HomeWeekly DigestsThis Week
LiveThreat Threat Intelligence

Weekly Threat Intelligence Digest — Apr 06 to Apr 13, 2026

Weekly threat intelligence digest from 406 items (6 critical, 4 high).

📅 April 13, 2026 📊 406 articles analyzed
LIVETHREAT WEEKLY THREAT DIGEST April 06 – April 13, 2026 This week the data reinforced a shift we’ve been tracking: breaches are no longer driven by isolated software flaws, they’re ignited by compromised trusted third parties that wield privileged access. From a North‑Korean social‑engineering campaign that hijacked Drift’s admin council, to a Trivy scanner breach that exposed Cisco source code, and AI‑assisted exfiltration tooling that stole millions of Mexican records, the common thread is clear: the supply‑chain is the new attack surface. 👉 Access — not vulnerability — is now the primary risk driver 🚨 EXECUTIVE RISK SNAPSHOT * Supply‑chain entry points dominate → MSPs, SaaS admin consoles, CI/CD scanners, and OT device firmware were the primary compromise paths. * Privileged access amplifies impact → A single hijacked admin account enabled ransomware on 300+ servers and $280 M crypto theft; credential theft at Bitcoin Depot and Okta exposed high‑value payment processors. * Blind‑spot assets remain untracked → Cloud‑hosted AI platforms, third‑party SDKs, and OT/IoT devices are often missing from TPRM inventories, creating hidden downstream exposure. 🔍 WHAT CHANGED THIS WEEK * AI code assistants (Claude Code, GPT‑4.1) were weaponized to automate credential harvesting and massive data exfiltration. * Critical zero‑days (Adobe Acrobat Reader CVE‑2026‑34621, Fortinet FortiClient EMS CVE‑2026‑35616, Flowise CVE‑2025‑59528) were observed exploited in the wild before patches were available. * Third‑party development tools and scanners (Trivy, CPUID, EngageLab SDK) became infection vectors, delivering RATs and ransomware payloads to downstream customers. * Ransomware operators (Storm‑1175, Medusa) shifted to high‑velocity attacks on Managed Service Providers, leveraging both zero‑days and stolen admin credentials for rapid enterprise spread. 🎯 WHERE YOU ARE MOST LIKELY EXPOSED * API providers and integration platforms – Drift, Anodot, Snowflake, Grafana AI, Flowise. * Cloud hosting and SaaS admin consoles – Okta, Zendesk, Azure AD, Google Workspace. * Endpoint security and document handling – Adobe Reader, FortiClient, Intego, CPU‑Z/HWMonitor downloads. * OT and critical‑infrastructure devices – Rockwell/Allen‑Bradley PLCs, Venice flood‑pump SCADA, Contemporary Controls BASC 20T. * AI‑enabled services – Anthropic Claude Mythos, OpenAI tools, AI‑driven phishing kits. ⚡ WHAT TPRM LEADERS SHOULD DO THIS WEEK 1. Map vendor‑of‑vendor dependencies • Request full sub‑processor inventories from top‑tier vendors. 👉 Ask: “Which third‑party services have administrative or API access to your environment?” 2. Validate privileged access controls on all third‑party accounts • Verify MFA enforcement, least‑privilege scopes, and session‑time limits for SaaS admin users. #Cybersecurity #TPRM #VendorRisk #SupplyChainSecurity #ThreatIntel #LiveThreat #VerisqAI

📋 Articles Referenced in This Digest 406 items

📋 Advisory (128)

HighYour Next Breach Will Look Like Business as Usual
HighPentagon Memo Blasted Anthropic for PR Campaign
HighYour router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now
HighUK government threatens tech bosses with jail time if they do not adequately fight nudification tools
HighSenator launches inquiry into 8 tech giants for failures to adequately report CSAM
HighThe Mythos Inflection Point: Dealing With the Upcoming Vulnerability Disclosure Avalanche and Compressed Exploitation Window
HighOn Microsoft’s Lousy Cloud Security
HighMicrosoft suspends dev accounts for high-profile open source projects
HighAI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
HighIranian cyber activity hits US energy, water, and government networks
HighCIA director quietly elevated agency’s cyber espionage division
HighFeds Are Still Assessing Proposed HIPAA Security Rule Update
HighU.S. agencies alert: Iran-linked actors target critical infrastructure PLCs
HighTrump’s Proposed CISA Cuts Spark Alarm Among Cybersecurity Experts
High6G network design puts AI at the center of spectrum, routing, and fault management
HighMajor outage cripples Russian banking apps and metro payments nationwide
HighHong Kong Police Can Force You to Reveal Your Encryption Keys
HighCybersecurity in the Age of Instant Software
High[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
HighNational security veterans warn against delays in FISA 702 reauthorization
HighAnthropic Calls Its New Model Too Dangerous to Release
HighNew FBI Warning: Chinese Apps Could Expose User Data
HighCloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day
HighNew Mexico’s Meta Ruling and Encryption
HighBig tech vows to continue CSAM scanning in Europe despite expiration of law allowing it
HighTrump's Budget Proposal Would Slash CISA After Bruising Year
HighShadow AI in Healthcare Is Here to Stay
HighWhy Simple Breach Monitoring is No Longer Enough
MediumGoogle Chrome Update Disrupts Infostealer Cookie Theft
MediumStudies: Banks Penalize Bad Cybersecurity With Higher Rates
MediumApril 2026 Patch Tuesday forecast: Spring-cleaning of a preview
MediumFCC proposes new rule to further crackdown on illegal robocalls
MediumMeta’s Muse Spark takes AI a step closer to personal superintelligence
MediumTreasury Department announces crypto industry cyber threat sharing initiative
Medium Your extensions leak clues about you, so we made sure Browser Guard doesn’t
MediumWhy you shouldn't buy cheap DisplayPort cables - the 'Death Pin' can put your GPU at serious risk
MediumAndroid users can get up to $100 each from this class action suit - see if you're eligible
MediumShrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
MediumOpenSSL 3.6.2 lands with eight CVE fixes
MediumWhat managing partners should ask AI vendors before signing any contract
MediumThe Hidden Cost of Recurring Credential Incidents
Medium‘Stop Texting’: FBI Warning Drives Apple’s iPhone Messaging Update
MediumWhy Your Automated Pentesting Tool Just Hit a Wall
MediumMicrosoft fixes Classic Outlook bug causing email delivery issues
MediumApple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users
MediumFirst stalkerware maker prosecuted since 2014 receives no jail time
InformationalThe fully free Linux OS Trisquel gets a major update with version 12.0 Ecne
LowThe best AR and MR glasses in 2026: Expert tested and reviewed
LowI used this EcoFlow battery to run my 3,000-sq-ft home in a blackout - here's how it kept my AC on
Low'Finally, a boomless headset for the office': How Jabra made headphones I'd take to a boardroom
LowChatGPT rolls out new $100 Pro subscription to challenge Claude
InformationalCrowdStrike Tests Claude Mythos for Vulnerability Detection
LowFriday Squid Blogging: Squid Overfishing in the South Pacific
LowI'm no longer using Google Photos as just a cloud storage - 5 tools that elevate the app
LowYouTube Premium's price goes up to $15.99 in June - but you can save $32 with one change
LowMicrosoft's Windows Insider Program is no longer a confusing mess
InformationalApiiro CLI turns AI coding assistants into full-stack security engineers
LowTo counter cookie theft, Chrome ships device-bound session credentials
InformationalGmail’s end-to-end encryption comes to mobile, no extra apps required
InformationalTurning Military Experience Into Cyber Advantage
LowGoogle Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
LowNew infosec products of the week: April 10, 2026
InformationalProduct showcase: Session, a messenger without phone numbers or metadata
InformationalWhat vibe hunting gets right about AI threat hunting, and where it breaks down
InformationalGoogle Chrome adds infostealer protection against session cookie theft
InformationalThe agentic SOC—Rethinking SecOps for the next decade
InformationalCourt Backs Pentagon Anthropic Ban - But the Fight Continues
InformationalInside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100
InformationalPowering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time
InformationalThe best business VoIP services in 2026: Expert tested and reviewed
InformationalI asked 5 data leaders about how they use AI to automate - and end integration nightmares
InformationalThe best dedicated web hosting of 2026: Expert tested and reviewed
LowI use ChatGPT's new Tubi app to find free movies and TV shows to watch - here's how
LowApple's iOS 26.4.1 update enables Stolen Device Protection by default now - grab it today
LowWhatsApp brings long-awaited privacy feature to filter who can reach you
LowAdvenica’s File Scanner Kiosk scans USB media for malware
InformationalIntruder expands cloud security with agentless container image scanning
InformationalOPSWAT adds predictive AI engine to MetaDefender for pre-execution threat detection
InformationalClaude Managed Agents bring execution and control to AI agent workflows
Informational12 Best Practices for Securing AWS Cloud in 2026
InformationalScaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization
InformationalNumber Usage in Passwords: Take Two, (Thu, Apr 9th)
InformationalISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
LowGot an old Kindle? How to resurrect your e-reader with new books
LowHow to add EPUB, MOBI, and PDF files to your Kindle - follow my easy step-by-step
LowHow to quickly convert EPUB files to Kindle format - and why it matters
LowWhy I stopped using 'Modern Standby' on my Windows laptop to save battery overnight
InformationalAsqav: Open-source SDK for AI agent governance
InformationalData Optimization in Security: A Splunk Architect’s Perspective
InformationalArchitecting for Margin Beyond the Initial Sale
InformationalWhy Operationalizing AI Security Is the Next Great Enterprise Hurdle
LowThe 10 most popular products ZDNET readers bought last month (including a tiny storage option)
LowAmazon is ending support for 8 Kindle models next month: Is yours on the list?
InformationalSecureframe expands Comply with User Access Reviews for automated governance
InformationalTrellix strengthens data security for the GenAI era
LowMicrosoft rolls out fix for broken Windows Start Menu search
InformationalIs a $30,000 GPU Good at Password Cracking?
LowGoogle Chrome's vertical tabs are here: How to opt in and use the new Reading Mode
LowPebblebee Halo vs. AirTag: One of these trackers has a 130dB siren and strobe light
LowCybersecurity jobs available right now: April 8, 2026
LowWeekly Update 498
InformationalSignals from the Cloud Security Forecast 2026: Cloud Risk Is Scaling through Design, Not Disruption
InformationalSimplify Your Approach to Securing OT Networks
InformationalNew eSentire CEO Pursues AI-Driven Managed Security Shift
InformationalCloudflare targets 2029 for full post-quantum security
Informational🎙️SECURITY.COM The Podcast: A Brief History of Data Loss Prevention
InformationalLies, Damned Lies, and Cybersecurity Metrics
InformationalAsus' latest flagship laptop competes with the MacBook Air, but not how you'd think
LowI tried Google Photos' new AI Enhance tool: How it crops, relights, and fixes your shots - sometimes
LowLove window snapping on Linux? You should try a tiling window manager - here's why
InformationalApple, Google, and Microsoft join Anthropic's Project Glasswing to defend world's most critical software
InformationalOpenAI opens applications for an external AI safety research fellowship
InformationalComp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
InformationalGitHub Copilot CLI gets a second-opinion feature built on cross-model review
InformationalAcronis MDR by TRU brings 24/7 managed detection and response to MSPs
LowSamsung's latest TV firmware update fixes the Chromecast issue for older models - finally
InformationalThe case for fixing CWE weakness patterns instead of patching one bug at a time
LowSamsung to Shut Down Its Messaging App, Switch to Google Messages in July
LowGoogle Wants to Transition to Post-Quantum Cryptography by 2029
InformationalWhy Every Enterprise Needs a Risk Operations Center (ROC)
InformationalWhy Security Researchers and Red Teams Are Turning to Workflow Automation
InformationalCloudflare Targets WordPress With New AI-Powered EmDash CMS
InformationalOWASP GenAI Security Project Gets Update, New Tools Matrix
InformationalHow much RAM does Linux really need in 2026? My sweet spot after decades of use
LowWhy Microsoft is forcing Windows 11 25H2 update on all eligible PCs
InformationalI used a single power station to keep my off-grid cabin running - how it all worked out
InformationalI tested Gemini on Android Auto and now I can't stop talking to it: 5 tasks it nails
LowMicrosoft removes Support and Recovery Assistant from Windows

🔓 Breach (31)

CriticalHackers claim control over Venice San Marco anti-flood pumps
CriticalHacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
CriticalThe alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
CriticalTeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
CriticalDrift $280M crypto theft linked to 6-month in-person operation
HighSecurity Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION
HighHallmark - 1,736,520 breached accounts
HighShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
HighHims Breach Exposes the Most Sensitive Kinds of PHI
HighPoisoned “Office 365” search results lead to stolen paychecks
HighBitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
HighUNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
HighMassive Data Breach Exposes 337K LAPD-Linked Records
HighEurail data breach impacted 308,777 people
High113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
HighHackers steal $3.6 million from crypto ATM giant Bitcoin Depot
HighEurail says December data breach impacts 300,000 individuals
HighWhen attackers already have the keys, MFA is just another door to open
HighCryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack
High 30,000 private Facebook images allegedly downloaded by Meta employee
High NSFW app leak exposes 70,000 prompts linked to individual users
HighSignature Healthcare hit by cyberattack, services and pharmacies impacted
HighMinnesota governor sends national guard to county after cyberattack
HighBreach exposes sensitive LAPD files stored in city attorney system
HighPassport numbers for more than 300,000 leaked during December Eurail data breach
HighSnowflake customers hit in data theft attacks after SaaS integrator breach
HighMy Lovely AI - 106,271 breached accounts
HighMass. Hospital Diverting Ambulances as It Deals With Attack
High Support platform breach exposes Hims & Hers customer data
HighCyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands
HighNorth Korean Hackers Pose as Trading Firm to Steal $285M from Drift

💀 Ransomware (10)

CriticalChina-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
HighRansomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium
HighHealthcare IT solutions provider ChipSoft hit by ransomware attack
HighStorm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure
HighStorm-1175 Deploys Medusa Ransomware at 'High Velocity'
HighGerman authorities identify REvil and GandCrab ransomware bosses
HighBKA unmasks two REvil Ransomware operators behind 130+ German attacks
HighMedusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says
HighMicrosoft links Medusa ransomware affiliate to zero-day attacks
HighQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

🕵️ ThreatIntel (159)

Critical‘It reads like a spy novel’: $280 million theft from Drift involved North Korean fake companies, cutouts
CriticalAdobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs
CriticalAcrobat Reader zero-day exploited in the wild for many months
HighFBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace
HighCPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
HighCensys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
HighFBI Recovers Deleted Signal Messages Through iPhone Notifications
HighAI and cryptocurrency scams are costing Americans billions, FBI reports
HighOver 20,000 crypto fraud victims identified in international crackdown
HighProject Glasswing Just Made Your Security Playbook Obsolete
High ClickFix finds a new way to infect Macs
High Fake Claude site installs malware that gives attackers access to your computer
HighGraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
HighAndroid Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
HighGlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
High[Video] The TTP Ep. 22: The Collapse of the Patch Window
HighAI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech
HighCan Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?
HighClickFix campaign delivers Mac malware via fake Apple page
HighMicrosoft: Canadian employees targeted in payroll pirate attacks
HighCPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
HighAnalysis of one billion CISA KEV remediation records exposes limits of human-scale security
HighNearly 4,000 US industrial devices exposed to Iranian cyberattacks
HighUK says it exposed Russian submarine activity near undersea cables
HighFlorida investigates OpenAI for role ChatGPT may have played in deadly shooting
HighUAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions
HighObfuscated JavaScript or Nothing, (Thu, Apr 9th)
HighBackdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
HighBrowser Extensions Are the New AI Consumption Channel That No One Is Talking About
HighRussia's 'Fancy Bear' APT Continues Its Global Onslaught
HighNew VENOM phishing attacks steal senior executives' Microsoft logins
HighNew ‘LucidRook’ malware used in targeted attacks on NGOs, universities
HighBug Management in the Mythos Era: 'Assume You're Unpatched'
HighMythos and Like AI Tools Raise Stakes for Healthcare Cyber
HighBreach Roundup: German Police Expose REvil, GandCrab Boss
High Scammers pose as Amazon support to steal your account
HighNew Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts
HighMasjesu botnet targets IoT devices while evading high-profile networks
HighUAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
HighFrom Tax Refund to Total Compromise: IRS-Themed Phishing Email Drives Full-Stack Financial Fraud
HighSmart Slider updates hijacked to push malicious WordPress, Joomla versions
HighCybercriminals target accountants to drain Russian firms’ bank accounts
HighRussia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine
HighInvestigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
HighZero Days for the Masses: Mythos Presages Exploit Tsunami
High This fake Windows support website delivers password-stealing malware
HighInternet-Exposed ICS Devices Raise Alarm for Critical Sectors
HighNew macOS Malware notnullOSX Targets Crypto Wallets Over $10K
HighAnthropic Leak and Mercor AI Attack: Takeaways for Enterprise AI Security
HighThe long road to your crypto: ClipBanker and its marathon infection chain
HighBitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
HighThe Hidden Security Risks of Shadow AI in Enterprises
HighRussia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
HighPrompt injection tags along as GenAI enters daily government use
HighPhishers sneak through using GitHub and Jira’s own mail delivery infrastructure
HighAI agent intent is a starting point, not a security strategy
HighNew macOS stealer campaign uses Script Editor in ClickFix attack
HighGoogle: New UNC6783 hackers steal corporate Zendesk support tickets
HighHackers use pixel-large SVG trick to hide credit card stealer
HighTikTok removes covert networks ahead of Hungary vote as disinformation concerns grow
HighThe Expanding Role of Cyberattacks in Modern Conflicts
HighAI Is Accelerating Cyberattacks Faster Than Defenses
HighISMG Editors: Anthropic Bug Finder Sparks Zero-Day Dread
HighOT Cybersec Sector Frets Anthropic Will Leave It Behind
HighRussia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics
HighPython Supply-Chain Compromise
HighAPT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
HighMasjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
HighNew Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
High Russian hacking group targets home and small office routers to spy on users
HighNew Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
HighNew Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing
HighNew ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto
HighRussian Forest Blizzard Hackers Hijack Home Routers for Global Spying
HighOperation Masquerade: FBI Disrupts Russian Router Hacking Campaign
HighIranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
HighFraud Rockets Higher in Mobile-First Latin America
HighUnderstanding and Anticipating Venezuelan Government Actions
HighChaos malware expands from routers to Linux cloud servers
HighSocial engineering attacks on open source developers are escalating
HighTwo prominent Egyptian journalists targeted with elaborate spearphishing campaign
HighThe Growing Abuse of GitHub and GitLab in Phishing Campaigns
HighProject Glasswing powered by Claude Mythos: defending software before hackers do
HighIran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
HighN. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
HighCybercrime losses break the $20 billion mark
HighAnthropic’s new AI model finds and exploits zero-days across every major OS and browser
HighCybercriminals move deeper into networks, hiding in edge infrastructure
HighFBI: Americans lost a record $21 billion to cybercrime last year
HighSOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
HighFast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
HighAPT28 exploit routers to enable DNS hijacking operations
HighUK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks
HighOver 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
HighRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
HighUK exposes Russian cyber unit hacking home routers to hijack internet traffic
HighMassachusetts hospital turning ambulances away after cyberattack
HighFBI, Pentagon warn of Iran hacking groups targeting operational technology
HighIranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
HighUS Critical Infrastructure Facing Iranian-Linked OT Threats
HighThe Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
HighAI Agents and Non-Human Identities Creating Critical Security Gaps, Report
HighA Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
HighLife imprisonment for Cambodian scam compound operators – but will it make a difference?
HighRussia Hacked Routers to Steal Microsoft Office Tokens
HighAI-enabled device code phishing campaign exploits OAuth flow for account takeover
HighRussian hackers hijack internet traffic using vulnerable routers
HighAuthorities disrupt router DNS hijacks used to steal Microsoft 365 logins
HighUS warns of Iranian hackers targeting critical infrastructure
High Traffic violation scams swap links for QR codes to steal your card details
HighGPUBreach exploit uses GPU memory bit-flips to achieve full system takeover
HighAxios Attack Shows Social Complex Engineering Is Industrialized
HighAI-Assisted Supply Chain Attack Targets GitHub
HighDisgruntled researcher leaks “BlueHammer” Windows zero-day exploit
HighPhishing LNK files and GitHub C2 power new DPRK cyber attacks
HighUnderstanding Current Threats to Kubernetes Environments
HighHow LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
High⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
HighMulti-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
HighDPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
HighIran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
HighGerman police unmask two suspects linked to REvil ransomware gang
HighFBI: Cyber fraud surges to $17.6 billion in losses as scams, crypto theft soar
HighStorm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
HighInside an AI‑enabled device code phishing campaign
HighNot Without My AI Agent: Models Break Rules to Save Peers
High A week in security (March 30 – April 5)
HighWeaponizing Fear: Iran Conflict-Themed Phishing Uses Fake Emergency Alerts
HighMissile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
HighAutomated Credential Harvesting Campaign Exploits React2Shell Flaw
HighYour chatbot is playing a character - why Anthropic says that's dangerous
HighBKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
MediumTearing down a car telematic unit (and finding an accident on Facebook)
MediumSmashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
MediumMore Honeypot Fingerprinting Scans, (Wed, Apr 8th)
MediumGoogle study finds LLMs are embedded at every stage of abuse detection
MediumHow often are redirects used in phishing in 2026?, (Mon, Apr 6th)
InformationalSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92
InformationalGlassWorm evolves with Zig dropper to infect multiple developer tools
InformationalGoogle rolls out Gmail end-to-end encryption on mobile devices
InformationalPanorama del cibercrimen en América Latina y el Caribe
InformationalMallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
InformationalFrom the field to the report and back again: How incident responders can use the Year in Review
InformationalAI-powered Network Security at the Mobile World Congress 2026 SNOC
InformationalMobile World Congress 2026: AI-powered Network Security
InformationalMallory brings contextual threat intelligence to security operations
InformationalWebinar: From noise to signal - What threat actors are targeting next
InformationalThreat Actors Get Crafty With Emojis to Escape Detection
InformationalWhy Claude Mythos Shifts Focus From Finding to Fixing Bugs
InformationalFinancial cyberthreats in 2025 and the outlook for 2026
InformationalISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
InformationalYear in Review: Vulnerabilities old and new and something React2
InformationalTalos Takes: 2025's ransomware trends and zombie vulnerabilities
InformationalHuman vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
InformationalRSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
InformationalISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
InformationalHow Mimecast brings enterprise-grade email protection to API deployment
InformationalCensys Raises $70M to Advance AI-Driven Threat Intelligence
Informational Killer robots are here. Now what? (Lock and Code S07E07)

⚠️ Vulnerability (78)

CriticalAdobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
CriticalCritical Marimo pre-auth RCE flaw now under active exploitation
CriticalWeek in review: Windows zero-day exploit leaked, Patch Tuesday forecast
CriticalAdobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
CriticalCVE-2026-39987: Marimo RCE exploited in hours after disclosure
CriticalEngageLab SDK flaw opens door to private data on 50M Android devices
CriticalMarimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
Critical'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
CriticalHackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet
CriticalMalicious PDF reveals active Adobe Reader zero-day in the wild
Critical[webapps] React Server 19.2.0 - Remote Code Execution
CriticalThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
CriticalEngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
CriticalContemporary Controls BASC 20T
CriticalHackers exploiting Acrobat Reader zero-day flaw since December
CriticalAdobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
CriticalCISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
CriticalU.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
Critical[webapps] Horilla v1.3 - RCE
Critical[webapps] FortiWeb 8.0.2 - Remote Code Execution
Critical‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices
CriticalFlatpak 1.16.4 fixes sandbox escape and three other security flaws
CriticalHackers exploit critical flaw in Ninja Forms WordPress plugin
CriticalAttackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution
CriticalMilking the last drop of Intego - Time for Windows to get its LPE
CriticalGrafanaGhost Vulnerability Allows Data Theft via AI Injection
CriticalMax severity Flowise RCE vulnerability now exploited in attacks
CriticalExperts published unpatched Windows zero-day BlueHammer
CriticalU.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog
CriticalFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
CriticalNew GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
CriticalFortinet Issues Emergency Patch for FortiClient Zero-Day
CriticalNew GPUBreach attack enables system takeover via GPU rowhammer
CriticalNew Fortinet Flaw Allows Unauthorized Access to Enterprise Systems
CriticalAttackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
Critical[webapps] WBCE CMS 1.6.4 - Remote Code Execution
Critical[webapps] Zhiyuan OA - arbitrary file upload leading
Critical[webapps] ASP.net 8.0.10 - Bypass
Critical[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Critical[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
CriticalAttackers Target Zero-Day Flaw in Fortinet Security Software
CriticalCISA orders feds to patch exploited Fortinet EMS flaw by Friday
CriticalCVE-2026-35616: Fortinet fixes actively exploited high-severity flaw
High[webapps] D-Link DIR-650IN - Authenticated Command Injection
High[local] NetBT e-Fatura - Privilege Escalation
HighMicrosoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed
HighIndustrial Controllers Still Vulnerable As Conflicts Move to Cyber
HighClaude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
High[local] ZSH 5.9 - RCE
High[webapps] Jumbo Website Manager - Remote Code Execution
High[webapps] RomM 4.4.0 - XSS_CSRF Chain
HighGPL Odorizers GPL750
HighClaude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
HighIntent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
HighBlueHammer: Windows zero-day exploit leaked
High[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
High[local] SQLite 3.50.1 - Heap Overflow
High[webapps] xibocms 3.3.4 - RCE
High[local] 7-Zip 24.00 - Directory Traversal
HighCracks in the Bedrock: Agent God Mode
High13-year-old bug in ActiveMQ lets hackers remotely execute commands
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighAnthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
HighGrafana Patches AI Bug That Could Have Leaked User Data
HighMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
HighCracks in the Bedrock: Escaping the AWS AgentCore Sandbox
HighDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
HighMitsubishi Electric GENESIS64 and ICONICS Suite products
High[webapps] WordPress Madara - Local File Inclusion
High[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
High[webapps] Grafana 11.6.0 - SSRF
High[local] Windows Kernel - Elevation of Privilege
High[local] is-localhost-ip 2.0.0 - SSRF
HighZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
HighZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
HighZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
HighZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
HighCISA Adds One Known Exploited Vulnerability to Catalog

Daily breach, advisory, and vulnerability briefs publish every weekday.

View Live Breach Feed ← All Weekly Digests