133Articles
8Categories
2026-04-02Date
🚨 CISA KEV 1[−]
2 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2026-3502  TrueConf Client Download of Code Without Integrity Check Vulnerability  This type of…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 53[−]
2 AprSymantec DLP Agent Flaw Exposed Systems to Privilege Escalation AttacksA high-severity vulnerability in the Symantec Data Loss Prevention (DLP) Agent for Windows could allow low-privileged attackers to take complete control of affected machines. Tracked as CVE-2026-3991, this Local Privilege Escalation (LPE) flaw carries a CVSS score of 7.8. It expo…GBHACKERS.COM
2 AprCisco Warns of Critical IMC Vulnerability Enabling Authentication BypassCisco has published an urgent security advisory for CVE-2026-20093, a critical 9.8-severity authentication bypass vulnerability affecting its Integrated Management Controller (IMC) software. This high-risk flaw enables unauthenticated remote attackers to overwrite administrative …GBHACKERS.COM
2 AprCritical PX4 Autopilot Vulnerability Let Attackers Gain Control of DronesThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones used acros…GBHACKERS.COM
2 AprCisco Smart Software Manager Flaw Allowed Arbitrary Command ExecutionCisco has released a high-priority security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. The flaw, tracked as CVE-2026-20160, carries a near-maximum CVSS severity score of 9.8 out of 10. If exploited, it enables an unau…GBHACKERS.COM
2 AprCVE-2026-33554Information published.MSRC.MICROSOFT.COM
2 AprCVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnaceInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-33216 NATS has MQTT plaintext password disclosureInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-32287 Infinite loop in github.com/antchfx/xpathInformation published.MSRC.MICROSOFT.COM
2 Apr KEVCISA Issues Alert on Chrome Zero-Day Under Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability affecting Google Chrome and other Chromium-based web browsers. Officially tracked as CVE-2026-5281, this security flaw has been added to CISA’…GBHACKERS.COM
2 AprCybersecurity in the age of instant softwareAI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand — a spreads…CSOONLINE.COM
2 AprAttempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend development experience" [ https://github.com/vitejs/vite ]. ISC.SANS.EDU
2 AprCisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System CompromiseCisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The&…THEHACKERNEWS.COM
2 AprCisco fixes critical IMC auth bypass present in many productsCisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances. The flaw allows unauthenticated remote attackers to gain admin access to the Cisco Integrated Management Controller (IMC), which gives ad…CSOONLINE.COM
2 AprCVE-2026-32213 Azure AI Foundry Elevation of Privilege VulnerabilityImproper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5289 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5286 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5287 Use after free in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5285 Use after free in WebGLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5284 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5283 Inappropriate implementation in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5281 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information. Google is aware that an exploit for CVE-2026-5281 exists in…MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5280 Use after free in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5279 Object corruption in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5292 Out of bounds read in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5290 Use after free in CompositingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5277 Integer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5276 Insufficient policy enforcement in WebUSBThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5275 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5274 Integer overflow in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5273 Use after free in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5272 Heap buffer overflow in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprCVE-2026-32186 Microsoft Bing Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-33107 Azure Databricks Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityImproper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-32173 Azure SRE Agent Information Disclosure VulnerabilityImproper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-32211 Azure MCP Server Information Disclosure VulnerabilityMissing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5291 Inappropriate implementation in WebGLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprvSphere and BRICKSTORM Malware: A Defender's GuideWritten by: Stuart Carrera Introduction Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphere ecosystem, specifically the vC…CLOUD.GOOGLE.COM
2 AprZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The ZDI has assigned a CVSS rating of 7.8. The f…ZERODAYINITIATIVE.COM
2 AprZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS ratin…ZERODAYINITIATIVE.COM
2 AprZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating…ZERODAYINITIATIVE.COM
2 AprVU#951662: MuPDF by Artifex contains integer overflow vulnerability.Overview Artifex's MuPDF contains an integer overflow vulnerability, CVE-2026-3308, in versions up to and including 1.27.0. Using a specially crafted PDF, an attacker can trigger an integer overflow resulting in out-of-bounds heap writes. This heap corruption typically causes the…KB.CERT.ORG
⚠️ VULNERABILITY DISCLOSURE 27[−]
2 AprAfterPack: Claude Code's Source Didn't Leak. It Was Already Public for Years.submitted by artwork to security 2 points | 0 comments cross-posted from: lemmy.world/post/45050923 The internet is on fire over Claude Code’s (NPM CLI to be precise) “leaked” source. 512,000 lines! Feature flags! System prompts! Unreleased features! VentureBeat, Fortune, Gizmodo…PROGRAMMING.DEV
2 AprApple Expands iOS 18.7.7 Update to More Devices to Block DarkSword ExploitApple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for mor…THEHACKERNEWS.COM
2 AprOver 14,000 F5 BIG-IP APM instances still exposed to RCE attacksInternet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. [...]BLEEPINGCOMPUTER.COM
2 AprApple Releases iOS 18.7.7 Update to Defend Against DarkSword ExploitApple has officially expanded the rollout of iOS 18.7.7 and iPadOS 18.7.7 to defend users against a critical web-based threat known as the DarkSword exploit. Originally released on March 24, 2026, Apple aggressively pushed the update to more devices via Automatic Updates on April…GBHACKERS.COM
2 AprNoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android UsersNoVoice is a new Android rootkit campaign that hid in more than 50 apps on Google Play, exploiting 22 vulnerabilities to hijack millions of older and unpatched Android devices and even clone WhatsApp sessions. The apps posed as everyday utilities such as cleaners, casual games, a…GBHACKERS.COM
2 AprPossible US Government iPhone Hacking Tool LeakedWired writes (alternate source ): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defe…SCHNEIER.COM
2 AprHackers exploit TrueConf zero-day to push malicious software updatessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-trueconf-zero-day-to-push-malicious-software-updates/SH.ITJUST.WORKS
2 AprThe State of Trusted Open Source ReportIn December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. Th…THEHACKERNEWS.COM
2 AprCisco Patches Critical and High-Severity VulnerabilitiesThe bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation. The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprEvilTokens abuses Microsoft device code flow for account takeoversA new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit “EvilTokens” that lets attackers capture authentication tokens by tricking users into com…CSOONLINE.COM
2 AprAkira-Style Ransomware Campaign Hits Windows Users Across South AmericaA newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware group. According to ESET’s findings, the threat actors behind this campaign are attempting to exploit Akira’s reputation by…GBHACKERS.COM
2 AprMatrix Protocol Surveillance and Forensic Analysis Suitesubmitted by Nikolas5476 to cybersecurity 5 points | 0 comments Source code and details: github.com/nikolas-trey/Prometheus What Project Does: Prometheus is a forensic intelligence toolkit for the Matrix federation. Given one or more target MXIDs, it reconstructs who invited them…SH.ITJUST.WORKS
2 AprNew Progress ShareFile flaws can be chained in pre-auth RCE attacksTwo vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. [...]BLEEPINGCOMPUTER.COM
2 AprAdversaries Exploit Vacant Homes to Intercept Mail in Hybrid CybercrimeThreat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...]BLEEPINGCOMPUTER.COM
2 AprICE says it bought Paragon’s spyware to use in drug trafficking casesThe acting director of U.S. Immigration and Customs Enforcement told lawmakers that the use of Paragon spyware is necessary to counter terrorists’ “thriving exploitation of encrypted communications platforms.”TECHCRUNCH.COM
2 AprApple Rolls Out DarkSword Exploit Protection to More DevicesThe DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors. The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprUS Bans All Foreign-Made Consumer RoutersThis is for new routers ; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national def…SCHNEIER.COM
2 AprCritical Vulnerability in Claude Code Emerges Days After Source LeakWithin days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprGoogle Workspace’s continuous approach to mitigating indirect prompt injectionsPosted by Adam Gavish, Google GenAI Security Team Indirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data sources, such as Workspace with Gemini. This technique enables the attacker to influence the behavior of an…SECURITY.GOOGLEBLOG.COM
2 AprClaude Code leak used to push infostealer malware on GitHubThreat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]BLEEPINGCOMPUTER.COM
2 AprRisks, emerging when developing or using open-source softwareHow the popularization of AI and the simplification of development are creating new risks for corporate security.KASPERSKY.COM
2 AprWhat Is A Router? (And all things AI) - PSW #920In the Security News: - Claude leaks source code and new models - Two really smart people say AI is finding vulnerabilities better than ever - Windows is using your internet to send updates to strangers - BIG-IP APM vulnerability - all you need to know - Linux KVM for the win - T…YOUTUBE.COM
2 AprAI Configures Vulnerabilities for YouAI tools like Claude can guide users through configuring complex systems and even help enable vulnerable features for testing. This dramatically lowers the expertise required to build realistic vulnerability labs across platforms like F5, Citrix, and Fortinet. But the same capabi…YOUTUBE.COM
2 AprMultiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Progress ShareFile, which when chained together, could allow for remote code execution. Progress ShareFile is a secure, cloud-based content collaboration and file-sharing platform. It enables businesses to securely exchange documen…CISECURITY.ORG
2 AprMultiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution. Cisco Smart Software Manager On‑Prem is a centralized Cisco tool used by organizations to manage software licenses, entitlements, and compliance for…CISECURITY.ORG
2 AprSightHouse: Automated function identificationIn this blog post we present SightHouse, an open-source tool designed to assist reverse engineers by retrieving information and metadata from programs and identifying similar functions already known from other libraries, binaries or any other source codes that can be found online…QUARKSLAB.COM
2 AprApple expands “DarkSword” patches to iOS 18.7.7Apple has quietly expanded patches against the vulnerabilities in the DarkSword exploit kit to include iOS and iPadOS 18.7.7MALWAREBYTES.COM
📢 SECURITY ADVISORIES 8[−]
2 AprFBI Warns Chinese Mobile Apps Could Expose User Data to CyberattacksThe Federal Bureau of Investigation (FBI) has issued a public warning about potential data security risks associated with foreign-developed mobile applications, particularly those developed by companies based in China. While the advisory focuses on apps widely used in the United …GBHACKERS.COM
2 AprVariance Raises $21.5M for Compliance Investigation Platform Powered by AI AgentsVariance has raised a total of $26 million in funding and the latest investment will fuel platform growth. The post Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprDrift loses $280 million as hackers seize Security Council powersThe Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...]BLEEPINGCOMPUTER.COM
2 AprDrift loses $280 million North Korean hackers seize Security Council powersThe Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...]BLEEPINGCOMPUTER.COM
2 AprFour security principles for agentic AI systemsAgentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions. Generative AI responds to human prompts with output that humans review and use at their discretion. Agentic AI differs from both. Agents connect to softwa…AWS.AMAZON.COM
🔥 INCIDENT REPORTING 10[−]
2 AprAxios npm Supply Chain Breach: Microsoft Shares Mitigation StepsMicrosoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North Korean threat actor Sapphire Sleet. On March 31, 2026, two Axios npm versions (1.14.1 and 0.30.4) we…GBHACKERS.COM
2 AprMercor Hit by LiteLLM Supply Chain AttackThe AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprUK manufacturers under cyber fire with 80% reporting attacks • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/04/01/uk_manufacturer_cyberattacks/SH.ITJUST.WORKS
2 Apr250,000 Affected by Data Breach at Nacogdoches Memorial HospitalIn January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information. The post 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprIranian Hacker Group Handal Claims Breach of Israeli Defense FirmThe international cybersecurity community was alerted to a major data breach involving Israeli military infrastructure. Handala, a recognized Iranian nation-state threat actor, claims to have successfully breached PSK Wind Technologies, a key Israeli defense contractor. The incid…GBHACKERS.COM
2 AprMercor confirms security incident tied to LiteLLM supply chain attack | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/mercor-confirms-security-incident-tied-to-litellmSH.ITJUST.WORKS
2 AprMedtech giant Stryker fully operational after data-wiping attackStryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. [...]BLEEPINGCOMPUTER.COM
2 AprCrypto platform Drift suspends services after millions stolen in security incident | The Record from Recorded Future Newssubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/drift-crypto-heist-solana-hackerSH.ITJUST.WORKS
2 AprThreat actor abuse of AI accelerates from tool to cyberattack surfaceGenerative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. The post Threat actor abuse of AI accelerates from tool to cyberattack surface appeared first on Microsoft Security Blog .MICROSOFT.COM
2 AprTelehealth giant Hims & Hers says its customer support system was hackedThe U.S. telehealth giant says hackers stole customer support ticket data over the course of several days in February.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 22[−]
2 AprISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 AprNews Alert: TAC Security surpasses 10,000 customers, scaling global VM and AppSec platformNEW YORK, Apr. 1, 2026, CyberNewswire— TAC Infosec , a global leader in cybersecurity (NSE: TAC), with presence across 100+ countries, announced a historic milestone by crossing 10,000 clients – 6,500+ of TAC Security and 3,500+ of CyberScope, since April … (more…) The post…LASTWATCHDOG.COM
2 AprLinx Security Raises $50 Million for Identity Security and GovernanceThe company will accelerate product development, scale go-to-market efforts, and expand its global footprint. The post Linx Security Raises $50 Million for Identity Security and Governance appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprRemcos RAT Attack Uses Obfuscated Scripts, Trusted Windows ToolsRemcos RAT operators are abusing obfuscated scripts and trusted Windows binaries to deliver a stealthy, largely fileless infection chain that runs almost entirely in memory and evades traditional defenses. The attack starts with a phishing email carrying a ZIP archive named “MV M…GBHACKERS.COM
2 AprWhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI BackdoorA new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign bu…GBHACKERS.COM
2 AprTA416 Broadens Europe Spy Campaign With Web Bugs and MalwareChina-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate in a customized PlugX backdo…GBHACKERS.COM
2 AprNew ZAP PTK Add-On Converts Browser Security Findings Into Native ZAP AlertsThe OWASP Zed Attack Proxy (ZAP) just received a massive upgrade for testing modern web applications. The release of the ZAP PTK Add-on 0.3.0, working alongside OWASP PenTest Kit (PTK) 9.8.0, now converts browser-based security findings directly into native ZAP alerts. Traditiona…GBHACKERS.COM
2 AprSophisticated CrystalX RAT EmergesThe malware can spy on victims, steal their information, and make configuration changes on devices. The post Sophisticated CrystalX RAT Emerges appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprWhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces ActionMeta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority …THEHACKERNEWS.COM
2 AprRFQ Malware Campaign Uses DOCX, RTF, JS, and PythonHackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python to deliver an in‑memory Cobalt Strike beacon in a stealthy spear‑phishing campaign that impersonates Boeing procurement under the tag NKFZ5966PURCHASE. The operation chains six stages, relies heavily on living‑off‑…GBHACKERS.COM
2 AprFake CERT-UA Site Spreads Go-Based RAT in Phishing CampaignHackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security tool, according to a new alert from the national cyber response team. Targets included government agencies, financial insti…GBHACKERS.COM
2 AprNew CrystalRAT malware adds RAT, stealer and prankware featuressubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-crystalrat-malware-adds-rat-stealer-and-prankware-features/SH.ITJUST.WORKS
2 AprResearchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto MinersA financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA …THEHACKERNEWS.COM
2 AprCasbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Luressubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.htmlSH.ITJUST.WORKS
2 AprWhatsApp malware campaign uses malicious VBS files to gain persistent access | CSO Onlinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4153092/whatsapp-malware-campaign-uses-malicious-vbs-files-to-gain-persistent-access.htmlSH.ITJUST.WORKS
2 AprInfrsatructure Attacks With Physical Consequences Down 25%submitted by kid to cybersecurity 3 points | 0 comments https://www.darkreading.com/threat-intelligence/infrastructure-attacks-physical-consequences-downSH.ITJUST.WORKS
2 AprChinese Hackers Target European Governments in Espionage Campaigns - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/china-hackers-ta416-europe/SH.ITJUST.WORKS
2 AprThe Risk of Negative Self-TalkIan Washburn shares that his biggest advice to his younger self is simple: give yourself grace and reduce negative self-talk. Many professionals push themselves harder than necessary, assuming everyone else is doing more or doing better. Over time, that mindset can limit confiden…YOUTUBE.COM
2 AprCybersecurity M&A Roundup: 38 Deals Announced in March 2026Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI. The post Cybersecurity M&A Roundup: 38 Deals Announced in March 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprCookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environmentsCookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examines how this tradecraft conceals execution behind specially crafted HTTP cookies. The post Cookie-controlled PHP webshells: A…MICROSOFT.COM
2 AprHow to Prevent Phishing Emails by Reducing Human RiskOrganizations have traditionally treated phishing emails as a technology problem to be solved with spam filters and secure email gateways.KNOWBE4.COM
2 AprFrom Reactive to Proactive: 5 Steps to SOC Maturity with Threat IntelligenceReaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a…ANY.RUN
🌐 CYBER THREAT LANDSCAPE 4[−]
2 AprThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More StoriesThe latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast…THEHACKERNEWS.COM
2 AprHow we caught the Axios supply chain attackJoe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.ELASTIC.CO
2 AprHooked on Linux: Rootkit Detection EngineeringIn this second part of a two-part series, we explore Linux rootkit detection engineering, focusing on the limitations of static detection reliance, and the importance of rootkit behavioral detection.ELASTIC.CO
2 AprMalwarebytes Privacy VPN receives full third-party auditWe commissioned a third-party audit for the infrastructure behind our VPNs. Here are the results.MALWAREBYTES.COM
📡 INFOSEC NEWS 8[−]
2 AprMicrosoft links Classic Outlook issue to email delivery problemsMicrosoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. [...]BLEEPINGCOMPUTER.COM
2 AprCritical Cisco IMC auth bypass gives attackers Admin accessCisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. [...]BLEEPINGCOMPUTER.COM
2 AprResidential proxies evaded IP reputation checks in 78% of 4B sessionsResearchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. [...]BLEEPINGCOMPUTER.COM
2 AprMoney transfer app Duc exposed thousands of driver’s licenses and passports to the open webAn exposed Amazon-hosted server allowed anyone to access reams of customer data without needing a password.TECHCRUNCH.COM
2 AprLatin America and the Caribbean Cybercrime LandscapeThis report provides an overview of trends and developments in the cybercriminal ecosystem of Latin America and the Caribbean (LAC) in 2025.RECORDEDFUTURE.COM
2 AprPrioritizing Alerts Triage with Higher-Order Detection RulesScaling SOC efficiency through multi-signal correlation and higher-order detection patterns.ELASTIC.CO