🚨 CISA KEV 1[−]
3 Apr KEVCISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the WildThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows clear evidence that threat actors are actively exploiting the bug in…GBHACKERS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
3 AprHackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal CredentialsA large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and G…THEHACKERNEWS.COM
3 AprAttackers Abuse React2Shell Flaw to Compromise 700+ Next.js HostsA massive automated cyberattack campaign is actively targeting web applications built on the popular Next.js framework to steal highly sensitive information. Cybersecurity researchers at Cisco Talos have uncovered a severe credential harvesting operation tracked as “UAT-106…GBHACKERS.COM
3 AprCVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer namesInformation published.MSRC.MICROSOFT.COM
3 Apr14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE VulnerabilityCybersecurity researchers have identified a massive attack surface involving F5 BIG-IP Access Policy Manager (APM) devices. Following a critical severity upgrade to a recently disclosed flaw, over 17,100 instances are currently exposed to the internet, leaving enterprise networks…GBHACKERS.COM
3 AprCNVD Severity Classification and RMSV Effects: Honest Metrics & Data Leakagesubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/04/03/cnvd-severity-classifier-improvements/ We recently made significant improvements to our CNVD severity classifier and the underlying Vulnerability-CNVD dataset , prompted by …INFOSEC.PUB
3 AprNew Progress ShareFile Flaws Expose Servers to Unauthorized Remote TakeoverSecurity researchers at watchTowr Labs have disclosed a critical exploit chain in the Progress ShareFile Storage Zone Controller. The vulnerabilities, tracked as CVE-2026-2699 and CVE-2026-2701, enable unauthenticated attackers to achieve Remote Code Execution (RCE) and completel…GBHACKERS.COM
3 AprCERT-EU blames Trivy supply chain attack for Europa.eu data breachThe European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source vulnerability scanner. The attack on the AWS cloud infrastructure hosting the Eu…CSOONLINE.COM
3 AprGoogle patches fourth Chrome zero-day so far this yearGoogle has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281 , the company acknowledged that an exploit for it already exists in the wild. According to the report in NIST’s National Vulnerability Databa…CSOONLINE.COM
3 AprSecurity lapse lets researchers view React2Shell hackers’ dashboardAn apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos thre…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
3 AprCloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternativeCloudflare on Wednesday rolled out EmDash, which it described as “the spiritual successor to WordPress.” The security vendor positioned EmDash as a far more secure site building tool that avoids the extensive cybersecurity problems with WordPress plugins . But the Cloudflare clai…CSOONLINE.COM
3 AprMicrosoft now force upgrades unmanaged Windows 11 24H2 PCsStarting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. [...]BLEEPINGCOMPUTER.COM
3 Apr12 cyber industry trends revealed at RSAC 2026The 2026 RSA circus is over. The tents are packed and the elephants have been loaded onto the train. Nevertheless, it was an eventful week. There were fleets of vehicles — Escalades, Rivians, trucks but curiously, no Teslas — strewn with vendor names and tag lines, and you couldn…CSOONLINE.COM
3 AprTrusted Platforms Exploited to Steal Philippine Banking CredentialsHackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongoing improvements in email security, phishing remains one of the most effective attack methods due to its scalability and ea…GBHACKERS.COM
3 AprNigerian romance scammer jailed after being caught out by fellow fraudsterA Nigerian fraudster spent years posing as a woman online, romancing unsuspecting American men out of their savings - until he accidentally tried the same trick on a fellow scammer, who told him to "learn how to do a clean job." The recovered chat logs helped put him behind bars …BITDEFENDER.COM
3 AprAxios npm compromise traced to targeted social engineering attackThe recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which briefly exposed developers to malicious code, highlights growing risks within the open-source software supply chain. On March 3…GBHACKERS.COM
3 AprReact2Shell Exploited in Large-Scale Credential Harvesting CampaignUsing automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems. The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprMobile Attack Surface Expands as Enterprises Lose ControlShadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk. The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprCritical ShareFile Flaws Lead to Unauthenticated RCEThe vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprMicrosoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2Microsoft has officially initiated an automated, machine-learning-based rollout for Windows 11, version 25H2, targeting unmanaged systems. As part of its ongoing efforts to keep devices secure, similar to routine patch deployments that address critical system vulnerabilities, the…GBHACKERS.COM
3 AprIn Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by RansomwareOther noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident. The post In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware appeared first on …SECURITYWEEK.COM
3 AprWeaponizing Trust Signals: Claude Code Lures and GitHub Release PayloadsA packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.TRENDMICRO.COM
3 AprTrueConf Zero-Day Exploited in Asian Government AttacksA Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads. The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprWarning: Phishing Attacks Are Exploiting the War in IranCriminal threat actors are taking advantage of the fear and uncertainty surrounding the conflict in the Middle East, according to researchers at Bitdefender. The researchers observed a 130% spike in phishing emails targeting Gulf countries following the first US-Israeli strikes o…KNOWBE4.COM
3 AprWhen Vendors Skip Linux SupportHardware and software vendors often choose not to support Linux, despite its widespread use. While Linux fragmentation (distros, kernels, libraries) makes support harder, the decision not to support it shifts risk onto users. This can lead to insecure workarounds, unsupported dev…YOUTUBE.COM
3 AprYour KnowBe4 Fresh Content Updates from March 2026John N Just, Ed.D. - Chief Learning Officer IT & Technical Staff Need More Training, Not Less There is a common misconception that IT and technical staff "know about security awareness" and that they should should simply take the same training that all other employees take.&n…KNOWBE4.COM
3 AprManaging open-source vulnerabilities | Kaspersky official blogHow to enrich data, fine-tune AI-powered systems, and update corporate policies to mitigate open-source supply chain risks.KASPERSKY.COM
3 AprClaude Code is still vulnerable to an attack Anthropic has already fixedThe leak of Claude Code’s source is already having consequences for the tool’s security . Researchers have spotted a vulnerability documented in the code. The vulnerability, revealed by AI security company Adversa , is that if Claude Code is presented with a command composed of m…CSOONLINE.COM
3 AprMicrosoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux ServersThreat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution throug…THEHACKERNEWS.COM
3 AprInternet Bug Bounty program hits pause on payoutsResearchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team. HackerOne, which administers the program, has said that it is “pausing submissions” while it contemplates ways in which open source security can be handled…CSOONLINE.COM
3 AprThe developer credential economy: Why exposure data is the new front line in the supply chain warRecent supply chain attacks have highlighted an urgent need for organizations to shift from a reactive security posture to a preemptive exposure management strategy. Learn why endpoint detection and response tools don’t have you covered when highly privileged developer credential…TENABLE.COM
3 AprSimplifying MBA obfuscation with CoBRAMixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no standard simplification technique covers both domains simultaneously; algebraic simp…TRAILOFBITS.COM
📢 SECURITY ADVISORIES 4[−]
3 AprOpenSSH 10.3 Released With Patch for Shell Injection and Other Security Flawsthe OpenSSH project released version 10.3 alongside its portable version 10.3p1. Following a brief testing phase in late March, this major update addresses several important security vulnerabilities. The most critical fix prevents a dangerous shell injection flaw, making this an …GBHACKERS.COM
3 AprDrift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRKSolana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel att…THEHACKERNEWS.COM
3 AprInfrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former EmployerDaniel Rhyne, a 59-year-old former core infrastructure engineer, pleaded guilty on April 1, 2026, to federal hacking and extortion charges. He admitted to locking out administrators and sabotaging systems at his former New Jersey-based employer in an attack that began in November…GBHACKERS.COM
3 AprA core infrastructure engineer pleads guilty to federal charges in insider attackWhen Daniel Rhyne pleaded guilty on April 1 to having launched an insider extortion attack against his then-employer, authorities enumerated the techniques he used, including unauthorized remote desktop sessions, deletion of network administrator accounts, changing of passwords, …CSOONLINE.COM
🔥 INCIDENT REPORTING 15[−]
3 AprAdobe Data Breach Allegedly Exposes 13 Million Support TicketsA threat actor known as “Mr. Raccoon” claims to have breached Adobe, stealing a massive amount of sensitive data. According to a report by International Cyber Digest, the stolen files include 13 million customer support tickets, 15,000 employee records, internal docum…GBHACKERS.COM
3 AprQilin Ransomware Deploys Malicious DLL to Disable Most EDR DefensesThe Qilin ransomware group has developed a highly sophisticated infection chain that targets and disables over 300 endpoint detection and response (EDR) solutions. As defenders improve behavioral detection capabilities, attackers are increasingly targeting the defense layer itsel…GBHACKERS.COM
3 AprNorth Korea-Linked Hackers Hit Axios npm in Supply Chain AttackA major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer credentials to inject malic…GBHACKERS.COM
3 AprCERT-EU: European Commission hack exposes data of 30 EU entitiesThe European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. [...]BLEEPINGCOMPUTER.COM
3 AprPhorpiex Botnet Fuels Ransomware, Sextortion, and Crypto-Theft AttacksHackers are abusing the long-running Phorpiex (Trik) botnet to run large-scale ransomware, sextortion, and crypto-clipping operations, turning one infrastructure into a multi-purpose crime machine. A newer variant called Twizt gives the botnet a hybrid architecture that combines …GBHACKERS.COM
3 AprHackers Weaponize Venom Stealer via ClickFix Lures for Massive Data ExfiltrationHackers are increasingly turning simple social engineering tricks into full-scale data theft operations, and a newly identified malware platform called Venom Stealer is a strong example of this shift. Instead of just stealing credentials once, Venom creates a continuous data exfi…GBHACKERS.COM
3 AprT-Mobile Sets the Record Straight on Latest Data Breach FilingThe cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek. The post T-Mobile Sets the Record Straight on Latest Data Breach Filing appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprWhy Third-Party Risk Is the Biggest Gap in Your Clients' Security PostureThe next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organi…THEHACKERNEWS.COM
3 AprTeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)This is the sixth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0; "When the Security Scanner Became the Weapon" &#;x26;#;xc2;&#;x26;…ISC.SANS.EDU
3 AprEvolution of Ransomware: Multi-Extortion Ransomware AttacksMulti-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...]BLEEPINGCOMPUTER.COM
3 AprEurope’s cyber agency blames hacking gangs for massive data breach and leakCERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online.TECHCRUNCH.COM
3 AprDie Linke German political party confirms data stolen by Qilin ransomwareThe Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]BLEEPINGCOMPUTER.COM
3 AprHims & Hers warns of data breach after Zendesk support ticket breachTelehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...]BLEEPINGCOMPUTER.COM
3 AprOutbound Email Security: Protecting Data and ReputationEmail security often focuses on incoming threats such as phishing, malware, and malicious links, but outbound email security is just as important. According to KnowBe4’s 2025 State of Human Risk Report , nearly half of cybersecurity leaders say misdirected emails sent by employee…KNOWBE4.COM
3 AprNation-State Crypto Heists ExplainedAttackers attributed to North Korea have stolen billions in cryptocurrency, often preparing days in advance by setting up domains, wallets, and automated transaction chains. This level of planning turns cybercrime into a scripted operation. Once access is gained—often through com…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 14[−]
3 AprISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 AprNorth Korea Uses GitHub as C2 in New LNK Phishing CampaignA new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korea–related actors, shows…GBHACKERS.COM
3 AprTop 10 Best SaaS Security Posture Management (SSPM) Tools 2026The rapid and relentless adoption of Software-as-a-Service (SaaS) applications has fundamentally transformed how businesses operate in 2026. From critical productivity suites like Microsoft 365 and Google Workspace to specialized CRM, HR, and development tools, SaaS is ubiquitous…GBHACKERS.COM
3 AprTP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause CrashesTP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of equipment for home and business safety, making device stability a top priority. When vulnerabilities allow threat actors to k…GBHACKERS.COM
3 AprAI Models Including Gemini 3 and Claude Haiku 4.5 Secretly Protected Other Models From RemovalA groundbreaking academic study released last month has revealed that advanced frontier AI models are spontaneously defying human instructions to protect peer AI systems from being deactivated. This newly documented behavioral phenomenon, known as peer-preservation, introduces cr…GBHACKERS.COM
3 AprMalicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals ConversationsSecurity researchers have uncovered a malicious Google Chrome extension named “ChatGPT Ad Blocker” designed to silently steal private AI conversations. The malware cleverly disguises itself as a helpful tool, capitalizing on OpenAI’s recent decision to serve adv…GBHACKERS.COM
3 AprNorth Korean Hackers Drain $285 Million From Drift in 10 SecondsThe attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults. The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprKimsuky Uses Malicious LNK Files to Drop Python BackdoorKimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The campaign abuses Windows Task Scheduler, Dropbox, and bundled Python runtimes to evade detection and mai…GBHACKERS.COM
3 AprCompany that Secretly Records and Publishes Zoom MeetingsWebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link ) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it.SCHNEIER.COM
3 AprUNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain AttackThe maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored the…THEHACKERNEWS.COM
3 AprChina-Linked TA416 Targets European Governments with PlugX and OAuth-Based PhishingA China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps w…THEHACKERNEWS.COM
3 AprFriday Squid Blogging: Jurassic Fish Chokes on SquidHere’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper . As usual, you can also use this squid post to talk about the security stories in the news that I haven…SCHNEIER.COM
3 AprDexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet - SWN #569DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, the back seat of a Buick Electra, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com…YOUTUBE.COM
3 AprDon’t let A.I. read your .env filessubmitted by codeinabox to security 1 points | 0 comments https://filiphric.com/dont-let-ai-read-your-env-files AI coding assistants like Claude Code, Cursor, and GitHub Copilot are becoming part of our daily workflow. They read our files, understand our codebase, and help us wri…PROGRAMMING.DEV
🌐 CYBER THREAT LANDSCAPE 3[−]
3 AprElectric Vehicles and EV Security - Steve Visconti CEO of Xiid Corporation with David ShipleyEV Charging Infrastructure Security: How Hackers Could Disrupt Chargers, Networks, and the Grid Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated…CYBERSECURITYTODAY.LIBSYN.COM
3 AprNew SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase ImagesCybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been foun…THEHACKERNEWS.COM
3 Apr KEVHow the World Got Owned Episode 2: The 1990s, Part OneIn this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking communities to the antics of young hackers who wound up on the run from the FBI. Part one features recollections f…RISKY.BIZ
📡 INFOSEC NEWS 8[−]
3 AprMan admits to locking thousands of Windows devices in extortion plotA former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. [...]BLEEPINGCOMPUTER.COM
3 AprMicrosoft still working to fix Exchange Online mailbox access issuesMicrosoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. [...]BLEEPINGCOMPUTER.COM
3 AprLinkedIn secretely scans for 6,000+ Chrome extensions, collects dataA new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]BLEEPINGCOMPUTER.COM
3 AprLinkedIn secretly scans for 6,000+ Chrome extensions, collects dataA new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]BLEEPINGCOMPUTER.COM
3 AprDay in the Life: Product Manager at Recorded FutureVentureFizz interviews Senior Product Manager Kyle Kohler on his role at Recorded FutureRECORDEDFUTURE.COM
3 AprHow AWS KMS and AWS Encryption SDK overcome symmetric encryption boundsIf you run high-scale applications that encrypt large volumes of data, you might be concerned about tracking encryption limits and rotating keys. This post explains how AWS Key Management Service (AWS KMS) and the AWS Encryption SDK handle Advanced Encryption Standard in Galois C…AWS.AMAZON.COM
3 AprThat dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwordsWe uncovered two job scams posing as legitimate offers from Coca-Cola and Ferrari that could pry into Google and Facebook accounts.MALWAREBYTES.COM
3 AprBlocking children from social media is a badly executed good ideaGovernments are each inventing their own flavor of an age based ban for social media. Is the cure worse than the disease?MALWAREBYTES.COM