config.php. Had l-malware kikhdm b-wahed l-Ethereum smart contract bach ibqa "resilient" (C2) w kikhbi l-activtiy dyalou 3la mwalin l-site b-tariqa blli kiban ghir l-spam links l-Googlebot. L-plugins li kanou fi fihoum 180,000 install t-seddou b-mrra.
APT41 Cloud Backdoor: Majmou3at APT41 li liha 3alaqa b-l-chinwa wllat katkhdm b-wahed l-ELF backdoor makhdoum khssisan bach itargeti l-Linux f AWS, Azure, Google Cloud, w Alibaba Cloud. Had l-virus kikhdm b-SMTP Port 25 bach ihdar m3a l-hacker b-khfya, w makhdoum bach ijme3 l-credentials dyal l-cloud blama ibban f l-scanners bhal Shodan.
SonicWall & FortiGate Brute-Force: Bahitin lahdou "tla3 sarii3" f-mouhawalat l-brute-force li kistahdfou edge devices, w 88% mn had l-harakat jaya mn l-charq l-awsat. Wakha bzaf d-mouhawalat kikhssrou, l-istimrariya katbiyen blli kayna wahed l-majhouda kbira bach ilqau chi passworad da3if.
Hamlat jihawiya w "ecosystems" dyal l-ijrim
- JanaWare Ransomware: Hamlat m-targetya l-atrak b wahed l-virus (Adwind) li kitbeddel l-chkl dyalou. L-hakers kitalbou l-fdiya mabin 200 w 400 dollar.
- Triad Nexus: Chabaka kbira dyal l-nasb katzwwer silsilat l-machari3 dyalha bach thrb mn l-3oqubat dyal l-Mirikan. Had l-majmou3a ms-oula 3la khousarat dyal 200 malyoun dollar, w kikhdmou b-clones "parfait" dyal l-marqat l-ghaliya bach idirou l-nasb dyal "pig butchering".
- SmokedHam Backdoor: L-ichtihar l-khawi (Malvertising) dyal l-outilat bhal RVTools kit-staghml bach idowloadi l-virus SmokedHam, li f l-akhir kiiaddi l-fdiya dyal Qilin ransomware.
Tahsin l-himaya: Tawthiq l-sin f l-Ittihad l-Ouroppi w l-amn f Raspberry Pi
Chi khbarat zina had l-mra:
- Tawthiq l-sin f l-EU: L-Ittihad l-Ouroppi khraj app (open-source) bach i-verify l-sin bla smmiya. Katkhalli l-nas i-prouviou l-sin dyalhoum b-la card wala passeport bla ma i-partagiou l-data l-personal dyalhoum.
- Tghyirat Sudo f Raspberry Pi: Version 6.2 dyal l-OS Raspberry Pi dba kat-de-activater
sudobla password f l-asl. L-mustakhdimin jdad khasshoum password f ay haja fiha l-admin, bach izidou l-amn did l-ijrim l-iliktroni. - Hijacking dyal Google Navigation: Google 3lnat siyasa jdida did "back button hijacking" (li kimna3 l-user ikhraj mn site). Ibda mn 15 June 2026, l-sites li kidirou had l-hilat ghadi inqzou li-houm l-rank f Google Search.
Khoulasa
Had l-osbou3 kiyfkkrna blli l-akhtar l-iliktroniya 3mmrha mat-ghbr l-l-abad; katkhbba w kat-ttwwer. Swa kan bug dyal 17 3am f Excel oula hila jdida b-AI, l-assassiyat dyal l-amn (patching, chkk f thbiqat, w l-mouraqaba) bqat hiya l-khir dyal l-dfa3 l-awwal 3ndek.
Source: https://thehackernews.com/2026/04/threatsday-bulletin-17-year-old-excel.html