124Articles
8Categories
2026-04-07Date
🚨 CISA KEV 1[−]
7 Apr KEVCISA Alerts Defenders to Actively Exploited Fortinet Zero-Day VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that t…GBHACKERS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 17[−]
7 Apr50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCEA severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-0740, this unauthenticated arbi…GBHACKERS.COM
7 AprFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances ExposedThreat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that c…THEHACKERNEWS.COM
7 AprCVE-2026-35386Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATIONInformation published.MSRC.MICROSOFT.COM
7 AprCVE-2026-35388Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-35387Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-35385Information published.MSRC.MICROSOFT.COM
7 Apr KEVAttackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain ExposedA critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers to execute malicious code an…GBHACKERS.COM
7 AprDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host AccessA high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix&nb…THEHACKERNEWS.COM
7 AprMax severity Flowise RCE vulnerability now exploited in attacksHackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]BLEEPINGCOMPUTER.COM
7 AprFortinet releases emergency hotfix for FortiClient EMS zero-day flawHackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched versi…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 45[−]
7 AprNorth Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New AllegationsHost David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to…CYBERSECURITYTODAY.LIBSYN.COM
7 AprWindows Defender 0-Day Published Online, Giving Attackers Potential Full AccessA newly discovered zero-day vulnerability, dubbed “BlueHammer,” has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromise…GBHACKERS.COM
7 AprMicrosoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa RansomwareMicrosoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm‑1175 is a financially motivated group known for high‑vel…GBHACKERS.COM
7 Apr172: SuperBoxWhat if there was a device which gave you endless movies and TV shows without ads? Ok great sign me up! In this episode we interview “D3ada55”, who found such a device, but as she gazed into it, she discovered it gazing back at her. Sponsors Support for this show comes from Threa…DARKNETDIARIES.COM
7 AprThreat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing CampaignsThreat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that blends social engineering, living‑off‑the‑land techniques, and stealthy information‑stealing malware. Sophos’ Managed Detect…GBHACKERS.COM
7 AprChina-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa RansomwareA China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's hi…THEHACKERNEWS.COM
7 AprLife imprisonment for Cambodian scam compound operators – but will it make a difference?Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the world with romance scams and dodgy investment schemes. Read more in my article on …BITDEFENDER.COM
7 AprThe rise of proactive cyber: Why defense is no longer enoughFor more than two decades, cybersecurity has been built on a reactive model: detect intrusions, patch vulnerabilities, respond to incidents, and repeat. That model is now under sustained pressure from a threat environment that is faster, more coordinated, and increasingly automat…CSOONLINE.COM
7 AprThe noisy tenants: Engineering fairness in multi-tenant SIEM solutionsI recently had the opportunity to review five popular SIEM solutions as part of a judging panel for a Security award. While each platform had its own unique flair, their core promises were remarkably consistent: 24/7/365 SOC monitoring: Round-the-clock coverage backed by global e…CSOONLINE.COM
7 AprAppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - ASW #377Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and what secure design looks like when it involves agents, humans, or both. AppSec has…YOUTUBE.COM
7 AprCritical Android Flaw Allows Zero-Interaction Denial-of-Service AttacksGoogle has rolled out its April 2026 Android Security Bulletin, addressing multiple vulnerabilities across the mobile operating system. The most alarming discovery this month is a critical security flaw in the Android Framework that allows attackers to trigger a local denial-of-s…GBHACKERS.COM
7 AprHong Kong Police Can Force You to Reveal Your Encryption KeysAccording to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23,…SCHNEIER.COM
7 AprNew GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-FlipsNew academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDR…THEHACKERNEWS.COM
7 AprSupply chain security is now a board-level issue: Here’s what CSOs need to knowFor many years, supply chain security was viewed purely as a technical concern. However, with high-profile vulnerabilities and regulations, it is now a board-level issue that requires organizations to rethink how to build resiliency and insulate their operations. The changing reg…CSOONLINE.COM
7 AprDisgruntled researcher leaks “BlueHammer” Windows zero-day exploitsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/SH.ITJUST.WORKS
7 AprMedusa Ransomware Fast to Exploit Vulnerabilities, Breached SystemsThe group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access. The post Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprHackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 HoursHackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT‑10608”. It relies on a custom framework dubb…GBHACKERS.COM
7 AprMicrosoft says Medusa-linked Storm-1175 is speeding ransomware attacksMicrosoft has warned that Storm-1175, a cybercrime group linked to Medusa ransomware, is exploiting vulnerable web-facing systems in fast-moving attacks, at times moving from initial access to data theft and ransomware deployment within 24 hours. The company said the group has he…CSOONLINE.COM
7 AprFake Gemini npm Package Steals AI Tool TokensHackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch that should have been a red…GBHACKERS.COM
7 AprGPUBreach Attack Could Lead to Full System Takeover and Root Shell AccessA newly discovered vulnerability dubbed “GPUBreach” demonstrates that GPU-based Rowhammer attacks can now achieve complete system compromise. Scheduled for presentation at the IEEE Symposium on Security & Privacy in 2026, University of Toronto researchers revealed…GBHACKERS.COM
7 Apr[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise RiskIn the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of a…THEHACKERNEWS.COM
7 AprZero‑click Grafana AI attack can enable enterprise data exfiltrationIndirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from …CSOONLINE.COM
7 AprCampaign Mode: Because Your SOC Team Has a LifeIn the world of cybersecurity, busy is an understatement. SOC teams are often drowning in a sea of repetitive alerts. Looking at the same threat or graymail spread across 50 pages of logs isn't just tedious, it’s a drain on your most valuable resource: time.KNOWBE4.COM
7 AprWindmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept PublishedCybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine. These severe flaws allow remote attackers to take full control of affected systems without requiring any passwor…GBHACKERS.COM
7 AprOver 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet CampaignAn active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnera…THEHACKERNEWS.COM
7 AprCUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code ExecutionA team of AI-driven vulnerability hunting agents directed by security researcher Asim Viladi Oglu Manizada has discovered two critical security flaws in CUPS, the standard printing system for Linux and Unix-like operating systems. When chained together, these vulnerabilities allo…GBHACKERS.COM
7 AprGrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise DataBy targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards. The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprTrump administration plans to cut cybersecurity agency’s budget by $700 millionThe budget proposal would force CISA to operate with a significantly lower budget than previous years, citing the government's claims that the election misinformation programs were used to "target the President."TECHCRUNCH.COM
7 AprWhy Your Automated Pentesting Tool Just Hit a WallAutomated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]BLEEPINGCOMPUTER.COM
7 AprSevere StrongBox Vulnerability Patched in AndroidA critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update. The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprOne Click Took Down the Supply ChainA widely used NPM package was compromised after a maintainer was socially engineered into installing malware on their development machine. Attackers then introduced a malicious dependency, impacting downstream users. Modern supply chain attacks don’t require breaking systems—they…YOUTUBE.COM
7 AprCritical Flowise Vulnerability in Attacker CrosshairsThe improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprAuthorities disrupt router DNS hijacks used to steal Microsoft 365 loginsAn international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]BLEEPINGCOMPUTER.COM
7 AprMilking the last drop of Intego - Time for Windows to get its LPEExploitation of an arbitrary directory deletion via symlink following in the antivirus Intego.QUARKSLAB.COM
7 AprRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking CampaignThe Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espi…THEHACKERNEWS.COM
7 AprA Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these file…ISC.SANS.EDU
7 Apr5 steps to strengthen supply chain security and improve cyber resilienceSupply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted vendor, software component, cloud service, or MSP tool, they bypass traditional defenses and enter through the front door.…CSOONLINE.COM
7 Apr5 ways to strengthen identity security and improve attack resilienceIdentity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity s…CSOONLINE.COM
7 Apr KEV5 practical steps to strengthen attack resilience with attack surface managementEvery asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than mos…CSOONLINE.COM
7 AprAI Found and Exploited Bugs AutomaticallyResearchers using Claude and other Anthropic models have shown AI can find bugs in popular software like Vim and Emacs—and automatically generate exploits. This isn’t just bug hunting. It’s a new level of risk where AI can turn theoretical vulnerabilities into actionable exploits…YOUTUBE.COM
7 AprMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
7 AprHackers exploit critical flaw in Ninja Forms WordPress pluginA critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]BLEEPINGCOMPUTER.COM
7 AprWhat Anthropic Glasswing reveals about the future of vulnerability discoveryAI giant Anthropic has unveiled Project Glasswing , a cybersecurity initiative built around Claude Mythos Preview, a model it describes as “cybersecurity in the age of AI” that can autonomously identify software vulnerabilities at scale. Rather than release the model publicly, An…CSOONLINE.COM
7 AprWhat we learned about TEE security from auditing WhatsApp's Private InferenceWhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted …TRAILOFBITS.COM
7 AprClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the WildFor years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a …ANY.RUN
📢 SECURITY ADVISORIES 14[−]
7 AprWhite House Seeks to Slash CISA Funding by $707 MillionThe Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure. The post White House Seeks to Slash CISA Funding by $707 Million appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprIranian hackers are targeting American critical infrastructure, U.S. agencies warnA joint FBI, NSA and CISA advisory warns that Iranian hackers have 'escalated' their tactics in response to the ongoing U.S.-Israel war with Iran.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 14[−]
7 AprWeekly Update 498Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This week, more time than I'd have liked to spend went on talking about the trials of chasing invoices. This is off the back of a …TROYHUNT.COM
7 AprGerman Police Unmask REvil Ransomware LeaderShchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations. The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprGPUBreach: Root Shell Access Achieved via GPU Rowhammer AttackResearchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Toolssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.htmlSH.ITJUST.WORKS
7 AprThe Hidden Cost of Recurring Credential IncidentsWhen talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most se…THEHACKERNEWS.COM
7 AprKubernetes Flaws Let Hackers Jump From Containers to Cloud AccountsHackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high‑value cloud accounts, turning a single compromised pod into full cloud‑level access. This trend is accelerating rapidly, with Kubernetes‑related identity abuse and token-theft operatio…GBHACKERS.COM
7 AprNew GPUBreach attack enables system takeover via GPU rowhammersubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/SH.ITJUST.WORKS
7 AprThe dangers of telehealth: data breaches, phishing, and spam | Kaspersky official blogTelemedicine is a huge time-saver, but a leak of your medical records carries serious risks. We’re breaking down the threats, and sharing simple tips to keep your health data private.KASPERSKY.COM
7 AprGerman authorities identify REvil and GandCrab ransomware bossessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/SH.ITJUST.WORKS
7 AprAI for Human Risk Management Shift to Adaptive Behavior Based TrainingHuman risk management (HRM) focuses on one of the most persistent cybersecurity vulnerabilities: humans. Social engineering attacks that trick users into taking risky actions are a factor in 98% of cyberattacks not because they are technically complex, but because they manipulate…KNOWBE4.COM
7 AprRussia Hacked Routers to Steal Microsoft Office TokensHackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon auth…KREBSONSECURITY.COM
7 AprSnowflake customers hit in data theft attacks after SaaS integrator breachOver a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]BLEEPINGCOMPUTER.COM
7 AprFBI: Americans lost a record $21 billion to cybercrime last yearU.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. [...]BLEEPINGCOMPUTER.COM
7 AprSupport platform breach exposes Hims & Hers customer dataHealthcare companies handle some of the most personal data imaginable, and that makes them a magnet for hackers.MALWAREBYTES.COM
🕵️ THREAT INTELLIGENCE 28[−]
7 AprIran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 OrganizationsAn Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct at…THEHACKERNEWS.COM
7 AprISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 AprFake TradingView Premium Reddit Posts Spread Vidar and AMOS StealersA new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information‑stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView Pre…GBHACKERS.COM
7 AprWynn Resorts Says 21,000 Employees Affected by ShinyHunters HackThe high-end casino and hotel operator has likely paid a ransom to avoid a data leak. The post Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprNew Microsoft Defender Update Issued for Windows 11, Windows 10, and Server ImagesMicrosoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and AI-enhanced cloud pr…GBHACKERS.COM
7 AprIran-Linked Hackers Hit M365 Tenants in Middle East Password Spray CampaignIran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on March 3, March 13, and March …GBHACKERS.COM
7 AprFake Installers Spread RATs, Monero Miners in Ongoing Malware CampaignFake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant across multiple campaigns dating back to late 2023. REF1695 relies on ISO-based fake installers that mimic legitimate soft…GBHACKERS.COM
7 AprTor-Backed ClickFix Campaign Drops Node.js RAT on WindowsHackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA or verification prompts. In t…GBHACKERS.COM
7 AprFIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defenseAs if securing the enterprise against a tidal wave of AI tools wasn’t hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn’t the headline at RSAC 2026 last week — agentic AI … (more…) The post FIRESIDE CHAT…LASTWATCHDOG.COM
7 AprHackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malwaresubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/claude-code-leak-to-spread-vidar-and-ghostsocks-malware/SH.ITJUST.WORKS
7 AprGuardarian Users Targeted With Malicious Strapi NPM Packages - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/SH.ITJUST.WORKS
7 AprBPFDoor Variants Hide with Stateless C2 and ICMP Relay TacticsSeven new BPFDoor variants that push Linux backdoor tradecraft deep into the kernel, making them harder to spot in large telecom networks. These implants use Berkeley Packet Filters (BPF) to quietly inspect traffic inside the operating system kernel, waiting for a “magic packet” …GBHACKERS.COM
7 AprWebinar Today: Why Automated Pentesting Alone Is Not EnoughJoin the live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. The post Webinar Today: Why Automated Pentesting Alone Is Not Enough appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprSOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacksExecutive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure. Th…MICROSOFT.COM
7 AprClaude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should DoThreat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk.TRENDMICRO.COM
7 AprThe New Rules of Engagement: Matching Agentic Attack SpeedThe cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprTrent AI Emerges From Stealth With $13 Million in FundingThe startup has created a layered security solution aiming to secure AI agents throughout their entire lifecycle. The post Trent AI Emerges From Stealth With $13 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprBounty Available (>$2,000) for QubesOS BusKill packagesubmitted by buskill to cybersecurity 2 points | 0 comments https://www.buskill.in/qubes-package-bounty/ Friends, We’re happy to announce that we have funding available to package BusKill in QubesOS as a contrib package. Thanks to a generous donation from NovaCustom , we’re offer…SH.ITJUST.WORKS
7 AprRussian government hackers broke into thousands of home routers to steal passwordsFancy Bear, also known as APT28, has taken over thousands of residential home routers to steal passwords and authentication tokens in a wide-ranging espionage operation.TECHCRUNCH.COM
7 AprBounty Available (>$2,000) for QubesOS BusKill packagesubmitted by buskill to security 1 points | 0 comments https://www.buskill.in/qubes-package-bounty/ Friends, We’re happy to announce that we have funding available to package BusKill in QubesOS as a contrib package. Thanks to a generous donation from NovaCustom , we’re offering a…PROGRAMMING.DEV
7 AprUS warns of Iranian hackers targeting critical infrastructureIranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]BLEEPINGCOMPUTER.COM
7 AprAnthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksNew AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprCthullu, BlueHammer, NK, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland - SWN #570Radioactive Twinkies, Cthullu, BlueHammer, North Korea, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-570YOUTUBE.COM
7 AprThe AI Chip War ExplainedThe global AI race is heavily influenced by access to advanced semiconductor chips, with the U.S. and China navigating complex negotiations around supply and restrictions. Control over AI hardware creates strategic leverage. Limiting access to chips can slow development, shift po…YOUTUBE.COM
7 AprAs breakout time accelerates, prevention-first cybersecurity takes center stageThreat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.WELIVESECURITY.COM
7 AprPalo Alto Networks at Nutanix .NEXT 2026Discover how Palo Alto Networks and Nutanix are Securing the AI-Powered Hybrid Multicloud with zero trust and Prisma AIRS. The post Palo Alto Networks at Nutanix .NEXT 2026 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
7 AprBuilding AI defenses at scale: Before the threats emergeAt AWS, we’ve spent decades developing processes and tools that enable us to defend millions of customers simultaneously, wherever they operate around the world. AI has been an extremely helpful addition to the automation our security and threat intelligence teams do every day, a…AWS.AMAZON.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
📡 INFOSEC NEWS 4[−]
7 AprCybersecurity in the Age of Instant SoftwareAI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spr…SCHNEIER.COM
7 AprAnthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiativeThe new model will be used by a small number of high-profile companies to engage in defensive cybersecurity work.TECHCRUNCH.COM
7 AprCloudflare targets 2029 for full post-quantum securityRecent advances in quantum hardware and software have accelerated the timeline on which quantum attack might happen. Cloudflare is responding by moving our target for full post-quantum security to 2029.CLOUDFLARE.COM
7 AprTraffic violation scams swap links for QR codes to steal your card detailsPhishers are using QR codes on official-looking notices to level up their traffic and toll scams.MALWAREBYTES.COM