HomeWeekly DigestsThis Week
LiveThreat Threat Intelligence

Weekly Threat Intelligence Digest — Apr 02 to Apr 09, 2026

Weekly threat intelligence digest from 441 items (55 critical, 250 high).

📅 April 09, 2026 📊 441 articles analyzed
LIVETHREAT WEEKLY THREAT DIGEST April 02 – April 09, 2026 This week the data reinforced a clear shift: attackers are no longer focusing on the perimeter of a single organization, they are hijacking the trusted relationships that bind vendors together. Supply‑chain compromises – from malicious npm plugins to a Trivy scanner breach that opened the European Commission’s cloud – and the abuse of privileged admin accounts (e.g., the Drift DEX admin takeover, the FBI surveillance platform breach) dominate the headlines. The result is a cascade of data loss, financial theft, and downstream disruption that spreads far beyond the original target. 👉 Access, not just vulnerability, is the primary risk driver. 🚨 EXECUTIVE RISK SNAPSHOT * Supply‑chain is the entry point → compromised CI/CD tools, npm packages, and third‑party scanners opened pathways into SaaS, cloud, and government environments. * Privileged access amplifies impact → a single hijacked admin credential enabled $285 M crypto theft and exposed 80 k devices in multiple incidents. * Blind spots remain → OT/IoT devices, router firmware, and fourth‑party services are largely absent from most TPRM inventories, creating invisible attack surfaces. 🔍 WHAT CHANGED THIS WEEK * State‑backed actors (DPRK, North Korea, Iran) intensified focus on crypto infrastructure and critical‑infrastructure OT, leveraging long‑term social‑engineering campaigns. * Supply‑chain attacks accelerated: 36 malicious npm packages, a compromised LiteLLM version, and the Trivy scanner breach together affected over 1 000 SaaS environments. * Zero‑day exploits (Acrobat Reader, Chrome, FortiClient EMS, GPU Rowhammer) were observed in the wild, prompting emergency patches and highlighting the speed of weaponization. * Phishing evolved with QR‑code traffic‑violation scams and AI‑driven credential harvesting, bypassing traditional URL filters. 🎯 WHERE YOU ARE MOST LIKELY EXPOSED * Cloud hosting providers – AWS, Azure, and other public‑cloud admin consoles that host vendor data. * API and SaaS platforms – Drift (DeFi), LiteLLM, Trivy, and any npm‑based integrations used in your CI/CD pipelines. * Managed Service Providers and MSPs – especially those delivering remote monitoring or endpoint security (e.g., FortiClient EMS). * Endpoint security and identity solutions – FortiClient, Ivanti, and IAM tools that hold privileged credentials. ⚡ WHAT TPRM LEADERS SHOULD DO THIS WEEK 1. Map vendor‑of‑vendor dependencies • Request full sub‑processor lists from core SaaS vendors. • 👉 Ask: “Which of your suppliers have administrative access to my environment?” 2. Verify privileged access controls • Audit admin account usage logs for cloud, MSP, and API providers. • Enforce MFA and just‑in‑time access for all third‑party admin accounts. 3. Scan for compromised third‑party components #Cybersecurity #TPRM #VendorRisk #SupplyChainSecurity #ThreatIntel #LiveThreat #VerisqAI

📋 Articles Referenced in This Digest 441 items

📋 Advisory (135)

HighMicrosoft suspends dev accounts for high-profile open source projects
HighAI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
HighIranian cyber activity hits US energy, water, and government networks
HighCIA director quietly elevated agency’s cyber espionage division
HighFeds Are Still Assessing Proposed HIPAA Security Rule Update
HighU.S. agencies alert: Iran-linked actors target critical infrastructure PLCs
HighTrump’s Proposed CISA Cuts Spark Alarm Among Cybersecurity Experts
High6G network design puts AI at the center of spectrum, routing, and fault management
HighMajor outage cripples Russian banking apps and metro payments nationwide
HighHong Kong Police Can Force You to Reveal Your Encryption Keys
HighCybersecurity in the Age of Instant Software
High[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
HighNational security veterans warn against delays in FISA 702 reauthorization
HighAnthropic Calls Its New Model Too Dangerous to Release
HighNew FBI Warning: Chinese Apps Could Expose User Data
HighCloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day
HighNew Mexico’s Meta Ruling and Encryption
HighBig tech vows to continue CSAM scanning in Europe despite expiration of law allowing it
HighTrump's Budget Proposal Would Slash CISA After Bruising Year
HighShadow AI in Healthcare Is Here to Stay
HighWhy Simple Breach Monitoring is No Longer Enough
HighDo not get high(jacked) off your own supply (chain)
HighFCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic
HighWhy Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
HighAxois NPM Supply Chain Incident
HighMicrosoft still working to fix Exchange Online mailbox access issues
HighUS Bans All Foreign-Made Consumer Routers
MediumMeta’s Muse Spark takes AI a step closer to personal superintelligence
MediumTreasury Department announces crypto industry cyber threat sharing initiative
Medium Your extensions leak clues about you, so we made sure Browser Guard doesn’t
MediumWhy you shouldn't buy cheap DisplayPort cables - the 'Death Pin' can put your GPU at serious risk
MediumAndroid users can get up to $100 each from this class action suit - see if you're eligible
MediumShrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
MediumOpenSSL 3.6.2 lands with eight CVE fixes
MediumWhat managing partners should ask AI vendors before signing any contract
MediumThe Hidden Cost of Recurring Credential Incidents
Medium‘Stop Texting’: FBI Warning Drives Apple’s iPhone Messaging Update
MediumWhy Your Automated Pentesting Tool Just Hit a Wall
MediumMicrosoft fixes Classic Outlook bug causing email delivery issues
MediumApple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users
MediumFirst stalkerware maker prosecuted since 2014 receives no jail time
MediumGen AI Stalls, Shadow AI Rises: A CISO Concern
MediumInconsistent Privacy Labels Don't Tell Users What They Are Getting
MediumMicrosoft now force upgrades unmanaged Windows 11 24H2 PCs
MediumStartup Linx Secures $50M as Identity Threats Intensify
Medium Malwarebytes Privacy VPN receives full third-party audit
InformationalInside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100
InformationalPowering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time
InformationalThe best business VoIP services in 2026: Expert tested and reviewed
InformationalI asked 5 data leaders about how they use AI to automate - and end integration nightmares
InformationalThe best dedicated web hosting of 2026: Expert tested and reviewed
LowI use ChatGPT's new Tubi app to find free movies and TV shows to watch - here's how
LowApple's iOS 26.4.1 update enables Stolen Device Protection by default now - grab it today
LowWhatsApp brings long-awaited privacy feature to filter who can reach you
LowAdvenica’s File Scanner Kiosk scans USB media for malware
InformationalIntruder expands cloud security with agentless container image scanning
InformationalOPSWAT adds predictive AI engine to MetaDefender for pre-execution threat detection
InformationalClaude Managed Agents bring execution and control to AI agent workflows
Informational12 Best Practices for Securing AWS Cloud in 2026
InformationalScaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization
InformationalNumber Usage in Passwords: Take Two, (Thu, Apr 9th)
InformationalISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
LowGot an old Kindle? How to resurrect your e-reader with new books
LowHow to add EPUB, MOBI, and PDF files to your Kindle - follow my easy step-by-step
LowHow to quickly convert EPUB files to Kindle format - and why it matters
LowWhy I stopped using 'Modern Standby' on my Windows laptop to save battery overnight
InformationalAsqav: Open-source SDK for AI agent governance
InformationalData Optimization in Security: A Splunk Architect’s Perspective
InformationalArchitecting for Margin Beyond the Initial Sale
InformationalWhy Operationalizing AI Security Is the Next Great Enterprise Hurdle
LowThe 10 most popular products ZDNET readers bought last month (including a tiny storage option)
LowAmazon is ending support for 8 Kindle models next month: Is yours on the list?
InformationalSecureframe expands Comply with User Access Reviews for automated governance
InformationalTrellix strengthens data security for the GenAI era
LowMicrosoft rolls out fix for broken Windows Start Menu search
InformationalIs a $30,000 GPU Good at Password Cracking?
LowGoogle Chrome's vertical tabs are here: How to opt in and use the new Reading Mode
LowPebblebee Halo vs. AirTag: One of these trackers has a 130dB siren and strobe light
LowCybersecurity jobs available right now: April 8, 2026
LowWeekly Update 498
InformationalSignals from the Cloud Security Forecast 2026: Cloud Risk Is Scaling through Design, Not Disruption
InformationalSimplify Your Approach to Securing OT Networks
InformationalNew eSentire CEO Pursues AI-Driven Managed Security Shift
InformationalCloudflare targets 2029 for full post-quantum security
Informational🎙️SECURITY.COM The Podcast: A Brief History of Data Loss Prevention
InformationalLies, Damned Lies, and Cybersecurity Metrics
InformationalAsus' latest flagship laptop competes with the MacBook Air, but not how you'd think
LowI tried Google Photos' new AI Enhance tool: How it crops, relights, and fixes your shots - sometimes
LowLove window snapping on Linux? You should try a tiling window manager - here's why
InformationalApple, Google, and Microsoft join Anthropic's Project Glasswing to defend world's most critical software
InformationalOpenAI opens applications for an external AI safety research fellowship
InformationalComp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
InformationalGitHub Copilot CLI gets a second-opinion feature built on cross-model review
InformationalAcronis MDR by TRU brings 24/7 managed detection and response to MSPs
LowSamsung's latest TV firmware update fixes the Chromecast issue for older models - finally
InformationalThe case for fixing CWE weakness patterns instead of patching one bug at a time
LowSamsung to Shut Down Its Messaging App, Switch to Google Messages in July
LowGoogle Wants to Transition to Post-Quantum Cryptography by 2029
InformationalWhy Every Enterprise Needs a Risk Operations Center (ROC)
InformationalWhy Security Researchers and Red Teams Are Turning to Workflow Automation
InformationalCloudflare Targets WordPress With New AI-Powered EmDash CMS
InformationalOWASP GenAI Security Project Gets Update, New Tools Matrix
InformationalHow much RAM does Linux really need in 2026? My sweet spot after decades of use
LowWhy Microsoft is forcing Windows 11 25H2 update on all eligible PCs
InformationalI used a single power station to keep my off-grid cabin running - how it all worked out
InformationalI tested Gemini on Android Auto and now I can't stop talking to it: 5 tasks it nails
LowMicrosoft removes Support and Recovery Assistant from Windows
InformationalCISOs grapple with AI demands within flat budgets
InformationalProduct showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
InformationalInference Costs Are Not Sustainable
LowDon't plug these 7 common household gadgets into an extension cord - according to an electrician
LowI let a smart planter maintain itself while I was away for 2 months - here's the result
InformationalIs increasing VRAM finally worth it? I ran the numbers on my Windows 11 PC
InformationalChainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
InformationalSymantec CBX Through the Paparazzi Lens
InformationalI tried ChatGPT's new CarPlay integration: It's my go-to now for the questions Siri can't answer
InformationalHow Flipboard's new Surf app lets you merge social feeds, YouTube, and RSS to escape the algorithm - finally
LowWindows 11 Home vs. Windows 11 Pro: I found the differences that truly matter
LowI've worn the Oura Ring and Apple Watch for years: Here's which of two is more essential
LowI tested cheap monitors for the office - this $80 MSI is one of the few I'd actually recommend
LowYou can use Google Meet with CarPlay now: How to join meetings safely in your car
LowCrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
InformationalNew infosec products of the month: March 2026
InformationalClick, wait, repeat: Digital trust erodes one login at a time
InformationalMicrosoft releases open-source toolkit to govern autonomous AI agents
InformationalAPERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
LowWindows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches
LowI highly recommend this car charger for quick charging on the go - and it's cheap
LowI turned to PrivacyBee to clean up my data - here's how it made me disappear
LowBrick vs. Bloom Card: I tested both for my screen addiction, and the winner depends on you
InformationalPentagon Commits to Reform of Cyber Talent Management System
InformationalRSAC 2026: AI Dominates, But Community Remains Key to Security
InformationalSecurity Bosses Are All-In on AI. Here's Why
InformationalNew Red Hat subscription simplifies long-term enterprise Linux support
InformationalAWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test

🔓 Breach (48)

CriticalThe alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
CriticalTeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
CriticalDrift $280M crypto theft linked to 6-month in-person operation
Critical$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
CriticalMercor Breach Linked to LiteLLM Supply-Chain Attack
CriticalNorth Korea–linked hackers drain $285M from Drift in sophisticated attack
CriticalFBI Declares Surveillance System Breach a ‘Major Incident’
CriticalCERT-EU: European Commission hack exposes data of 30 EU entities
CriticalPro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies
CriticalDrift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
CriticalDrift loses $280 million North Korean hackers seize Security Council powers
CriticalBreach Roundup: Feds Confirm 'Major' Hack of FBI System
CriticalShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
High113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
HighHackers steal $3.6 million from crypto ATM giant Bitcoin Depot
HighEurail says December data breach impacts 300,000 individuals
HighWhen attackers already have the keys, MFA is just another door to open
HighCryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack
High 30,000 private Facebook images allegedly downloaded by Meta employee
High NSFW app leak exposes 70,000 prompts linked to individual users
HighSignature Healthcare hit by cyberattack, services and pharmacies impacted
HighMinnesota governor sends national guard to county after cyberattack
HighBreach exposes sensitive LAPD files stored in city attorney system
HighPassport numbers for more than 300,000 leaked during December Eurail data breach
HighSnowflake customers hit in data theft attacks after SaaS integrator breach
HighMy Lovely AI - 106,271 breached accounts
HighMass. Hospital Diverting Ambulances as It Deals With Attack
High Support platform breach exposes Hims & Hers customer data
HighCyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands
HighNorth Korean Hackers Pose as Trading Firm to Steal $285M from Drift
HighWeek in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited
HighSecurity Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION
HighAxios npm hack used fake Teams error fix to hijack maintainer account
HighQilin ransomware group claims the hack of German political party Die Linke
HighCrunchyroll - 1,195,684 breached accounts
HighEuropean Commission breach exposed data of 30 EU entities, CERT-EU says
HighEU cyber agency attributes major data breach to TeamPCP hacking group
HighISMG Editors: Vendor Breaches Expose Healthcare Risk
HighSongTrivia2 - 291,739 breached accounts
HighClaude Source Code Leak Highlights Big Supply Chain Missteps
HighBlast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
HighMan admits to locking thousands of Windows devices in extortion plot
HighHims & Hers warns of data breach after Zendesk support ticket breach
HighMassachusetts emergency communications system impacted by cyberattack
HighTrivy supply chain attack enabled European Commission cloud breach
HighCryptohack Roundup: Charges in Uranium Finance Case
HighHasbro hit by cyberattack, investigates possible data breach
HighNot Toying Around: Hasbro Attack May Take 'Weeks' to Remediate

💀 Ransomware (10)

CriticalChina-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
HighStorm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure
HighStorm-1175 Deploys Medusa Ransomware at 'High Velocity'
HighGerman authorities identify REvil and GandCrab ransomware bosses
HighBKA unmasks two REvil Ransomware operators behind 130+ German attacks
HighMedusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says
HighMicrosoft links Medusa ransomware affiliate to zero-day attacks
HighQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
HighDie Linke German political party confirms data stolen by Qilin ransomware
HighYurei Ransomware Uses Common Tools, Adds Stranger Things References

🕵️ ThreatIntel (167)

CriticalAcrobat Reader zero-day exploited in the wild for many months
HighFrom Tax Refund to Total Compromise: IRS-Themed Phishing Email Drives Full-Stack Financial Fraud
HighSmart Slider updates hijacked to push malicious WordPress, Joomla versions
HighCybercriminals target accountants to drain Russian firms’ bank accounts
HighRussia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine
HighInvestigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
HighZero Days for the Masses: Mythos Presages Exploit Tsunami
High This fake Windows support website delivers password-stealing malware
HighInternet-Exposed ICS Devices Raise Alarm for Critical Sectors
HighNew macOS Malware notnullOSX Targets Crypto Wallets Over $10K
HighAnthropic Leak and Mercor AI Attack: Takeaways for Enterprise AI Security
HighThe long road to your crypto: ClipBanker and its marathon infection chain
HighBitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
HighThe Hidden Security Risks of Shadow AI in Enterprises
HighRussia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
HighPrompt injection tags along as GenAI enters daily government use
HighPhishers sneak through using GitHub and Jira’s own mail delivery infrastructure
HighAI agent intent is a starting point, not a security strategy
HighNew macOS stealer campaign uses Script Editor in ClickFix attack
HighGoogle: New UNC6783 hackers steal corporate Zendesk support tickets
HighHackers use pixel-large SVG trick to hide credit card stealer
HighTikTok removes covert networks ahead of Hungary vote as disinformation concerns grow
HighThe Expanding Role of Cyberattacks in Modern Conflicts
HighAI Is Accelerating Cyberattacks Faster Than Defenses
HighISMG Editors: Anthropic Bug Finder Sparks Zero-Day Dread
HighOT Cybersec Sector Frets Anthropic Will Leave It Behind
HighRussia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics
HighPython Supply-Chain Compromise
HighAPT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
HighMasjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
HighNew Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
High Russian hacking group targets home and small office routers to spy on users
HighNew Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
HighNew Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing
HighNew ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto
HighRussian Forest Blizzard Hackers Hijack Home Routers for Global Spying
HighOperation Masquerade: FBI Disrupts Russian Router Hacking Campaign
HighIranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
HighFraud Rockets Higher in Mobile-First Latin America
HighUnderstanding and Anticipating Venezuelan Government Actions
HighChaos malware expands from routers to Linux cloud servers
HighSocial engineering attacks on open source developers are escalating
HighTwo prominent Egyptian journalists targeted with elaborate spearphishing campaign
HighThe Growing Abuse of GitHub and GitLab in Phishing Campaigns
HighProject Glasswing powered by Claude Mythos: defending software before hackers do
HighIran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
HighN. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
HighCybercrime losses break the $20 billion mark
HighAnthropic’s new AI model finds and exploits zero-days across every major OS and browser
HighCybercriminals move deeper into networks, hiding in edge infrastructure
HighFBI: Americans lost a record $21 billion to cybercrime last year
HighSOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
HighFast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
HighAPT28 exploit routers to enable DNS hijacking operations
HighUK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks
HighOver 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
HighRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
HighUK exposes Russian cyber unit hacking home routers to hijack internet traffic
HighMassachusetts hospital turning ambulances away after cyberattack
HighFBI, Pentagon warn of Iran hacking groups targeting operational technology
HighIranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
HighUS Critical Infrastructure Facing Iranian-Linked OT Threats
HighThe Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
HighAI Agents and Non-Human Identities Creating Critical Security Gaps, Report
HighA Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
HighLife imprisonment for Cambodian scam compound operators – but will it make a difference?
HighRussia Hacked Routers to Steal Microsoft Office Tokens
HighAI-enabled device code phishing campaign exploits OAuth flow for account takeover
HighRussian hackers hijack internet traffic using vulnerable routers
HighAuthorities disrupt router DNS hijacks used to steal Microsoft 365 logins
HighUS warns of Iranian hackers targeting critical infrastructure
High Traffic violation scams swap links for QR codes to steal your card details
HighGPUBreach exploit uses GPU memory bit-flips to achieve full system takeover
HighAxios Attack Shows Social Complex Engineering Is Industrialized
HighAI-Assisted Supply Chain Attack Targets GitHub
HighDisgruntled researcher leaks “BlueHammer” Windows zero-day exploit
HighPhishing LNK files and GitHub C2 power new DPRK cyber attacks
HighUnderstanding Current Threats to Kubernetes Environments
HighHow LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
High⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
HighMulti-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
HighDPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
HighIran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
HighGerman police unmask two suspects linked to REvil ransomware gang
HighFBI: Cyber fraud surges to $17.6 billion in losses as scams, crypto theft soar
HighStorm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
HighInside an AI‑enabled device code phishing campaign
HighNot Without My AI Agent: Models Break Rules to Save Peers
High A week in security (March 30 – April 5)
HighWeaponizing Fear: Iran Conflict-Themed Phishing Uses Fake Emergency Alerts
HighMissile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
HighAutomated Credential Harvesting Campaign Exploits React2Shell Flaw
HighYour chatbot is playing a character - why Anthropic says that's dangerous
HighBKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
HighKimwolf Botnet Swamps Anonymity Network I2P
High‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
HighWho is the Kimwolf Botmaster “Dort”?
HighHow AI Assistants are Moving the Security Goalposts
HighIran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
HighFeds Disrupt IoT Botnets Behind Huge DDoS Attacks
High‘CanisterWorm’ Springs Wiper Attack Targeting Iran
HighGermany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
HighIT talent looks the other way as wireless security incidents pile up
HighResidential proxies make a mockery of IP-based defenses
HighTraffic violation scams switch to QR codes in new phishing texts
HighSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91
HighHackers exploit React2Shell in automated credential theft campaign
HighLatest BreachForums Reboot Tied to Fake ShinyHunters Admin
HighImage or Malware? Read until the end and answer in comments :)
High36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
HighUNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
HighDevice code phishing attacks surge 37x as new kits spread online
High That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords
HighWhen an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications
HighLinkedIn secretely scans for 6,000+ Chrome extensions, collects data
HighShinyHunters Claims Rebooted BreachForums Now More Secure
HighOne-Time Passcodes Are Gateway for Financial Fraud Attacks
HighCrystalX RAT: new MaaS malware combines spyware, stealer, and remote access
HighTeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
HighUNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
HighMicrosoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
HighChina-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
HighAndroid Alert: 50 Google Play Apps Linked to ‘NoVoice’ Malware Reached 2.3M Downloads
HighAI Future: The Leading International AI and Web3 Forum to Take Place in April
HighAI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data
HighNorth Korean Hackers Abuse GitHub to Spy on South Korean Firms
HighEvolution of Ransomware: Multi-Extortion Ransomware Attacks
HighUkraine warns Russian hackers are revisiting past breaches to prepare new attacks
HighNew SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
HighClaude Code leak used to push infostealer malware on GitHub
HighWhat Happens When Data Centers Become Military Targets?
HighThe AI Security Compliance Gap: Fighting Polymorphic Phishing While Staying Regulatory Ready
High[Video] The TTP Ep 21: When Attackers Become Trusted Users
HighThe democratisation of business email compromise fraud
HighThreat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing
HighStorm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
HighMicrosoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs
HighBank Trojan 'Casbaneiro' Worms Through Latin America
HighSoftware supply chain hacks trigger wave of intrusions, data theft
HighThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
MediumSmashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
MediumMore Honeypot Fingerprinting Scans, (Wed, Apr 8th)
MediumGoogle study finds LLMs are embedded at every stage of abuse detection
MediumHow often are redirects used in phishing in 2026?, (Mon, Apr 6th)
MediumWhich messaging app takes the most limited approach to permissions on Android?
InformationalFrom the field to the report and back again: How incident responders can use the Year in Review
InformationalAI-powered Network Security at the Mobile World Congress 2026 SNOC
InformationalMobile World Congress 2026: AI-powered Network Security
InformationalMallory brings contextual threat intelligence to security operations
InformationalWebinar: From noise to signal - What threat actors are targeting next
InformationalThreat Actors Get Crafty With Emojis to Escape Detection
InformationalWhy Claude Mythos Shifts Focus From Finding to Fixing Bugs
InformationalFinancial cyberthreats in 2025 and the outlook for 2026
InformationalISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
InformationalYear in Review: Vulnerabilities old and new and something React2
InformationalTalos Takes: 2025's ransomware trends and zombie vulnerabilities
InformationalHuman vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
InformationalRSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
InformationalISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
InformationalHow Mimecast brings enterprise-grade email protection to API deployment
InformationalCensys Raises $70M to Advance AI-Driven Threat Intelligence
Informational Killer robots are here. Now what? (Lock and Code S07E07)
InformationalISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
InformationalPicking Up 'Skull Vibrations'? Could Be XR Headset Authentication
InformationalAI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech
InformationalISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
InformationalGeopolitics, AI, and Cybersecurity: Insights From RSAC 2026

⚠️ Vulnerability (81)

CriticalHackers exploiting Acrobat Reader zero-day flaw since December
CriticalAdobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
CriticalCISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
CriticalU.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
Critical[webapps] Horilla v1.3 - RCE
Critical[webapps] FortiWeb 8.0.2 - Remote Code Execution
Critical‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices
CriticalFlatpak 1.16.4 fixes sandbox escape and three other security flaws
CriticalHackers exploit critical flaw in Ninja Forms WordPress plugin
CriticalAttackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution
CriticalMilking the last drop of Intego - Time for Windows to get its LPE
CriticalGrafanaGhost Vulnerability Allows Data Theft via AI Injection
CriticalMax severity Flowise RCE vulnerability now exploited in attacks
CriticalExperts published unpatched Windows zero-day BlueHammer
CriticalU.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog
CriticalFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
CriticalNew GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
CriticalFortinet Issues Emergency Patch for FortiClient Zero-Day
CriticalNew GPUBreach attack enables system takeover via GPU rowhammer
CriticalNew Fortinet Flaw Allows Unauthorized Access to Enterprise Systems
CriticalAttackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
Critical[webapps] WBCE CMS 1.6.4 - Remote Code Execution
Critical[webapps] Zhiyuan OA - arbitrary file upload leading
Critical[webapps] ASP.net 8.0.10 - Bypass
Critical[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Critical[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
CriticalAttackers Target Zero-Day Flaw in Fortinet Security Software
CriticalCISA orders feds to patch exploited Fortinet EMS flaw by Friday
CriticalCVE-2026-35616: Fortinet fixes actively exploited high-severity flaw
CriticalPatch Tuesday, February 2026 Edition
CriticalNew FortiClient EMS flaw exploited in attacks, emergency patch released
CriticalFortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
CriticalFortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
CriticalApple Breaks Precedent, Patches DarkSword for iOS 18
CriticalCisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
CriticalPatch Now: Chrome Flaw Under Active Attack, Google Confirms
CriticalCisco fixed critical and high-severity flaws
CriticalCisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
CriticalHackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
CriticalHitachi Energy Ellipse
HighClaude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
HighIntent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
HighBlueHammer: Windows zero-day exploit leaked
High[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
High[local] SQLite 3.50.1 - Heap Overflow
High[webapps] xibocms 3.3.4 - RCE
High[local] 7-Zip 24.00 - Directory Traversal
HighCracks in the Bedrock: Agent God Mode
High13-year-old bug in ActiveMQ lets hackers remotely execute commands
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighAnthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
HighGrafana Patches AI Bug That Could Have Leaked User Data
HighMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
HighCracks in the Bedrock: Escaping the AWS AgentCore Sandbox
HighDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
HighMitsubishi Electric GENESIS64 and ICONICS Suite products
High[webapps] WordPress Madara - Local File Inclusion
High[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
High[webapps] Grafana 11.6.0 - SSRF
High[local] Windows Kernel - Elevation of Privilege
High[local] is-localhost-ip 2.0.0 - SSRF
HighZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
HighZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
HighZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
HighZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighMicrosoft Patch Tuesday, March 2026 Edition
HighU.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog
HighA Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code Execution
HighCISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
High Apple expands “DarkSword” patches to iOS 18.7.7
HighAttempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
HighMultiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution
HighMultiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code Execution
HighZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
HighZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
HighZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
HighOpenSSH 10.3 patches five security bugs and drops legacy rekeying support
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighSiemens SICAM 8 Products
LowYokogawa CENTUM VP

Daily breach, advisory, and vulnerability briefs publish every weekday.

View Live Breach Feed ← All Weekly Digests