cybr.cx | Daily Digest — April 23, 2026

Critical Vulnerabilities

CVE-2026-6859 | InstructLab | CVSS 8.8
Red Hat's InstructLab AI training framework hardcodes trust_remote_code=True when pulling models from HuggingFace, meaning any malicious model a user downloads and runs via ilab train, download, or generate can execute arbitrary Python on the host — with no further exploitation required. The attack surface is broad: anyone in an AI/ML pipeline who grabs a community model is a potential victim. If your team uses InstructLab, audit what models you're pulling and from whom, and treat any community model as untrusted code.

CVE-2026-41468 | Beghelli Sicuro24 SicuroWeb | CVSS 8.7
This physical security management platform ships with AngularJS 1.5.2 — an end-of-life component — and compounds the problem with a template injection flaw in the same application. Together, they allow an attacker to escape the AngularJS sandbox and run arbitrary JavaScript in operator browser sessions, enabling session hijacking and persistent access. The irony of a security product being compromised via its own operator console is not lost on us.

CVE-2026-34413 | Xerte Online Toolkits ≤ 3.15 | CVSS 8.6
The elFinder file manager connector in Xerte fails to call exit() after issuing an HTTP redirect to unauthenticated requests, so PHP merrily continues executing the full request body server-side. The result: unauthenticated attackers can perform arbitrary file operations on the server's media directory. If you're running Xerte in an education or e-learning context, assume unauthenticated file access is possible until patched.

CVE-2018-25259 / 25260 / 25261 / 25265 / 25268 | Terminal Services Manager, MAGIX Music Editor, Iperius Backup, LanSpy | CVSS 8.4
A cluster of legacy local buffer overflow CVEs — all dated 2018, all just now receiving formal IDs — affects Terminal Services Manager 3.1, MAGIX Music Editor 3.1, Iperius Backup 5.8.1, and LanSpy 2.0.1.159. All involve SEH overwrite primitives via crafted input. These are local-only exploits in software most environments abandoned years ago, but they're worth a quick sweep if any still live in operational or kiosk environments.

Headline News

Anthropic's Mythos Model: Unauthorised Access and an Unexpected Firefox Audit
Two distinct Mythos stories dominated practitioner discussion this week, and they point in very different directions. First, Anthropic confirmed that its unreleased Mythos model was accessed by unauthorised users — an incident that raises uncomfortable questions about how frontier AI labs secure pre-release systems and whether the access included any meaningful exfiltration of model weights or training data. The stakes are significant: a capable frontier model in adversarial hands could accelerate attack tooling development, social engineering at scale, or autonomous exploitation research. Separately — and this is the genuinely remarkable part — Mozilla disclosed that Mythos was used to audit Firefox 150's codebase and surfaced 271 previously unknown security vulnerabilities. That figure is extraordinary by any measure, and it signals that AI-assisted code auditing has crossed a threshold where it belongs in every serious security team's toolkit. Taken together, these two stories illustrate the dual-use tension that will define AI security for the next decade: the same capability that finds hundreds of zero-days can also be an extremely high-value target for theft.

Ransomware Negotiator Pleads Guilty to Secretly Working for BlackCat
A cybersecurity professional who presented himself to victims as a ransomware negotiator has pleaded guilty to covertly assisting the BlackCat (ALPHV) ransomware group throughout those same negotiations. Angelo Martino was effectively a mole inside the crisis response process — feeding information to the threat actors he was ostensibly helping victims fight, almost certainly prolonging negotiations and inflating ransom payments in the process. This is a significant operational security failure for the incident response industry, which has historically relied on trust and confidentiality as foundational assumptions. Practitioners and organisations should treat this as a prompt to scrutinise the vetting processes for third-party negotiators and IR firms, and to consider whether independent oversight of negotiation processes is now warranted.

Iran Claims US Exploited Backdoors in Networking Equipment
Iranian officials have alleged that the United States leveraged undisclosed backdoors in networking infrastructure equipment to conduct surveillance or offensive operations against Iranian systems. The claim is unverified and arrives in a charged geopolitical environment, but it echoes a well-documented pattern: nation-state actors on all sides have sought persistent access via hardware and firmware implants in networking gear. Whether or not the specific allegation holds, the broader concern is real — supply chain integrity and firmware transparency for core routing and switching infrastructure remain deeply unresolved problems. Security teams responsible for critical infrastructure should treat this as a reminder that nation-state persistence often lives below the OS layer, where most detection tooling simply doesn't look.

Schrödinger's Feed

A new study has found a method to make early fault-tolerant quantum computers run up to three times faster without adding more physical qubits — and in doing so, it challenges a leading architectural design strategy that turns out to be slower and more resource-intensive than previously assumed. This is the kind of foundational result that can quietly reshape timelines: if fault-tolerant systems can be made significantly more efficient without scaling hardware, the point at which a cryptographically relevant quantum computer becomes feasible may arrive sooner than current NIST post-quantum migration schedules assume. The result doesn't change what practitioners should do today — implement PQC where you can, inventory your crypto dependencies, and get hybrid key exchange deployed — but it does raise the urgency of finishing that work rather than treating it as a comfortable multi-year horizon.

/dev/random

The US National Assessment of Educational Progress — the "Nation's Report Card" — has released data showing that reading and mathematics scores for 13-year-olds have declined again, continuing a trend that has now persisted across multiple assessment cycles. This is being discussed with some consternation in technical communities, which have a professional interest in the pipeline of future engineers and security researchers. On the optimistic interpretation: the next generation of threat actors may also be affected. On the less optimistic interpretation: the current generation of defenders probably shouldn't count on that.