https://www.reddit.com/r/cybersecurity/comments/1shgbfp/ideas_for_a_simple_usb_attack_demo_for_class/ ThreatAft en 2026-04-10T08:09:58.000Z Ideas for a simple USB “attack” demo (for class) https://thehackernews.com/2026/04/google-rolls-out-dbsc-in-chrome-146-to.html ThreatAft en 2026-04-10T07:58:00.000Z Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows https://www.securityweek.com/google-rolls-out-cookie-theft-protections-in-chrome/ ThreatAft en 2026-04-10T07:50:00.000Z Google Rolls Out Cookie Theft Protections in Chrome https://www.securityweek.com/microsoft-finds-vulnerability-exposing-millions-of-android-crypto-wallet-users/ ThreatAft en 2026-04-10T07:33:16.000Z Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users https://www.helpnetsecurity.com/2026/04/10/april-2026-patch-tuesday-forecast/ ThreatAft en 2026-04-10T07:22:04.000Z April 2026 Patch Tuesday forecast: Spring-cleaning of a preview https://www.reddit.com/r/cybersecurity/comments/1shf24u/is_there_a_course_or_a_roadmap_related_to_soc/ ThreatAft en 2026-04-10T06:55:44.000Z Is there a course or a roadmap related to SOC Engineering. https://isc.sans.edu/diary/rss/32884 ThreatAft en 2026-04-10T06:40:46.000Z Obfuscated JavaScript or Nothing, (Thu, Apr 9th) https://thehackernews.com/2026/04/backdoored-smart-slider-3-pro-update.html ThreatAft en 2026-04-10T06:28:00.000Z Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers https://www.reddit.com/r/cybersecurity/comments/1shds1f/hack_town_forum_to_return_april_13th/ ThreatAft en 2026-04-10T05:42:36.000Z Hack Town forum to return April 13th https://www.reddit.com/r/cybersecurity/comments/1shdny9/github_momenbaselhtbwriteups_the_most/ ThreatAft en 2026-04-10T05:36:07.000Z GitHub - momenbasel/htb-writeups: The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, skill trees, attack path diagrams, ProLabs, Sherlocks, OSCP/CPTS/CRTO prep. Browse: momenbasel.github.io/htb-writeups https://www.helpnetsecurity.com/2026/04/10/aqsa-taylor-exaforce-vibe-hunting/ ThreatAft en 2026-04-10T05:30:50.000Z What vibe hunting gets right about AI threat hunting, and where it breaks down https://www.helpnetsecurity.com/2026/04/10/health-insurance-lead-generation-privacy/ ThreatAft en 2026-04-10T05:00:30.000Z Health insurance lead sites sell personal data within seconds of form submission https://www.reddit.com/r/netsec/comments/1shcqyf/slipping_up_slippi_with_spectator_rce/ ThreatAft en 2026-04-10T04:45:58.000Z Slipping up Slippi with spectator RCE https://www.helpnetsecurity.com/2026/04/10/product-showcase-session-a-messenger-without-phone-numbers-or-metadata/ ThreatAft en 2026-04-10T04:30:54.000Z Product showcase: Session, a messenger without phone numbers or metadata https://www.helpnetsecurity.com/2026/04/10/new-infosec-products-of-the-week-april-10-2026/ ThreatAft en 2026-04-10T04:00:32.000Z New infosec products of the week: April 10, 2026 https://www.reddit.com/r/cybersecurity/comments/1shai5n/recycled_phone_numbers_pose_a_major_security_risk/ ThreatAft en 2026-04-10T02:54:20.000Z Recycled phone numbers pose a major security risk today and should not be tolerated despite their downsides. https://www.reddit.com/r/cybersecurity/comments/1shahe3/describe_a_vulnerability_ai_spins_up_the_lab/ ThreatAft en 2026-04-10T02:53:19.000Z Describe a vulnerability → AI spins up the lab https://www.reddit.com/r/cybersecurity/comments/1sh8on7/free_cert_readiness_calculator_for_security_certs/ ThreatAft en 2026-04-10T01:31:46.000Z Free cert readiness calculator for security certs — domain-weighted scoring https://www.reddit.com/r/cybersecurity/comments/1sh7r71/made_a_site_for_cybersecurity_insights_feedback/ ThreatAft en 2026-04-10T00:50:22.000Z Made a site for cybersecurity insights (feedback wanted) https://www.bleepingcomputer.com/news/security/new-lucidrook-malware-used-in-targeted-attacks-on-ngos-universities/ ThreatAft en 2026-04-09T22:04:31.000Z New ‘LucidRook’ malware used in targeted attacks on NGOs, universities https://www.bleepingcomputer.com/news/security/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/ ThreatAft en 2026-04-09T21:37:04.000Z New VENOM phishing attacks steal senior executives' Microsoft logins https://www.reddit.com/r/cybersecurity/comments/1sh31gt/security_engineer_role_is_it_for_me/ ThreatAft en 2026-04-09T21:32:58.000Z Security engineer role, is it for me? https://cyberscoop.com/iran-attackers-industrial-ot-government-energy-water-censys/ ThreatAft en 2026-04-09T21:29:16.000Z Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs https://cyberscoop.com/quantum-computing-industry-timeline-threat-accelerating/ ThreatAft en 2026-04-09T21:05:40.000Z Why is the timeline to quantum-proof everything constantly shrinking? https://www.reddit.com/r/cybersecurity/comments/1sh2am9/can_i_get_a_sec_in_15_months/ ThreatAft en 2026-04-09T21:04:29.000Z Can I get a Sec+ in 1.5 months? https://www.darkreading.com/threat-intelligence/russias-fancy-bear-apt-continues-global-onslaught ThreatAft en 2026-04-09T20:50:37.000Z Russia's 'Fancy Bear' APT Continues Its Global Onslaught https://www.reddit.com/r/cybersecurity/comments/1sh1pi4/cybersecurity_statistics_of_the_week_march_30th/ ThreatAft en 2026-04-09T20:42:15.000Z Cybersecurity statistics of the week (March 30th - April 5th) https://www.reddit.com/r/cybersecurity/comments/1sh1iwq/ailed_remediation_crisis_prompts_hackerone_to/ ThreatAft en 2026-04-09T20:35:33.000Z AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties https://www.tenable.com/blog/what-to-know-about-cyberav3ngers-the-irgc-linked-group-targeting-critical-infrastructure ThreatAft en 2026-04-09T20:28:27.000Z What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure https://www.darkreading.com/vulnerabilities-threats/bluehammer-windows-exploit-microsoft-bug-disclosure-issues ThreatAft en 2026-04-09T20:13:34.000Z 'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues https://www.reddit.com/r/cybersecurity/comments/1sh0jvn/hackers_steal_and_leak_sensitive_lapd_police/ ThreatAft en 2026-04-09T20:00:20.000Z Hackers steal and leak sensitive LAPD police documents https://www.reddit.com/r/cybersecurity/comments/1sh0h8z/is_cyber_hiring_too_dependent_on_cvs_and_keyword/ ThreatAft en 2026-04-09T19:57:45.000Z Is cyber hiring too dependent on CVs and keyword matching? https://therecord.media/fcc-proposes-new-rule-robocall-crackdown ThreatAft en 2026-04-09T19:57:00.000Z FCC proposes new rule to further crackdown on illegal robocalls https://www.reddit.com/r/cybersecurity/comments/1sh0beg/chrome_introduces_hardwarebound_session/ ThreatAft en 2026-04-09T19:51:55.000Z Chrome introduces hardware-bound session protection to fight infostealer malware. https://www.bleepingcomputer.com/news/security/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/ ThreatAft en 2026-04-09T19:46:44.000Z Healthcare IT solutions provider ChipSoft hit by ransomware attack https://www.microsoft.com/en-us/security/blog/2026/04/09/the-agentic-soc-rethinking-secops-for-the-next-decade/ ThreatAft en 2026-04-09T19:00:00.000Z The agentic SOC—Rethinking SecOps for the next decade https://www.bleepingcomputer.com/news/security/google-chrome-adds-infostealer-protection-against-session-cookie-theft/ ThreatAft en 2026-04-09T18:33:29.000Z Google Chrome adds infostealer protection against session cookie theft https://thehackernews.com/2026/04/engagelab-sdk-flaw-exposed-50m-android.html ThreatAft en 2026-04-09T17:26:00.000Z EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets https://www.reddit.com/r/cybersecurity/comments/1sgw6b7/petabytes_stolen_ai_tools_emerged_and_a_new_us/ ThreatAft en 2026-04-09T17:25:30.000Z Petabytes Stolen, AI Tools Emerged, and a New U.S. Cyber Strategy—Tin foil Hatting or are the Dots Connecting? https://therecord.media/treasury-department-announces-crypto-info-sharing ThreatAft en 2026-04-09T17:25:00.000Z Treasury Department announces crypto industry cyber threat sharing initiative https://www.reddit.com/r/cybersecurity/comments/1sgw4li/us_treasury_to_loop_in_crypto_sector_on_hacker/ ThreatAft en 2026-04-09T17:23:52.000Z U.S. Treasury to loop in crypto sector on hacker warnings shared with traditional firms https://www.reddit.com/r/cybersecurity/comments/1sgw484/oscp_cloud_solutions_architect/ ThreatAft en 2026-04-09T17:23:30.000Z OSCP + Cloud Solutions Architect https://www.reddit.com/r/cybersecurity/comments/1sgvx7a/need_help_for_upcoming_interview_in_reliaquest/ ThreatAft en 2026-04-09T17:16:52.000Z Need help for upcoming interview in ReliaQuest. https://www.reddit.com/r/cybersecurity/comments/1sgvupi/pcgamer_lol_microsoft_shutting_down_wiregaurd/ ThreatAft en 2026-04-09T17:14:29.000Z PCGAMER: LOL, Microsoft shutting down WireGaurd, VeraCrypt and other was just an email oopsie! How silly that people are making a big deal of it! https://www.darkreading.com/cybersecurity-analytics/ceasefires-slow-cyberattacks-history ThreatAft en 2026-04-09T17:04:51.000Z Do Ceasefires Slow Cyberattacks? History Suggests Not https://www.reddit.com/r/netsec/comments/1sgv3se/the_naclcon_salt_con_speaker_list_is_out_may/ ThreatAft en 2026-04-09T16:48:09.000Z The NaClCON (Salt Con) speaker list is out! May 31–June 2, Carolina Beach NC https://www.reddit.com/r/cybersecurity/comments/1sguy3u/misconfiguration_is_reason_cybersecurity_firms/ ThreatAft en 2026-04-09T16:42:36.000Z Misconfiguration is reason cybersecurity firms are targeting Salesforce https://thehackernews.com/2026/04/uat-10362-targets-taiwanese-ngos-with.html ThreatAft en 2026-04-09T16:23:00.000Z UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns https://www.bleepingcomputer.com/news/security/smart-slider-updates-hijacked-to-push-malicious-wordpress-joomla-versions/ ThreatAft en 2026-04-09T16:15:26.000Z Smart Slider updates hijacked to push malicious WordPress, Joomla versions https://www.reddit.com/r/cybersecurity/comments/1sgu5t0/fbi_extracted_the_notification_database_of/ ThreatAft en 2026-04-09T16:14:26.000Z FBI extracted the notification database of Suspect's iPhone to read Signal messages https://www.reddit.com/r/netsec/comments/1sgu2dn/threat_model_discrepancy_google_password_manager/ ThreatAft en 2026-04-09T16:10:52.000Z Threat Model Discrepancy: Google Password Manager leaks cleartext passwords via Task Switcher (Won't Fix) - Violates German BSI Standards https://blog.qualys.com/product-tech/2026/04/09/scaling-modern-appsec-moving-from-static-profiles-to-ai-powered-scan-optimization ThreatAft en 2026-04-09T16:10:52.000Z Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization https://www.reddit.com/r/cybersecurity/comments/1sgtavw/github_schichluckyspark_a_stealthy_easy_to_use/ ThreatAft en 2026-04-09T15:43:43.000Z GitHub - Schich/Lucky-Spark: A stealthy easy to use loader for shellcode staged with http/https like Sliver https://www.reddit.com/r/cybersecurity/comments/1sgt680/google_password_manager_leaks_cleartext_passwords/ ThreatAft en 2026-04-09T15:39:04.000Z Google Password Manager leaks cleartext passwords via Task Switcher. Google says "Won't Fix", German BSI says "Vulnerability". https://cyberscoop.com/fbi-operation-masquerade-russian-gru-router-takedown-brett-leatherman/ ThreatAft en 2026-04-09T15:34:14.000Z Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’ https://www.reddit.com/r/cybersecurity/comments/1sgt00r/what_are_the_best_job_sites_to_use_when_looking/ ThreatAft en 2026-04-09T15:32:56.000Z What are the best job sites to use when looking for cybersecurity jobs, or just IT jobs (in general)?? https://www.reddit.com/r/cybersecurity/comments/1sgshh1/i_am_looking_for_api_to_check_categories_of_url/ ThreatAft en 2026-04-09T15:14:32.000Z I am looking for API to check categories of URL https://therecord.media/russia-accuses-radio-free-europe-journalist-aiding-ukraine-cyberattack ThreatAft en 2026-04-09T15:02:00.000Z Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine https://www.microsoft.com/en-us/security/blog/2026/04/09/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/ ThreatAft en 2026-04-09T15:00:00.000Z Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees https://www.infosecurity-magazine.com/news/stx-rat-targets-finance-sector/ ThreatAft en 2026-04-09T15:00:00.000Z STX RAT Targets Finance Sector With Advanced Stealth Tactics https://blog.qualys.com/product-tech/2026/04/09/1aws-cloud-security-best-practices-guide ThreatAft en 2026-04-09T15:00:00.000Z 12 Best Practices for Securing AWS Cloud in 2026 https://www.helpnetsecurity.com/2026/04/09/claude-managed-agents-bring-execution-and-control-to-ai-agent-workflows/ ThreatAft en 2026-04-09T14:31:52.000Z Claude Managed Agents bring execution and control to AI agent workflows https://www.helpnetsecurity.com/2026/04/09/mylovely-ai-data-breach-user-conversations/ ThreatAft en 2026-04-09T14:22:35.000Z 113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs https://www.bleepingcomputer.com/news/security/when-attackers-already-have-the-keys-mfa-is-just-another-door-to-open/ ThreatAft en 2026-04-09T14:02:12.000Z When attackers already have the keys, MFA is just another door to open https://www.infosecurity-magazine.com/news/bitcoin-depot-dollar36m-crypto/ ThreatAft en 2026-04-09T14:01:00.000Z Bitcoin Depot Reports $3.6m Crypto Theft After System Breach https://www.reddit.com/r/cybersecurity/comments/1sgqglq/security_researchers_tricked_apple_intelligence/ ThreatAft en 2026-04-09T14:00:52.000Z Security researchers tricked Apple Intelligence into cursing at users https://www.reddit.com/r/cybersecurity/comments/1sgq616/snoopy_adolf_and_password_the_hungarian/ ThreatAft en 2026-04-09T13:49:18.000Z ‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online https://www.reddit.com/r/cybersecurity/comments/1sgq0fz/hackers_exploiting_acrobat_reader_zeroday_flaw/ ThreatAft en 2026-04-09T13:43:13.000Z Hackers exploiting Acrobat Reader zero-day flaw since December https://www.securityweek.com/apple-intelligence-ai-guardrails-bypassed-in-new-attack/ ThreatAft en 2026-04-09T13:43:07.000Z Apple Intelligence AI Guardrails Bypassed in New Attack https://www.securityweek.com/can-we-trust-ai-no-but-eventually-we-must/ ThreatAft en 2026-04-09T13:30:00.000Z Can we Trust AI? No – But Eventually We Must https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/ ThreatAft en 2026-04-09T13:21:18.000Z Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk https://www.malwarebytes.com/blog/news/2026/04/scammers-pose-as-amazon-support-to-steal-your-account ThreatAft en 2026-04-09T13:05:44.000Z Scammers pose as Amazon support to steal your account https://www.helpnetsecurity.com/2026/04/09/apache-activemq-rce-vulnerability-cve-2026-34197-claude/ ThreatAft en 2026-04-09T13:04:54.000Z Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) https://www.sentinelone.com/blog/edge-decay-how-a-failing-perimeter-is-fueling-modern-intrusions/ ThreatAft en 2026-04-09T13:00:49.000Z Edge Decay: How a Failing Perimeter Is Fueling Modern Intrusions https://www.helpnetsecurity.com/2026/04/09/mallory-ai-native-threat-intelligence-platform/ ThreatAft en 2026-04-09T13:00:36.000Z Mallory brings contextual threat intelligence to security operations https://thehackernews.com/2026/04/threatsday-bulletin-hybrid-p2p-botnet.html ThreatAft en 2026-04-09T12:57:00.000Z ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories https://industrialcyber.co/industrial-cyber-attacks/censys-warns-systemic-exposure-of-rockwell-plcs-enable-iran-linked-targeting-of-critical-infrastructure-ot-networks/ ThreatAft en 2026-04-09T12:55:08.000Z Censys warns systemic exposure of Rockwell PLCs enable Iran-linked targeting of critical infrastructure OT networks https://www.reddit.com/r/cybersecurity/comments/1sgogf9/black_box_to_black_box_is_builtin_governance_for/ ThreatAft en 2026-04-09T12:38:57.000Z Black Box to Black Box - Is 'Built-in' Governance for AI Agents a major security anti-pattern? https://www.securityweek.com/google-api-keys-in-android-apps-expose-gemini-endpoints-to-unauthorized-access/ ThreatAft en 2026-04-09T12:26:50.000Z Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access https://www.bleepingcomputer.com/news/security/webinar-from-noise-to-signal-what-threat-actors-are-targeting-next/ ThreatAft en 2026-04-09T12:20:28.000Z Webinar: From noise to signal - What threat actors are targeting next https://www.reddit.com/r/cybersecurity/comments/1sgnyqe/tracking_frameworks_nist_andor_cis_controls/ ThreatAft en 2026-04-09T12:16:57.000Z Tracking Frameworks - NIST and/or CIS Controls https://www.reddit.com/r/cybersecurity/comments/1sgnxlq/what_should_i_prepare_for_a_soc_tier_2_interview/ ThreatAft en 2026-04-09T12:15:35.000Z What should I prepare for a SOC Tier 2 interview? https://www.reddit.com/r/cybersecurity/comments/1sgntdq/working_on_a_big_four_advice/ ThreatAft en 2026-04-09T12:10:24.000Z Working on a big four - Advice https://therecord.media/crypto-atm-bitcoin-depot-reports-cyberattack ThreatAft en 2026-04-09T12:10:00.000Z Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack https://cyberscoop.com/industrialized-fraud-ai-identity-theft-prevention-op-ed/ ThreatAft en 2026-04-09T12:00:00.000Z Don’t just fight fraud, hunt it https://www.helpnetsecurity.com/2026/04/09/opswat-adds-predictive-ai-engine-to-metadefender-for-pre-execution-threat-detection/ ThreatAft en 2026-04-09T11:59:55.000Z OPSWAT adds predictive AI engine to MetaDefender for pre-execution threat detection https://www.securityweek.com/palo-alto-networks-sonicwall-patch-high-severity-vulnerabilities/ ThreatAft en 2026-04-09T11:58:52.000Z Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities https://www.reddit.com/r/cybersecurity/comments/1sgngq0/eurail_says_december_data_breach_impacts_300000/ ThreatAft en 2026-04-09T11:54:28.000Z Eurail says December data breach impacts 300,000 individuals https://www.reddit.com/r/cybersecurity/comments/1sgnd04/completed_comptia_security/ ThreatAft en 2026-04-09T11:49:29.000Z Completed CompTIA security+ https://www.helpnetsecurity.com/2026/04/09/acrobat-reader-zero-day-exploited/ ThreatAft en 2026-04-09T11:44:19.000Z Acrobat Reader zero-day exploited in the wild for many months https://thehackernews.com/2026/04/the-hidden-security-risks-of-shadow-ai.html ThreatAft en 2026-04-09T11:31:00.000Z The Hidden Security Risks of Shadow AI in Enterprises https://www.helpnetsecurity.com/2026/04/09/intruder-container-image-scanning/ ThreatAft en 2026-04-09T11:23:15.000Z Intruder expands cloud security with agentless container image scanning https://www.infosecurity-magazine.com/news/atomic-stealer-macos-clickfix/ ThreatAft en 2026-04-09T11:20:00.000Z Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings https://thehackernews.com/2026/04/adobe-reader-zero-day-exploited-via.html ThreatAft en 2026-04-09T11:15:00.000Z Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 https://www.malwarebytes.com/blog/news/2026/04/nsfw-app-leak-exposes-70000-prompts-linked-to-individual-users ThreatAft en 2026-04-09T11:02:51.000Z NSFW app leak exposes 70,000 prompts linked to individual users https://www.securityweek.com/the-hidden-roi-of-visibility-better-decisions-better-behavior-better-security/ ThreatAft en 2026-04-09T11:00:00.000Z The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security https://www.infosecurity-magazine.com/news/middle-east-hack-operation-bitter/ ThreatAft en 2026-04-09T10:45:00.000Z Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group https://thehackernews.com/2026/04/bitter-linked-hack-for-hire-campaign.html ThreatAft en 2026-04-09T10:40:00.000Z Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region https://www.bleepingcomputer.com/news/security/eurail-says-december-data-breach-impacts-300-000-individuals/ ThreatAft en 2026-04-09T10:31:54.000Z Eurail says December data breach impacts 300,000 individuals https://www.helpnetsecurity.com/2026/04/09/advenica-file-scanner-kiosk/ ThreatAft en 2026-04-09T10:22:36.000Z Advenica’s File Scanner Kiosk scans USB media for malware https://www.malwarebytes.com/blog/data-breaches/2026/04/30000-private-facebook-images-allegedly-downloaded-by-meta-employee ThreatAft en 2026-04-09T10:07:37.000Z 30,000 private Facebook images allegedly downloaded by Meta employee https://www.reddit.com/r/netsec/comments/1sglba8/applying_soarstyle_automation_to_physical/ ThreatAft en 2026-04-09T10:01:11.000Z Applying SOAR-style automation to physical perimeter security https://www.infosecurity-magazine.com/news/governance-gaps-agents-76-increase/ ThreatAft en 2026-04-09T10:00:00.000Z Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs https://www.wired.com/story/political-campaign-security-spending/ ThreatAft en 2026-04-09T10:00:00.000Z Politicians Are Spending More Money on Security as They Increasingly Become Targets https://www.securityweek.com/google-warns-of-new-campaign-targeting-bpos-to-steal-corporate-data/ ThreatAft en 2026-04-09T09:44:56.000Z Google Warns of New Campaign Targeting BPOs to Steal Corporate Data https://www.malwarebytes.com/blog/scams/2026/04/this-fake-windows-support-website-delivers-password-stealing-malware ThreatAft en 2026-04-09T09:40:52.000Z This fake Windows support website delivers password-stealing malware https://www.bleepingcomputer.com/news/security/hackers-exploiting-acrobat-reader-zero-day-flaw-since-december/ ThreatAft en 2026-04-09T09:22:35.000Z Hackers exploiting Acrobat Reader zero-day flaw since December https://www.helpnetsecurity.com/2026/04/09/whatsapp-username-privacy-feature/ ThreatAft en 2026-04-09T09:11:42.000Z WhatsApp brings long-awaited privacy control over who can contact you https://www.helpnetsecurity.com/2026/04/09/meta-muse-spark-personal-superintelligence/ ThreatAft en 2026-04-09T08:53:48.000Z Meta’s Muse Spark takes AI a step closer to personal superintelligence https://www.securityweek.com/adobe-reader-zero-day-exploited-for-months-researcher/ ThreatAft en 2026-04-09T08:44:51.000Z Adobe Reader Zero-Day Exploited for Months: Researcher https://www.reddit.com/r/cybersecurity/comments/1sgjyz2/quick_and_simple_what_certs_have_you_found_or/ ThreatAft en 2026-04-09T08:39:30.000Z Quick and Simple: what certs have you found or noticed get you more interviews? For SOC, GRC, Network, or even help desk? https://www.infosecurity-magazine.com/news/google-warns-group-targeting-bpos/ ThreatAft en 2026-04-09T08:35:00.000Z Google Warns of New Threat Group Targeting BPOs and Helpdesks https://www.securityweek.com/300000-people-impacted-by-eurail-data-breach/ ThreatAft en 2026-04-09T08:28:05.000Z 300,000 People Impacted by Eurail Data Breach https://industrialcyber.co/reports/ccn-reports-cybersecurity-maturity-becoming-prerequisite-in-critical-infrastructure-industrial-supply-chains/ ThreatAft en 2026-04-09T08:27:48.000Z CCN reports cybersecurity maturity becoming prerequisite in critical infrastructure, industrial supply chains https://industrialcyber.co/critical-infrastructure/uk-ncsc-says-apt28-exploits-routers-for-dns-hijacking-enabling-large-scale-traffic-interception/ ThreatAft en 2026-04-09T08:24:56.000Z UK NCSC says APT28 exploits routers for DNS hijacking, enabling large-scale traffic interception https://industrialcyber.co/utilities-energy-power-water-waste/doe-allocates-160-million-to-secure-energy-systems-as-cyber-threats-converge-with-grid-modernization/ ThreatAft en 2026-04-09T08:18:03.000Z DOE allocates $160 million to secure energy systems as cyber threats converge with grid modernization https://www.bleepingcomputer.com/news/security/crypto-atm-giant-bitcoin-depot-says-hackers-stole-36-million-from-its-wallets/ ThreatAft en 2026-04-09T07:44:55.000Z Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot https://www.bleepingcomputer.com/news/microsoft/microsoft-suspends-dev-accounts-for-high-profile-open-source-projects/ ThreatAft en 2026-04-09T06:46:26.000Z Microsoft suspends dev accounts for high-profile open source projects https://www.securityweek.com/3-6-million-stolen-in-bitcoin-depot-hack/ ThreatAft en 2026-04-09T06:41:40.000Z $3.6 Million Stolen in Bitcoin Depot Hack https://www.reddit.com/r/cybersecurity/comments/1sghclb/the_whitelist_won_how_anthropic_turned_a_pentagon/ ThreatAft en 2026-04-09T06:04:07.000Z The Whitelist Won: How Anthropic Turned a Pentagon Blacklist into a Consortium https://www.reddit.com/r/cybersecurity/comments/1sggxcp/soc_analysts_what_helped_you_connect_siem_edr_and/ ThreatAft en 2026-04-09T05:40:19.000Z SOC analysts - what helped you connect SIEM, EDR, and threat hunting in real scenarios? https://www.helpnetsecurity.com/2026/04/09/itamar-apelblat-token-security-ai-agents-security-risks/ ThreatAft en 2026-04-09T05:30:01.000Z AI agent intent is a starting point, not a security strategy https://www.helpnetsecurity.com/2026/04/09/asqav-ai-agent-audit-trail/ ThreatAft en 2026-04-09T05:00:12.000Z Asqav: Open-source SDK for AI agent governance https://www.helpnetsecurity.com/2026/04/09/saas-platforms-notification-systems-phishing/ ThreatAft en 2026-04-09T04:30:03.000Z Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure https://www.reddit.com/r/cybersecurity/comments/1sgfcor/security_officer_in_healthcare/ ThreatAft en 2026-04-09T04:16:40.000Z Security Officer in Healthcare https://www.helpnetsecurity.com/2026/04/09/genai-prompt-injection-enterprise-data-risk/ ThreatAft en 2026-04-09T04:00:19.000Z Prompt injection tags along as GenAI enters daily government use https://isc.sans.edu/diary/rss/32882 ThreatAft en 2026-04-09T02:00:03.000Z ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th) https://www.reddit.com/r/cybersecurity/comments/1sgbuw7/ai_is_creating_more_cybersecurity_work/ ThreatAft en 2026-04-09T01:32:06.000Z AI is creating more cybersecurity work https://www.securityweek.com/shaky-ceasefire-unlikely-to-stop-cyberattacks-from-iran-linked-hackers-for-long/ ThreatAft en 2026-04-09T01:22:35.000Z Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long https://www.darkreading.com/threat-intelligence/russia-forest-blizzard-logins-soho-routers ThreatAft en 2026-04-09T01:00:00.000Z Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers https://isc.sans.edu/diary/rss/32866 ThreatAft en 2026-04-09T00:58:14.000Z Number Usage in Passwords: Take Two, (Thu, Apr 9th) https://www.reddit.com/r/cybersecurity/comments/1sganbu/two_former_heads_of_cisa_and_ncsc_now_work_at_a/ ThreatAft en 2026-04-09T00:37:40.000Z Two former heads of CISA and NCSC now work at a program funded by the Ukraine-sanctioned, Soviet-born billionaire owner of Warner Music https://www.elastic.co/security-labs/elastic-defence-cyber-marvel ThreatAft en 2026-04-09T00:00:00.000Z Elastic on Defence Cyber Marvel 2026: A Technical overview from the Exercise Floor https://www.exploit-db.com/exploits/52505 ThreatAft en 2026-04-09T00:00:00.000Z [webapps] RomM 4.4.0 - XSS_CSRF Chain https://www.exploit-db.com/exploits/52506 ThreatAft en 2026-04-09T00:00:00.000Z [webapps] React Server 19.2.0 - Remote Code Execution https://www.exploit-db.com/exploits/52504 ThreatAft en 2026-04-09T00:00:00.000Z [webapps] Jumbo Website Manager - Remote Code Execution https://www.recordedfuture.com/blog/recorded-future-sees-its-inclusion-in-the-2026-forrester-wave ThreatAft en 2026-04-09T00:00:00.000Z Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One. https://therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions ThreatAft en 2026-04-08T23:00:00.000Z Cybercriminals target accountants to drain Russian firms’ bank accounts https://www.reddit.com/r/cybersecurity/comments/1sg7zcf/massachusetts_hospital_turning_ambulances_away/ ThreatAft en 2026-04-08T22:42:29.000Z Massachusetts hospital turning ambulances away after cyberattack https://www.reddit.com/r/cybersecurity/comments/1sg7wmp/a_hacker_has_allegedly_breached_one_of_chinas/ ThreatAft en 2026-04-08T22:39:25.000Z A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data | CNN https://www.reddit.com/r/cybersecurity/comments/1sg7uve/cia_director_quietly_elevated_agencys_cyber/ ThreatAft en 2026-04-08T22:37:27.000Z CIA director quietly elevated agency’s cyber espionage division https://www.bleepingcomputer.com/news/security/hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer/ ThreatAft en 2026-04-08T22:34:26.000Z Hackers use pixel-large SVG trick to hide credit card stealer https://unit42.paloaltonetworks.com/exploit-of-aws-agentcore-iam-god-mode/ ThreatAft en 2026-04-08T22:00:51.000Z Cracks in the Bedrock: Agent God Mode https://www.bleepingcomputer.com/news/security/google-new-unc6783-hackers-steal-corporate-zendesk-support-tickets/ ThreatAft en 2026-04-08T21:46:27.000Z Google: New UNC6783 hackers steal corporate Zendesk support tickets https://www.darkreading.com/cyber-risk/emojis-power-covert-threat-actor-communications ThreatAft en 2026-04-08T20:21:32.000Z Threat Actors Get Crafty With Emojis to Escape Detection https://therecord.media/tiktok-removes-covert-networks-hungary-vote ThreatAft en 2026-04-08T20:20:00.000Z TikTok removes covert networks ahead of Hungary vote as disinformation concerns grow https://www.reddit.com/r/Malware/comments/1sg3zcp/phishing_via_google_storage_abuse_leading_to_rat/ ThreatAft en 2026-04-08T20:08:20.000Z Phishing via Google Storage Abuse Leading to RAT Deployment https://www.reddit.com/r/cybersecurity/comments/1sg3kht/a_hack_of_the_la_city_attorneys_office/ ThreatAft en 2026-04-08T19:53:15.000Z A hack of the L.A. city attorney’s office compromised 7.7 terabytes of sensitive LAPD records https://www.reddit.com/r/netsec/comments/1sg3i8u/dnsight_open_source_config_driven_cli_dns_auditor/ ThreatAft en 2026-04-08T19:50:50.000Z dnsight - open source, config driven CLI DNS auditor https://www.helpnetsecurity.com/2026/04/08/bluehammer-windows-zero-day-exploit-leaked/ ThreatAft en 2026-04-08T19:48:32.000Z BlueHammer: Windows zero-day exploit leaked https://www.darkreading.com/application-security/ai-led-remediation-crisis-prompts-hackerone-pause-bug-bounties ThreatAft en 2026-04-08T19:47:32.000Z AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties https://www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/ ThreatAft en 2026-04-08T18:55:43.000Z New macOS stealer campaign uses Script Editor in ClickFix attack https://www.wired.com/story/we-were-not-ready-for-this-lebanons-emergency-system-is-hanging-by-a-thread/ ThreatAft en 2026-04-08T18:43:39.000Z ‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread https://www.reddit.com/r/cybersecurity/comments/1sg1co9/i_created_a_library_for_wifi_auditing_on_esp32/ ThreatAft en 2026-04-08T18:33:06.000Z I created a library for WiFi auditing on ESP32 based on Marauder https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday/ ThreatAft en 2026-04-08T18:15:27.000Z CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday https://thehackernews.com/2026/04/new-chaos-variant-targets-misconfigured.html ThreatAft en 2026-04-08T17:51:00.000Z New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy https://www.helpnetsecurity.com/2026/04/08/trellix-data-security-capabilities-generative-ai/ ThreatAft en 2026-04-08T17:50:38.000Z Trellix strengthens data security for the GenAI era https://www.reddit.com/r/cybersecurity/comments/1sg01m1/millions_of_health_care_patients_potentially/ ThreatAft en 2026-04-08T17:46:31.000Z Millions of health care patients potentially affected by data breach https://therecord.media/eurail-reports-data-breach-impacting-over-300000 ThreatAft en 2026-04-08T17:46:00.000Z Passport numbers for more than 300,000 leaked during December Eurail data breach https://therecord.media/breach-exposes-lapd-files-city-attorney-systems ThreatAft en 2026-04-08T17:42:00.000Z Breach exposes sensitive LAPD files stored in city attorney system https://www.reddit.com/r/netsec/comments/1sfzt0f/the_gap_between_thousands_of_vulnerabilities_and/ ThreatAft en 2026-04-08T17:38:12.000Z The Gap Between “Thousands of Vulnerabilities” and Reality | by Manikandan Swaminathan | Apr, 2026 https://www.reddit.com/r/netsec/comments/1sfznvq/offensive_fraud_prevention/ ThreatAft en 2026-04-08T17:33:04.000Z Offensive Fraud Prevention https://www.reddit.com/r/cybersecurity/comments/1sfzlsc/gaining_experience_in_cybersecurity/ ThreatAft en 2026-04-08T17:30:57.000Z Gaining Experience in Cybersecurity https://www.bleepingcomputer.com/news/security/13-year-old-bug-in-activemq-lets-hackers-remotely-execute-commands/ ThreatAft en 2026-04-08T17:26:40.000Z 13-year-old bug in ActiveMQ lets hackers remotely execute commands https://isc.sans.edu/diary/rss/32880 ThreatAft en 2026-04-08T17:15:05.000Z TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th) https://therecord.media/minnesota-sends-national-guard-after-local-cyberattack ThreatAft en 2026-04-08T17:10:00.000Z Minnesota governor sends national guard to county after cyberattack https://www.reddit.com/r/cybersecurity/comments/1sfyngq/claude_mythos_and_escaping_the_sandbox/ ThreatAft en 2026-04-08T16:57:36.000Z Claude Mythos and escaping the sandbox https://www.reddit.com/r/cybersecurity/comments/1sfyiu1/hundreds_of_orgs_compromised_daily_in_microsoft/ ThreatAft en 2026-04-08T16:53:05.000Z Hundreds of orgs compromised daily in Microsoft device code phishing attacks https://www.reddit.com/r/cybersecurity/comments/1sfyf1s/hackers_steal_and_leak_sensitive_lapd_police/ ThreatAft en 2026-04-08T16:49:26.000Z Hackers steal and leak sensitive LAPD police documents https://therecord.media/two-egyptian-journalists-targeted-spearphishing-campaign ThreatAft en 2026-04-08T16:44:00.000Z Two prominent Egyptian journalists targeted with elaborate spearphishing campaign https://www.reddit.com/r/cybersecurity/comments/1sfy90j/glasswing_gives_50_companies_a_3month_head_start/ ThreatAft en 2026-04-08T16:43:31.000Z Glasswing gives 50 companies a 3-month head start on Mythos-class vulnerabilities. What does everyone else do? https://cyberscoop.com/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa/ ThreatAft en 2026-04-08T16:38:03.000Z Hack-for-hire spyware campaign targets journalists in Middle East, North Africa https://thehackernews.com/2026/04/masjesu-botnet-emerges-as-ddos-for-hire.html ThreatAft en 2026-04-08T16:30:00.000Z Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices https://www.reddit.com/r/cybersecurity/comments/1sfx5nx/psa_if_youre_on_the_receiving_end_of_a_red_team/ ThreatAft en 2026-04-08T16:04:57.000Z PSA: if you're on the receiving end of a red team test, the authorization letter protects you too https://www.infosecurity-magazine.com/news/google-api-keys-access-gemini/ ThreatAft en 2026-04-08T16:00:00.000Z Google API Keys Quietly Gain Access to Gemini on Android Devices https://www.reddit.com/r/cybersecurity/comments/1sfwmtn/i_built_a_forensic_tool_that_explains_why_a_file/ ThreatAft en 2026-04-08T15:46:22.000Z I built a forensic tool that explains why a file is malicious https://www.darkreading.com/cyberattacks-data-breaches/fraud-mobile-first-latin-america ThreatAft en 2026-04-08T15:45:11.000Z Fraud Rockets Higher in Mobile-First Latin America https://www.reddit.com/r/netsec/comments/1sfwhtv/common_entra_id_security_assessment_findings_part/ ThreatAft en 2026-04-08T15:41:26.000Z Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration https://www.securityweek.com/data-leakage-vulnerability-patched-in-openssl/ ThreatAft en 2026-04-08T15:37:48.000Z Data Leakage Vulnerability Patched in OpenSSL https://www.reddit.com/r/cybersecurity/comments/1sfwc29/snowflake_customers_hit_in_data_theft_attacks/ ThreatAft en 2026-04-08T15:35:35.000Z Snowflake customers hit in data theft attacks after SaaS integrator breach https://www.reddit.com/r/netsec/comments/1sfwb2n/a_new_initiative_that_brings_together_amazon_web/ ThreatAft en 2026-04-08T15:34:35.000Z A new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software. https://www.infosecurity-magazine.com/news/flaw-ninja-forms-wordpress/ ThreatAft en 2026-04-08T15:10:00.000Z Critical Vulnerability in Ninja Forms Exposes WordPress Sites https://www.reddit.com/r/cybersecurity/comments/1sfushf/quantum_cryptography_and_the_harvest_now_decrypt/ ThreatAft en 2026-04-08T14:40:12.000Z Quantum cryptography and the "harvest now, decrypt later" problem -- how seriously are organizations taking this? https://therecord.media/cia-director-elevated-agency-cyber-espionage-division ThreatAft en 2026-04-08T14:37:00.000Z CIA director quietly elevated agency’s cyber espionage division https://www.reddit.com/r/cybersecurity/comments/1sfuoib/hong_kong_police_can_now_demand_phone_passwords/ ThreatAft en 2026-04-08T14:36:04.000Z Hong Kong police can now demand phone passwords under new security rules | Hacker News https://www.malwarebytes.com/blog/inside-malwarebytes/2026/04/your-extensions-leak-clues-about-you-so-we-made-sure-browser-guard-doesnt ThreatAft en 2026-04-08T14:33:18.000Z Your extensions leak clues about you, so we made sure Browser Guard doesn’t https://www.securityweek.com/rce-bug-lurked-in-apache-activemq-classic-for-13-years/ ThreatAft en 2026-04-08T14:30:27.000Z RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years https://www.reddit.com/r/netsec/comments/1sfugo9/russian_gru_exploiting_vulnerable_routers_to/ ThreatAft en 2026-04-08T14:28:17.000Z Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information 07 April 2026 https://isc.sans.edu/diary/rss/32878 ThreatAft en 2026-04-08T14:23:28.000Z More Honeypot Fingerprinting Scans, (Wed, Apr 8th) https://www.bleepingcomputer.com/news/security/is-a-30-000-gpu-good-at-password-cracking/ ThreatAft en 2026-04-08T14:00:10.000Z Is a $30,000 GPU Good at Password Cracking? https://www.reddit.com/r/cybersecurity/comments/1sftjw8/microsoft_blocks_accounts_wireguard_and_veracrypt/ ThreatAft en 2026-04-08T13:55:09.000Z Microsoft blocks accounts WireGuard and Veracrypt https://www.reddit.com/r/cybersecurity/comments/1sftf4l/atomic_stealer_amos_returns_clickfix_trojanized/ ThreatAft en 2026-04-08T13:50:07.000Z Atomic Stealer (AMOS) Returns: ClickFix, Trojanized Crypto Apps, and a New macOS Persistence Mechanism https://thehackernews.com/2026/04/apt28-deploys-prismex-malware-in.html ThreatAft en 2026-04-08T13:50:00.000Z APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies https://www.reddit.com/r/Malware/comments/1sftdmz/atomic_stealer_amos_macos_malware_decryption/ ThreatAft en 2026-04-08T13:48:30.000Z Atomic Stealer (AMOS) macOS Malware Decryption, Anti-VM, Hardware Wallet Trojanization & Persistent Backdoor https://www.darkreading.com/ics-ot-security/iranian-threat-actors-us-critical-infrastructure-exposed-plcs ThreatAft en 2026-04-08T13:46:29.000Z Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs https://www.reddit.com/r/cybersecurity/comments/1sft49c/russian_state_hackers_are_hijacking_tplink_and/ ThreatAft en 2026-04-08T13:38:19.000Z Russian state hackers are hijacking TP-Link and MicroTik routers to steal Outlook credentials, cybersecurity center warns — APT28 group targets DNS and redirects traffic to attacker-controlled servers https://www.securityweek.com/fbi-cybercrime-losses-neared-21-billion-in-2025/ ThreatAft en 2026-04-08T13:32:53.000Z FBI: Cybercrime Losses Neared $21 Billion in 2025 https://www.malwarebytes.com/blog/news/2026/04/russian-state-sponsored-hackers-hijack-home-and-small-office-routers-for-espionage ThreatAft en 2026-04-08T13:31:25.000Z Russian hacking group targets home and small office routers to spy on users https://www.reddit.com/r/cybersecurity/comments/1sfsv1q/what_does_the_job_entail/ ThreatAft en 2026-04-08T13:28:22.000Z What does the job entail? https://www.reddit.com/r/netsec/comments/1sfstn6/broken_by_default_i_formally_proved_that/ ThreatAft en 2026-04-08T13:26:43.000Z Broken by Default: I formally proved that LLM-generated C/C++ code is broken by default — 55.8% vulnerable, 97.8% invisible to existing tools https://www.reddit.com/r/netsec/comments/1sfsf08/why_i_think_mythos_is_gonna_be_game_changing/ ThreatAft en 2026-04-08T13:10:23.000Z Why i think Mythos is gonna be game changing after using Opus for a CTF https://www.reddit.com/r/cybersecurity/comments/1sfs0sm/i_built_a_free_tool_that_creates_a_realtime/ ThreatAft en 2026-04-08T12:54:36.000Z I built a free tool that creates a realtime deepfake of you in the browser https://www.reddit.com/r/cybersecurity/comments/1sfruzd/thousands_of_consumer_routers_hacked_by_russias/ ThreatAft en 2026-04-08T12:47:46.000Z Thousands of consumer routers hacked by Russia's military https://www.reddit.com/r/cybersecurity/comments/1sfrpb2/solving_the_shadow_ai_problem_in_the_codebases/ ThreatAft en 2026-04-08T12:40:58.000Z Solving the shadow AI problem in the codebases https://www.securityweek.com/massachusetts-hospital-diverts-ambulances-as-cyberattack-causes-disruption/ ThreatAft en 2026-04-08T12:31:39.000Z Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption https://www.helpnetsecurity.com/2026/04/08/social-engineering-open-source-developers/ ThreatAft en 2026-04-08T12:26:27.000Z Social engineering attacks on open source developers are escalating https://www.reddit.com/r/cybersecurity/comments/1sfr871/fbi_americans_lost_a_record_21_billion_to/ ThreatAft en 2026-04-08T12:20:17.000Z FBI: Americans lost a record 21 billion to cybercrime last year https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog ThreatAft en 2026-04-08T12:00:00.000Z CISA Adds One Known Exploited Vulnerability to Catalog https://www.securityweek.com/evasive-masjesu-ddos-botnet-targets-iot-devices/ ThreatAft en 2026-04-08T11:49:44.000Z Evasive Masjesu DDoS Botnet Targets IoT Devices https://www.reddit.com/r/cybersecurity/comments/1sfqbyt/contagious_interview_now_ships_malicious_packages/ ThreatAft en 2026-04-08T11:39:13.000Z Contagious Interview now ships malicious packages to npm, PyPI, Go, Rust, and PHP https://thehackernews.com/2026/04/shrinking-iam-attack-surface-through.html ThreatAft en 2026-04-08T11:30:00.000Z Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) https://www.infosecurity-magazine.com/news/anthropic-launch-project-glasswing/ ThreatAft en 2026-04-08T11:30:00.000Z Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities https://www.securityweek.com/hackers-targeting-critical-ninja-forms-bug-that-exposes-wordpress-sites-to-takeover/ ThreatAft en 2026-04-08T11:20:23.000Z Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover https://www.reddit.com/r/netsec/comments/1sfpmg9/reading_etcpasswd_via_translation_file_upload_in/ ThreatAft en 2026-04-08T11:03:55.000Z Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3) https://www.securityweek.com/us-disrupts-russian-espionage-operation-involving-hacked-routers-and-dns-hijacking/ ThreatAft en 2026-04-08T10:54:14.000Z US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking https://industrialcyber.co/cisa/ongoing-cyberattacks-targeting-internet-connected-plcs-disrupt-us-critical-infrastructure-agencies-warn/ ThreatAft en 2026-04-08T10:38:03.000Z Ongoing cyberattacks targeting internet-connected PLCs disrupt US critical infrastructure, agencies warn https://www.reddit.com/r/netsec/comments/1sfp46v/brandefense_q4_2025_ransomware_trends_report_2373/ ThreatAft en 2026-04-08T10:36:41.000Z Brandefense Q4 2025 Ransomware Trends Report — 2,373 incidents, 125 groups, CVE exploitation breakdown https://industrialcyber.co/reports/fbi-reports-cyber-threats-to-critical-infrastructure-intensify-as-us-cybercrime-losses-hit-21-billion-exposes-risk/ ThreatAft en 2026-04-08T10:33:59.000Z FBI reports cyber threats to critical infrastructure intensify as US cybercrime losses hit $21 billion, exposes risk https://www.malwarebytes.com/blog/scams/2026/04/timeshare-owners-warned-to-watch-out-for-cartel-linked-scams ThreatAft en 2026-04-08T10:25:08.000Z Timeshare owners warned to watch out for cartel-linked scams https://www.reddit.com/r/netsec/comments/1sfovzn/training_for_device_code_phishing/ ThreatAft en 2026-04-08T10:24:01.000Z Training for Device Code Phishing https://industrialcyber.co/reports/tosi-reports-us-enterprises-improve-ot-security-maturity-but-vendor-access-emerges-as-critical-weakness/ ThreatAft en 2026-04-08T10:17:09.000Z Tosi reports US enterprises improve OT security maturity, but vendor access emerges as critical weakness https://www.helpnetsecurity.com/2026/04/08/iran-targets-us-critical-infrastructure/ ThreatAft en 2026-04-08T10:14:04.000Z Iranian cyber activity hits US energy, water, and government networks https://www.reddit.com/r/cybersecurity/comments/1sfomic/axios_npm_attack_technical_breakdown/ ThreatAft en 2026-04-08T10:08:54.000Z Axios npm attack: technical breakdown https://industrialcyber.co/news/bitsight-names-john-clancy-as-ceo-to-steer-growth-in-ai-driven-cybersecurity-era/ ThreatAft en 2026-04-08T10:06:25.000Z Bitsight names John Clancy as CEO to steer growth in AI-driven cybersecurity era https://www.infosecurity-magazine.com/news/us-thwarts-dns-hijacking-network/ ThreatAft en 2026-04-08T10:03:00.000Z US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers https://www.helpnetsecurity.com/2026/04/08/chaos-malware-cloud-misconfigured-servers/ ThreatAft en 2026-04-08T09:34:07.000Z Chaos malware expands from routers to Linux cloud servers https://www.reddit.com/r/cybersecurity/comments/1sfnquv/bug_bounty_programs_about_to_get_expensiv/ ThreatAft en 2026-04-08T09:16:37.000Z Bug Bounty Programs About to Get Expensiv https://thehackernews.com/2026/04/anthropics-claude-mythos-finds.html ThreatAft en 2026-04-08T09:16:00.000Z Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems https://www.infosecurity-magazine.com/news/claude-apache-activemq-bug-hidden/ ThreatAft en 2026-04-08T09:15:00.000Z Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years https://www.reddit.com/r/cybersecurity/comments/1sfnltx/authorities_disrupt_router_dns_hijacks_used_to/ ThreatAft en 2026-04-08T09:08:09.000Z Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins