https://www.darkreading.com/events/black-hat-usa ThreatAft en 2026-08-01T11:00:00.000Z Black Hat USA https://therecord.media/tiktok-removes-covert-networks-hungary-vote ThreatAft en 2026-04-08T20:20:00.000Z TikTok removes covert networks ahead of Hungary vote as disinformation concerns grow https://www.reddit.com/r/Malware/comments/1sg3zcp/phishing_via_google_storage_abuse_leading_to_rat/ ThreatAft en 2026-04-08T20:08:20.000Z Phishing via Google Storage Abuse Leading to RAT Deployment https://www.reddit.com/r/cybersecurity/comments/1sg3kht/a_hack_of_the_la_city_attorneys_office/ ThreatAft en 2026-04-08T19:53:15.000Z A hack of the L.A. city attorney’s office compromised 7.7 terabytes of sensitive LAPD records https://www.reddit.com/r/netsec/comments/1sg3i8u/dnsight_open_source_config_driven_cli_dns_auditor/ ThreatAft en 2026-04-08T19:50:50.000Z dnsight - open source, config driven CLI DNS auditor https://www.helpnetsecurity.com/2026/04/08/bluehammer-windows-zero-day-exploit-leaked/ ThreatAft en 2026-04-08T19:48:32.000Z BlueHammer: Windows zero-day exploit leaked https://www.darkreading.com/application-security/ai-led-remediation-crisis-prompts-hackerone-pause-bug-bounties ThreatAft en 2026-04-08T19:47:32.000Z AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties https://www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/ ThreatAft en 2026-04-08T18:55:43.000Z New macOS stealer campaign uses Script Editor in ClickFix attack https://www.wired.com/story/we-were-not-ready-for-this-lebanons-emergency-system-is-hanging-by-a-thread/ ThreatAft en 2026-04-08T18:43:39.000Z ‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread https://www.reddit.com/r/cybersecurity/comments/1sg1co9/i_created_a_library_for_wifi_auditing_on_esp32/ ThreatAft en 2026-04-08T18:33:06.000Z I created a library for WiFi auditing on ESP32 based on Marauder https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday/ ThreatAft en 2026-04-08T18:15:27.000Z CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday https://thehackernews.com/2026/04/new-chaos-variant-targets-misconfigured.html ThreatAft en 2026-04-08T17:51:00.000Z New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy https://www.helpnetsecurity.com/2026/04/08/trellix-data-security-capabilities-generative-ai/ ThreatAft en 2026-04-08T17:50:38.000Z Trellix strengthens data security for the GenAI era https://www.reddit.com/r/cybersecurity/comments/1sg01m1/millions_of_health_care_patients_potentially/ ThreatAft en 2026-04-08T17:46:31.000Z Millions of health care patients potentially affected by data breach https://therecord.media/eurail-reports-data-breach-impacting-over-300000 ThreatAft en 2026-04-08T17:46:00.000Z Passport numbers for more than 300,000 leaked during December Eurail data breach https://therecord.media/breach-exposes-lapd-files-city-attorney-systems ThreatAft en 2026-04-08T17:42:00.000Z Breach exposes sensitive LAPD files stored in city attorney system https://www.reddit.com/r/netsec/comments/1sfznvq/offensive_fraud_prevention/ ThreatAft en 2026-04-08T17:33:04.000Z Offensive Fraud Prevention https://www.reddit.com/r/cybersecurity/comments/1sfzlsc/gaining_experience_in_cybersecurity/ ThreatAft en 2026-04-08T17:30:57.000Z Gaining Experience in Cybersecurity https://www.bleepingcomputer.com/news/security/13-year-old-bug-in-activemq-lets-hackers-remotely-execute-commands/ ThreatAft en 2026-04-08T17:26:40.000Z 13-year-old bug in ActiveMQ lets hackers remotely execute commands https://isc.sans.edu/diary/rss/32880 ThreatAft en 2026-04-08T17:15:05.000Z TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th) https://therecord.media/minnesota-sends-national-guard-after-local-cyberattack ThreatAft en 2026-04-08T17:10:00.000Z Minnesota governor sends national guard to county after cyberattack https://www.reddit.com/r/cybersecurity/comments/1sfyngq/claude_mythos_and_escaping_the_sandbox/ ThreatAft en 2026-04-08T16:57:36.000Z Claude Mythos and escaping the sandbox https://www.reddit.com/r/cybersecurity/comments/1sfyiu1/hundreds_of_orgs_compromised_daily_in_microsoft/ ThreatAft en 2026-04-08T16:53:05.000Z Hundreds of orgs compromised daily in Microsoft device code phishing attacks https://www.reddit.com/r/cybersecurity/comments/1sfyf1s/hackers_steal_and_leak_sensitive_lapd_police/ ThreatAft en 2026-04-08T16:49:26.000Z Hackers steal and leak sensitive LAPD police documents https://therecord.media/two-egyptian-journalists-targeted-spearphishing-campaign ThreatAft en 2026-04-08T16:44:00.000Z Two prominent Egyptian journalists targeted with elaborate spearphishing campaign https://www.reddit.com/r/cybersecurity/comments/1sfy90j/glasswing_gives_50_companies_a_3month_head_start/ ThreatAft en 2026-04-08T16:43:31.000Z Glasswing gives 50 companies a 3-month head start on Mythos-class vulnerabilities. What does everyone else do? https://cyberscoop.com/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa/ ThreatAft en 2026-04-08T16:38:03.000Z Hack-for-hire spyware campaign targets journalists in Middle East, North Africa https://thehackernews.com/2026/04/masjesu-botnet-emerges-as-ddos-for-hire.html ThreatAft en 2026-04-08T16:30:00.000Z Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices https://www.reddit.com/r/cybersecurity/comments/1sfx5nx/psa_if_youre_on_the_receiving_end_of_a_red_team/ ThreatAft en 2026-04-08T16:04:57.000Z PSA: if you're on the receiving end of a red team test, the authorization letter protects you too https://www.reddit.com/r/cybersecurity/comments/1sfwmtn/i_built_a_forensic_tool_that_explains_why_a_file/ ThreatAft en 2026-04-08T15:46:22.000Z I built a forensic tool that explains why a file is malicious https://www.darkreading.com/cyberattacks-data-breaches/fraud-mobile-first-latin-america ThreatAft en 2026-04-08T15:45:11.000Z Fraud Rockets Higher in Mobile-First Latin America https://www.reddit.com/r/netsec/comments/1sfwhtv/common_entra_id_security_assessment_findings_part/ ThreatAft en 2026-04-08T15:41:26.000Z Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration https://www.securityweek.com/data-leakage-vulnerability-patched-in-openssl/ ThreatAft en 2026-04-08T15:37:48.000Z Data Leakage Vulnerability Patched in OpenSSL https://www.reddit.com/r/cybersecurity/comments/1sfwc29/snowflake_customers_hit_in_data_theft_attacks/ ThreatAft en 2026-04-08T15:35:35.000Z Snowflake customers hit in data theft attacks after SaaS integrator breach https://www.reddit.com/r/netsec/comments/1sfwb2n/a_new_initiative_that_brings_together_amazon_web/ ThreatAft en 2026-04-08T15:34:35.000Z A new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software. https://www.darkreading.com/cybersecurity-operations/full-sail-university-ibm-cyber-defense-range-aws-cloud-range ThreatAft en 2026-04-08T14:43:49.000Z Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus https://www.reddit.com/r/cybersecurity/comments/1sfushf/quantum_cryptography_and_the_harvest_now_decrypt/ ThreatAft en 2026-04-08T14:40:12.000Z Quantum cryptography and the "harvest now, decrypt later" problem -- how seriously are organizations taking this? https://therecord.media/cia-director-elevated-agency-cyber-espionage-division ThreatAft en 2026-04-08T14:37:00.000Z CIA director quietly elevated agency’s cyber espionage division https://www.reddit.com/r/cybersecurity/comments/1sfuoib/hong_kong_police_can_now_demand_phone_passwords/ ThreatAft en 2026-04-08T14:36:04.000Z Hong Kong police can now demand phone passwords under new security rules | Hacker News https://www.malwarebytes.com/blog/inside-malwarebytes/2026/04/your-extensions-leak-clues-about-you-so-we-made-sure-browser-guard-doesnt ThreatAft en 2026-04-08T14:33:18.000Z Your extensions leak clues about you, so we made sure Browser Guard doesn’t https://www.securityweek.com/rce-bug-lurked-in-apache-activemq-classic-for-13-years/ ThreatAft en 2026-04-08T14:30:27.000Z RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years https://www.reddit.com/r/netsec/comments/1sfugo9/russian_gru_exploiting_vulnerable_routers_to/ ThreatAft en 2026-04-08T14:28:17.000Z Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information 07 April 2026 https://isc.sans.edu/diary/rss/32878 ThreatAft en 2026-04-08T14:23:28.000Z More Honeypot Fingerprinting Scans, (Wed, Apr 8th) https://www.darkreading.com/endpoint-security/niobium-introduces-the-fog ThreatAft en 2026-04-08T14:22:33.000Z Niobium Introduces The Fog https://www.darkreading.com/remote-workforce/pluralsight-launches-secureready-cybersecurity-teams ThreatAft en 2026-04-08T14:08:22.000Z Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams https://www.bleepingcomputer.com/news/security/is-a-30-000-gpu-good-at-password-cracking/ ThreatAft en 2026-04-08T14:00:10.000Z Is a $30,000 GPU Good at Password Cracking? https://www.reddit.com/r/cybersecurity/comments/1sftjw8/microsoft_blocks_accounts_wireguard_and_veracrypt/ ThreatAft en 2026-04-08T13:55:09.000Z Microsoft blocks accounts WireGuard and Veracrypt https://www.reddit.com/r/cybersecurity/comments/1sftf4l/atomic_stealer_amos_returns_clickfix_trojanized/ ThreatAft en 2026-04-08T13:50:07.000Z Atomic Stealer (AMOS) Returns: ClickFix, Trojanized Crypto Apps, and a New macOS Persistence Mechanism https://thehackernews.com/2026/04/apt28-deploys-prismex-malware-in.html ThreatAft en 2026-04-08T13:50:00.000Z APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies https://www.reddit.com/r/Malware/comments/1sftdmz/atomic_stealer_amos_macos_malware_decryption/ ThreatAft en 2026-04-08T13:48:30.000Z Atomic Stealer (AMOS) macOS Malware Decryption, Anti-VM, Hardware Wallet Trojanization & Persistent Backdoor https://www.darkreading.com/ics-ot-security/iranian-threat-actors-us-critical-infrastructure-exposed-plcs ThreatAft en 2026-04-08T13:46:29.000Z Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs https://www.reddit.com/r/cybersecurity/comments/1sft49c/russian_state_hackers_are_hijacking_tplink_and/ ThreatAft en 2026-04-08T13:38:19.000Z Russian state hackers are hijacking TP-Link and MicroTik routers to steal Outlook credentials, cybersecurity center warns — APT28 group targets DNS and redirects traffic to attacker-controlled servers https://www.securityweek.com/fbi-cybercrime-losses-neared-21-billion-in-2025/ ThreatAft en 2026-04-08T13:32:53.000Z FBI: Cybercrime Losses Neared $21 Billion in 2025 https://www.malwarebytes.com/blog/news/2026/04/russian-state-sponsored-hackers-hijack-home-and-small-office-routers-for-espionage ThreatAft en 2026-04-08T13:31:25.000Z Russian hacking group targets home and small office routers to spy on users https://www.reddit.com/r/cybersecurity/comments/1sfsv1q/what_does_the_job_entail/ ThreatAft en 2026-04-08T13:28:22.000Z What does the job entail? https://www.reddit.com/r/netsec/comments/1sfstn6/broken_by_default_i_formally_proved_that/ ThreatAft en 2026-04-08T13:26:43.000Z Broken by Default: I formally proved that LLM-generated C/C++ code is broken by default — 55.8% vulnerable, 97.8% invisible to existing tools https://www.reddit.com/r/netsec/comments/1sfsf08/why_i_think_mythos_is_gonna_be_game_changing/ ThreatAft en 2026-04-08T13:10:23.000Z Why i think Mythos is gonna be game changing after using Opus for a CTF https://www.reddit.com/r/cybersecurity/comments/1sfs0sm/i_built_a_free_tool_that_creates_a_realtime/ ThreatAft en 2026-04-08T12:54:36.000Z I built a free tool that creates a realtime deepfake of you in the browser https://www.reddit.com/r/cybersecurity/comments/1sfruzd/thousands_of_consumer_routers_hacked_by_russias/ ThreatAft en 2026-04-08T12:47:46.000Z Thousands of consumer routers hacked by Russia's military https://www.reddit.com/r/cybersecurity/comments/1sfrpb2/solving_the_shadow_ai_problem_in_the_codebases/ ThreatAft en 2026-04-08T12:40:58.000Z Solving the shadow AI problem in the codebases https://www.securityweek.com/massachusetts-hospital-diverts-ambulances-as-cyberattack-causes-disruption/ ThreatAft en 2026-04-08T12:31:39.000Z Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption https://www.helpnetsecurity.com/2026/04/08/social-engineering-open-source-developers/ ThreatAft en 2026-04-08T12:26:27.000Z Social engineering attacks on open source developers are escalating https://www.reddit.com/r/cybersecurity/comments/1sfr871/fbi_americans_lost_a_record_21_billion_to/ ThreatAft en 2026-04-08T12:20:17.000Z FBI: Americans lost a record 21 billion to cybercrime last year https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog ThreatAft en 2026-04-08T12:00:00.000Z CISA Adds One Known Exploited Vulnerability to Catalog https://www.securityweek.com/evasive-masjesu-ddos-botnet-targets-iot-devices/ ThreatAft en 2026-04-08T11:49:44.000Z Evasive Masjesu DDoS Botnet Targets IoT Devices https://www.reddit.com/r/cybersecurity/comments/1sfqbyt/contagious_interview_now_ships_malicious_packages/ ThreatAft en 2026-04-08T11:39:13.000Z Contagious Interview now ships malicious packages to npm, PyPI, Go, Rust, and PHP https://www.infosecurity-magazine.com/news/anthropic-launch-project-glasswing/ ThreatAft en 2026-04-08T11:30:00.000Z Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities https://thehackernews.com/2026/04/shrinking-iam-attack-surface-through.html ThreatAft en 2026-04-08T11:30:00.000Z Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) https://www.securityweek.com/hackers-targeting-critical-ninja-forms-bug-that-exposes-wordpress-sites-to-takeover/ ThreatAft en 2026-04-08T11:20:23.000Z Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover https://www.reddit.com/r/netsec/comments/1sfpmg9/reading_etcpasswd_via_translation_file_upload_in/ ThreatAft en 2026-04-08T11:03:55.000Z Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3) https://www.securityweek.com/us-disrupts-russian-espionage-operation-involving-hacked-routers-and-dns-hijacking/ ThreatAft en 2026-04-08T10:54:14.000Z US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking https://industrialcyber.co/cisa/ongoing-cyberattacks-targeting-internet-connected-plcs-disrupt-us-critical-infrastructure-agencies-warn/ ThreatAft en 2026-04-08T10:38:03.000Z Ongoing cyberattacks targeting internet-connected PLCs disrupt US critical infrastructure, agencies warn https://www.reddit.com/r/netsec/comments/1sfp46v/brandefense_q4_2025_ransomware_trends_report_2373/ ThreatAft en 2026-04-08T10:36:41.000Z Brandefense Q4 2025 Ransomware Trends Report — 2,373 incidents, 125 groups, CVE exploitation breakdown https://industrialcyber.co/reports/fbi-reports-cyber-threats-to-critical-infrastructure-intensify-as-us-cybercrime-losses-hit-21-billion-exposes-risk/ ThreatAft en 2026-04-08T10:33:59.000Z FBI reports cyber threats to critical infrastructure intensify as US cybercrime losses hit $21 billion, exposes risk https://www.malwarebytes.com/blog/scams/2026/04/timeshare-owners-warned-to-watch-out-for-cartel-linked-scams ThreatAft en 2026-04-08T10:25:08.000Z Timeshare owners warned to watch out for cartel-linked scams https://www.reddit.com/r/netsec/comments/1sfovzn/training_for_device_code_phishing/ ThreatAft en 2026-04-08T10:24:01.000Z Training for Device Code Phishing https://industrialcyber.co/reports/tosi-reports-us-enterprises-improve-ot-security-maturity-but-vendor-access-emerges-as-critical-weakness/ ThreatAft en 2026-04-08T10:17:09.000Z Tosi reports US enterprises improve OT security maturity, but vendor access emerges as critical weakness https://www.helpnetsecurity.com/2026/04/08/iran-targets-us-critical-infrastructure/ ThreatAft en 2026-04-08T10:14:04.000Z Iranian cyber activity hits US energy, water, and government networks https://www.reddit.com/r/cybersecurity/comments/1sfomic/axios_npm_attack_technical_breakdown/ ThreatAft en 2026-04-08T10:08:54.000Z Axios npm attack: technical breakdown https://industrialcyber.co/news/bitsight-names-john-clancy-as-ceo-to-steer-growth-in-ai-driven-cybersecurity-era/ ThreatAft en 2026-04-08T10:06:25.000Z Bitsight names John Clancy as CEO to steer growth in AI-driven cybersecurity era https://www.infosecurity-magazine.com/news/us-thwarts-dns-hijacking-network/ ThreatAft en 2026-04-08T10:03:00.000Z US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers https://www.helpnetsecurity.com/2026/04/08/chaos-malware-cloud-misconfigured-servers/ ThreatAft en 2026-04-08T09:34:07.000Z Chaos malware expands from routers to Linux cloud servers https://www.reddit.com/r/cybersecurity/comments/1sfnquv/bug_bounty_programs_about_to_get_expensiv/ ThreatAft en 2026-04-08T09:16:37.000Z Bug Bounty Programs About to Get Expensiv https://thehackernews.com/2026/04/anthropics-claude-mythos-finds.html ThreatAft en 2026-04-08T09:16:00.000Z Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems https://www.infosecurity-magazine.com/news/claude-apache-activemq-bug-hidden/ ThreatAft en 2026-04-08T09:15:00.000Z Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years https://www.reddit.com/r/cybersecurity/comments/1sfnltx/authorities_disrupt_router_dns_hijacks_used_to/ ThreatAft en 2026-04-08T09:08:09.000Z Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins https://www.helpnetsecurity.com/2026/04/08/flatpak-1-16-4-released-fixes-sandbox-escape/ ThreatAft en 2026-04-08T08:32:30.000Z Flatpak 1.16.4 fixes sandbox escape and three other security flaws https://www.helpnetsecurity.com/2026/04/08/secureframe-user-access-reviews/ ThreatAft en 2026-04-08T08:24:57.000Z Secureframe expands Comply with User Access Reviews for automated governance https://www.infosecurity-magazine.com/news/iranbacked-hackers-cni-ot-assets/ ThreatAft en 2026-04-08T08:15:00.000Z Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets https://thehackernews.com/2026/04/n-korean-hackers-spread-1700-malicious.html ThreatAft en 2026-04-08T07:47:00.000Z N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust https://www.reddit.com/r/netsec/comments/1sflk3t/spooler_alert_remote_unauthd_rcetoroot_chain_in/ ThreatAft en 2026-04-08T07:01:17.000Z Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-fix-for-broken-windows-start-menu-search/ ThreatAft en 2026-04-08T07:00:55.000Z Microsoft rolls out fix for broken Windows Start Menu search https://www.wired.com/story/men-are-buying-hacking-tools-to-use-against-their-wives-and-friends/ ThreatAft en 2026-04-08T07:00:00.000Z Men Are Buying Hacking Tools to Use Against Their Wives and Friends https://www.helpnetsecurity.com/2026/04/08/kumar-ravi-tmf-group-professional-services-cybersecurity-risk/ ThreatAft en 2026-04-08T05:30:45.000Z What managing partners should ask AI vendors before signing any contract https://www.reddit.com/r/cybersecurity/comments/1sfjl30/how_to_stay_ai_relevant_in_cyber_security/ ThreatAft en 2026-04-08T05:07:32.000Z How to stay AI relevant in cyber security? https://www.helpnetsecurity.com/2026/04/08/ai-6g-networks-design/ ThreatAft en 2026-04-08T05:00:50.000Z 6G network design puts AI at the center of spectrum, routing, and fault management https://www.reddit.com/r/Malware/comments/1sfjg9f/fairwords_npm_packages_compromised_by_a/ ThreatAft en 2026-04-08T05:00:27.000Z @fairwords npm packages compromised by a self-propagating credential worm - steals tokens, infects other packages you own, then crosses to PyPI https://www.helpnetsecurity.com/2026/04/08/openssl-3-6-2-security-patch/ ThreatAft en 2026-04-08T04:43:43.000Z OpenSSL 3.6.2 lands with eight CVE fixes https://www.reddit.com/r/cybersecurity/comments/1sfj1u9/cloudflare_targets_2029_for_full_postquantum/ ThreatAft en 2026-04-08T04:38:24.000Z Cloudflare targets 2029 for full post-quantum security https://www.helpnetsecurity.com/2026/04/08/large-botnets-campaigns-attack-activity/ ThreatAft en 2026-04-08T04:30:01.000Z Cybercriminals move deeper into networks, hiding in edge infrastructure https://www.reddit.com/r/cybersecurity/comments/1sfitgn/40_companies_were_given_access_to_claude_mythos/ ThreatAft en 2026-04-08T04:26:03.000Z 40 companies were given access to Claude Mythos to "secure both first-party and open-source systems" at a time when hackers/APTs have practically infiltrated most organizations https://www.helpnetsecurity.com/2026/04/08/anthropic-claude-mythos-preview-identify-vulnerabilities/ ThreatAft en 2026-04-08T04:23:35.000Z Anthropic’s new AI model finds and exploits zero-days across every major OS and browser https://www.reddit.com/r/cybersecurity/comments/1sfirnm/ai_is_writing_40plus_of_code_now_sounds/ ThreatAft en 2026-04-08T04:23:26.000Z “AI is writing 40%plus of code now” sounds impressive… until you look at the security side of it. https://thehackernews.com/2026/04/iran-linked-hackers-disrupt-us-critical.html ThreatAft en 2026-04-08T04:23:00.000Z Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs https://www.reddit.com/r/cybersecurity/comments/1sfii4a/best_free_password_manager_right_now/ ThreatAft en 2026-04-08T04:09:55.000Z Best free password manager right now? https://www.helpnetsecurity.com/2026/04/08/cybersecurity-jobs-available-right-now-april-8-2026/ ThreatAft en 2026-04-08T04:00:40.000Z Cybersecurity jobs available right now: April 8, 2026 https://www.reddit.com/r/netsec/comments/1sfhmaa/we_found_a_path_traversal_in_an_mcp_server_with/ ThreatAft en 2026-04-08T03:26:11.000Z We found a path traversal in an MCP server with 7,700 stars that lets AI agents read your SSH keys. Fix merged. https://www.securityweek.com/iran-linked-hackers-disrupt-us-critical-infrastructure-via-plc-attacks/ ThreatAft en 2026-04-08T02:57:56.000Z Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks https://www.reddit.com/r/cybersecurity/comments/1sfgiq6/how_often_do_you_use_bash_or_python/ ThreatAft en 2026-04-08T02:34:02.000Z How often do you use bash? Or python https://www.reddit.com/r/cybersecurity/comments/1sfg427/ai_agents_can_trigger_realworld_actions_why_dont/ ThreatAft en 2026-04-08T02:15:23.000Z AI agents can trigger real-world actions. Why don’t we have cryptographic proof of delegation yet? https://isc.sans.edu/diary/rss/32876 ThreatAft en 2026-04-08T02:00:02.000Z ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th) https://www.reddit.com/r/cybersecurity/comments/1sff2un/not_sure_where_to_go_from_here/ ThreatAft en 2026-04-08T01:29:14.000Z Not sure where to go from here https://www.reddit.com/r/netsec/comments/1sfeemo/strengthen_linux_security_cis_hardening_guide_2026/ ThreatAft en 2026-04-08T00:59:44.000Z Strengthen Linux Security: CIS Hardening Guide (2026) https://www.reddit.com/r/netsec/comments/1sfe68f/from_uart_to_root_vendor_shell_escape_on_a/ ThreatAft en 2026-04-08T00:49:31.000Z From UART to Root: Vendor Shell Escape on a Uniview IP Camera https://www.exploit-db.com/exploits/52500 ThreatAft en 2026-04-08T00:00:00.000Z [webapps] xibocms 3.3.4 - RCE https://www.exploit-db.com/exploits/52501 ThreatAft en 2026-04-08T00:00:00.000Z [local] 7-Zip 24.00 - Directory Traversal https://www.exploit-db.com/exploits/52502 ThreatAft en 2026-04-08T00:00:00.000Z [webapps] FortiWeb 8.0.2 - Remote Code Execution https://www.recordedfuture.com/research/understanding-and-anticipating-venezuelan-government-actions ThreatAft en 2026-04-08T00:00:00.000Z Understanding and Anticipating Venezuelan Government Actions https://www.exploit-db.com/exploits/52497 ThreatAft en 2026-04-08T00:00:00.000Z [webapps] Horilla v1.3 - RCE https://www.exploit-db.com/exploits/52498 ThreatAft en 2026-04-08T00:00:00.000Z [local] Microsoft MMC MSC EvilTwin - Local Admin Creation https://www.exploit-db.com/exploits/52499 ThreatAft en 2026-04-08T00:00:00.000Z [local] SQLite 3.50.1 - Heap Overflow https://cyberscoop.com/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade/ ThreatAft en 2026-04-07T23:46:53.000Z Feds quash widespread Russia-backed espionage network spanning 18,000 devices https://www.reddit.com/r/cybersecurity/comments/1sfacj9/ec_breach_via_trivy_supply_chain_attack_the_irony/ ThreatAft en 2026-04-07T22:08:21.000Z EC Breach via Trivy Supply Chain Attack: The irony https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/ ThreatAft en 2026-04-07T22:03:01.000Z Hackers exploit critical flaw in Ninja Forms WordPress plugin https://unit42.paloaltonetworks.com/bypass-of-aws-sandbox-network-isolation-mode/ ThreatAft en 2026-04-07T22:00:11.000Z Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox https://www.reddit.com/r/cybersecurity/comments/1sf85uo/how_to_exploit_ai_agents_using_prompt_injection/ ThreatAft en 2026-04-07T20:45:16.000Z How to exploit AI agents using prompt injection, tool hijacking, and memory poisoning based on the OWASP Agentic Top 10. https://www.bleepingcomputer.com/news/security/fbi-americans-lost-a-record-21-billion-to-cybercrime-last-year/ ThreatAft en 2026-04-07T20:41:52.000Z FBI: Americans lost a record $21 billion to cybercrime last year https://www.reddit.com/r/netsec/comments/1sf7sno/cve202634197_activemq_rce_via_jolokia_api/ ThreatAft en 2026-04-07T20:31:22.000Z CVE-2026-34197: ActiveMQ RCE via Jolokia API https://www.reddit.com/r/netsec/comments/1sf7q11/assessing_claude_mythos_previews_capabilities/ ThreatAft en 2026-04-07T20:28:44.000Z Assessing Claude Mythos Preview’s capabilities https://therecord.media/fbi-pentagon-warn-iran-hacking-groups-target-ot ThreatAft en 2026-04-07T20:26:00.000Z FBI, Pentagon warn of Iran hacking groups targeting operational technology https://www.darkreading.com/threat-intelligence/storm-1175-medusa-ransomware-high-velocity ThreatAft en 2026-04-07T20:15:07.000Z Storm-1175 Deploys Medusa Ransomware at 'High Velocity' https://www.wired.com/story/iran-linked-hackers-are-sabotaging-us-energy-and-water-infrastructure/ ThreatAft en 2026-04-07T20:13:51.000Z Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure https://www.darkreading.com/application-security/grafana-patches-ai-bug-leaked-user-data ThreatAft en 2026-04-07T19:52:26.000Z Grafana Patches AI Bug That Could Have Leaked User Data https://www.reddit.com/r/netsec/comments/1sf6qtt/where_ai_meets_server_assault/ ThreatAft en 2026-04-07T19:52:12.000Z Where AI meets server assault https://www.reddit.com/r/cybersecurity/comments/1sf6iup/beyond_burnt_out_unsure_where_to_turn/ ThreatAft en 2026-04-07T19:44:03.000Z Beyond burnt out, unsure where to turn. https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/ ThreatAft en 2026-04-07T19:39:18.000Z Snowflake customers hit in data theft attacks after SaaS integrator breach https://www.reddit.com/r/cybersecurity/comments/1sf66av/cyber_security_and_electrical_engineering/ ThreatAft en 2026-04-07T19:31:39.000Z Cyber security and electrical engineering? https://www.reddit.com/r/cybersecurity/comments/1sf5tvm/free_cti_fusion_playbook/ ThreatAft en 2026-04-07T19:18:55.000Z Free CTI Fusion Playbook https://www.reddit.com/r/cybersecurity/comments/1sf5fbb/mythos_has_been_launched/ ThreatAft en 2026-04-07T19:04:26.000Z Mythos has been launched! https://www.reddit.com/r/cybersecurity/comments/1sf5968/want_to_be_a_pentester_let_me_tell_you_how_actual/ ThreatAft en 2026-04-07T18:58:34.000Z Want to be a pentester? Let me tell you how! (Actual pentester) https://www.reddit.com/r/netsec/comments/1sf550g/the_race_to_ship_ai_tools_left_security_behind/ ThreatAft en 2026-04-07T18:54:28.000Z The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape https://www.helpnetsecurity.com/2026/04/07/online-crime-financial-losses-fbi-report/ ThreatAft en 2026-04-07T18:53:17.000Z Cybercrime losses break the $20 billion mark https://www.wired.com/story/anthropic-mythos-preview-project-glasswing/ ThreatAft en 2026-04-07T18:49:50.000Z Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything https://www.reddit.com/r/cybersecurity/comments/1sf4w9j/anthropic_announces_new_initiative_project/ ThreatAft en 2026-04-07T18:45:38.000Z Anthropic announces new initiative, Project Glasswing, with tech + security partners and Claude Mythos Preview model to secure critical software https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/ ThreatAft en 2026-04-07T18:39:56.000Z Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks https://www.reddit.com/r/cybersecurity/comments/1sf4p1c/german_authorities_identify_revil_and_gandcrab/ ThreatAft en 2026-04-07T18:38:22.000Z German authorities identify REvil and GandCrab ransomware bosses https://www.reddit.com/r/cybersecurity/comments/1sf4mzs/iranianaffiliated_cyber_actors_exploit/ ThreatAft en 2026-04-07T18:36:16.000Z Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure https://www.reddit.com/r/cybersecurity/comments/1sf4m5v/what_information_about_a_cve_do_you_pay_attention/ ThreatAft en 2026-04-07T18:35:28.000Z What information about a CVE do you pay attention to and why? https://isc.sans.edu/diary/rss/32874 ThreatAft en 2026-04-07T18:28:16.000Z A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th) https://www.reddit.com/r/cybersecurity/comments/1sf3qun/tech_giants_launch_aipowered_project_glasswing_to/ ThreatAft en 2026-04-07T18:05:06.000Z Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-targeting-critical-infrastructure/ ThreatAft en 2026-04-07T18:02:26.000Z US warns of Iranian hackers targeting critical infrastructure https://cyberscoop.com/project-glasswing-anthropic-ai-open-source-software-vulnerabilities/ ThreatAft en 2026-04-07T18:00:00.000Z Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities https://cyberscoop.com/iranian-hackers-cyberattacks-us-energy-water-infrastructure-plc-scada-warning/ ThreatAft en 2026-04-07T17:58:47.000Z Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn https://www.reddit.com/r/netsec/comments/1sf39zm/anthropic_opus_46_is_less_good_at_finding_vulns/ ThreatAft en 2026-04-07T17:48:55.000Z Anthropic Opus 4.6 is less good at finding vulns than you might think https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/ ThreatAft en 2026-04-07T17:02:44.000Z Russia Hacked Routers to Steal Microsoft Office Tokens https://www.bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/ ThreatAft en 2026-04-07T17:02:05.000Z Max severity Flowise RCE vulnerability now exploited in attacks https://thehackernews.com/2026/04/russian-state-linked-apt28-exploits.html ThreatAft en 2026-04-07T16:48:00.000Z Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign https://cyberscoop.com/fbi-internet-crime-complaint-center-annual-cybercrime-report/ ThreatAft en 2026-04-07T16:47:46.000Z Cybercrime losses jumped 26% to $20.9 billion in 2025 https://www.securityweek.com/the-new-rules-of-engagement-matching-agentic-attack-speed/ ThreatAft en 2026-04-07T16:40:52.000Z The New Rules of Engagement: Matching Agentic Attack Speed https://www.reddit.com/r/cybersecurity/comments/1sf16o3/sandbox_app_like_anyrun_but_not_anyrun/ ThreatAft en 2026-04-07T16:36:59.000Z sandbox app like "any.run" but not any.run? https://www.securityweek.com/trent-ai-emerges-from-stealth-with-13-million-in-funding/ ThreatAft en 2026-04-07T16:34:26.000Z Trent AI Emerges From Stealth With $13 Million in Funding https://therecord.media/national-security-vets-warn-section-702-authorization-delay ThreatAft en 2026-04-07T16:29:00.000Z National security veterans warn against delays in FISA 702 reauthorization https://www.helpnetsecurity.com/2026/04/07/russian-hackers-router-hijacking-dns-credential-theft/ ThreatAft en 2026-04-07T16:18:00.000Z Russian hackers hijack internet traffic using vulnerable routers https://www.reddit.com/r/cybersecurity/comments/1sf0mci/aspiring_grc_analyst/ ThreatAft en 2026-04-07T16:17:05.000Z Aspiring GRC analyst https://www.reddit.com/r/cybersecurity/comments/1sf04s0/i_built_a_recon_tool_that_turns_exposed_secrets/ ThreatAft en 2026-04-07T16:00:15.000Z I built a recon tool that turns exposed secrets into real attack paths https://therecord.media/massachusetts-hospital-turning-ambulances-away-cyberattack ThreatAft en 2026-04-07T15:52:00.000Z Massachusetts hospital turning ambulances away after cyberattack https://www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/ ThreatAft en 2026-04-07T15:51:22.000Z Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins https://www.reddit.com/r/netsec/comments/1sezrmc/javascript_runtime_instrumentation_via_chrome/ ThreatAft en 2026-04-07T15:47:25.000Z JavaScript runtime instrumentation via Chrome DevTools Protocol https://www.reddit.com/r/cybersecurity/comments/1sezqge/soc_practice/ ThreatAft en 2026-04-07T15:46:13.000Z Soc practice https://www.reddit.com/r/cybersecurity/comments/1sezhpr/your_agent_remembers_your_secrets_and_keys/ ThreatAft en 2026-04-07T15:37:25.000Z Your agent remembers your secrets and keys https://www.securityweek.com/critical-flowise-vulnerability-in-attacker-crosshairs/ ThreatAft en 2026-04-07T15:34:51.000Z Critical Flowise Vulnerability in Attacker Crosshairs https://industrialcyber.co/ransomware/storm-1175-exploits-web-facing-systems-to-drive-ransomware-attacks-across-healthcare-and-services-in-us-uk-australia/ ThreatAft en 2026-04-07T15:33:01.000Z Storm-1175 exploits web-facing systems to drive ransomware attacks across healthcare and services in US, UK, Australia https://industrialcyber.co/reports/malaysias-digital-growth-and-geopolitics-widen-cyber-attack-surface-raising-critical-infrastructure-risks/ ThreatAft en 2026-04-07T15:30:22.000Z Malaysia’s digital growth and geopolitics widen cyber attack surface, raising critical infrastructure risks https://www.reddit.com/r/cybersecurity/comments/1sezakj/soc_hand_on_project/ ThreatAft en 2026-04-07T15:30:18.000Z Soc hand on project https://www.infosecurity-magazine.com/news/russia-apt28-hijack-routers-uk-ncsc/ ThreatAft en 2026-04-07T15:30:00.000Z Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns https://industrialcyber.co/news/finite-state-appoints-ann-miller-to-scale-product-security-and-software-supply-chain-strategy/ ThreatAft en 2026-04-07T15:28:26.000Z Finite State appoints Ann Miller to scale product security and software supply chain strategy https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.html ThreatAft en 2026-04-07T15:15:00.000Z Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access https://www.infosecurity-magazine.com/news/gpu-based-rowhammer-attack/ ThreatAft en 2026-04-07T15:05:00.000Z GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise https://blog.qualys.com/qualys-insights/2026/04/07/qualys-cloud-security-forecast-2026-risk-trends-insights ThreatAft en 2026-04-07T15:00:00.000Z Signals from the Cloud Security Forecast 2026: Cloud Risk Is Scaling through Design, Not Disruption https://www.darkreading.com/cybersecurity-operations/rsac-2026-how-ai-is-reshaping-cybersecurity-faster-than-ever ThreatAft en 2026-04-07T14:57:16.000Z RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever https://www.reddit.com/r/cybersecurity/comments/1sexzs6/we_finally_built_a_vulnerability_prioritization/ ThreatAft en 2026-04-07T14:43:19.000Z We finally built a vulnerability prioritization system and now the real problems are showing up! https://www.darkreading.com/cybersecurity-operations/human-vs-ai-debates-shape-rsac-2026-cybersecurity-trends ThreatAft en 2026-04-07T14:36:44.000Z Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends https://www.darkreading.com/cyber-risk/lies-damned-lies-cybersecurity-metrics ThreatAft en 2026-04-07T14:26:02.000Z Lies, Damned Lies, and Cybersecurity Metrics https://www.securityweek.com/severe-strongbox-vulnerability-patched-in-android/ ThreatAft en 2026-04-07T14:23:51.000Z Severe StrongBox Vulnerability Patched in Android https://www.reddit.com/r/cybersecurity/comments/1sexcn2/how_do_you_work_with_downloads_from_untrusted/ ThreatAft en 2026-04-07T14:19:43.000Z How do you work with downloads from untrusted sources ? What are the safest practices to avoid malware and attacks? https://www.reddit.com/r/cybersecurity/comments/1sexaln/feature_updatespatch_mgmt/ ThreatAft en 2026-04-07T14:17:36.000Z Feature updates/patch mgmt https://www.reddit.com/r/cybersecurity/comments/1sewxk6/grafanaghost_bypasses_grafanas_ai_defenses/ ThreatAft en 2026-04-07T14:04:10.000Z ‘GrafanaGhost’ bypasses Grafana's AI defenses without leaving a trace https://www.bleepingcomputer.com/news/security/why-your-automated-pentesting-tool-just-hit-a-wall/ ThreatAft en 2026-04-07T14:01:11.000Z Why Your Automated Pentesting Tool Just Hit a Wall https://therecord.media/uk-exposes-russian-cyber-unit-hacking-home-routers ThreatAft en 2026-04-07T14:00:00.000Z UK exposes Russian cyber unit hacking home routers to hijack internet traffic https://www.infosecurity-magazine.com/news/grafanaghost-silent-data/ ThreatAft en 2026-04-07T14:00:00.000Z GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration https://www.microsoft.com/en-us/security/blog/2026/04/07/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks/ ThreatAft en 2026-04-07T14:00:00.000Z SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks https://www.securityweek.com/grafanaghost-attackers-can-abuse-grafana-to-leak-enterprise-data/ ThreatAft en 2026-04-07T13:58:45.000Z GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data https://cyberscoop.com/grafanaghost-grafana-prompt-injection-vulnerability-data-exfiltration/ ThreatAft en 2026-04-07T13:44:35.000Z ‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace https://www.reddit.com/r/cybersecurity/comments/1sewcwa/run_the_funnyappexe_and_youre_a_windows_admin_an/ ThreatAft en 2026-04-07T13:42:10.000Z Run the FunnyApp.exe, and you’re a Windows admin. An unknown individual just dropped a zero-day exploit for elevating privileges on Windows https://www.helpnetsecurity.com/2026/04/07/acronis-mdr-by-acronis-tru/ ThreatAft en 2026-04-07T13:37:53.000Z Acronis MDR by TRU brings 24/7 managed detection and response to MSPs https://www.securityweek.com/webinar-today-why-automated-pentesting-alone-is-not-enough/ ThreatAft en 2026-04-07T13:19:29.000Z Webinar Today: Why Automated Pentesting Alone Is Not Enough https://www.helpnetsecurity.com/2026/04/07/cloudflare-post-quantum-authentication/ ThreatAft en 2026-04-07T13:00:35.000Z Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day https://www.darkreading.com/cybersecurity-operations/focusing-people-cybersecurity-rsac2026 ThreatAft en 2026-04-07T13:00:00.000Z Focusing on the People in Cybersecurity at RSAC 2026 Conference https://www.reddit.com/r/cybersecurity/comments/1sev5qf/are_group_interviews_a_scam/ ThreatAft en 2026-04-07T12:54:35.000Z Are group interviews a scam? https://thehackernews.com/2026/04/over-1000-exposed-comfyui-instances.html ThreatAft en 2026-04-07T12:46:00.000Z Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign https://www.reddit.com/r/cybersecurity/comments/1seumfv/your_ai_agent_has_more_access_than_your_employees/ ThreatAft en 2026-04-07T12:31:41.000Z Your AI Agent Has More Access Than Your Employees https://thehackernews.com/2026/04/webinar-how-to-close-identity-gaps-in.html ThreatAft en 2026-04-07T12:17:00.000Z [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk https://therecord.media/cyberattack-hits-northern-ireland-schools ThreatAft en 2026-04-07T12:04:00.000Z Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands https://www.infosecurity-magazine.com/news/17bn-lost-to-cyber-fraud-warns-fbi/ ThreatAft en 2026-04-07T12:00:00.000Z Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI https://www.helpnetsecurity.com/2026/04/07/microsoft-device-code-phishing-campaign/ ThreatAft en 2026-04-07T11:57:49.000Z AI-enabled device code phishing campaign exploits OAuth flow for account takeover https://www.malwarebytes.com/blog/news/2026/04/traffic-violation-scams-swap-links-for-qr-codes-to-steal-your-card-details ThreatAft en 2026-04-07T11:57:37.000Z Traffic violation scams swap links for QR codes to steal your card details https://www.reddit.com/r/netsec/comments/1sett79/microsoft_speech_lateral_movement/ ThreatAft en 2026-04-07T11:55:29.000Z Microsoft Speech - Lateral Movement https://www.reddit.com/r/cybersecurity/comments/1setrdw/microsoft_speech_lateral_movement/ ThreatAft en 2026-04-07T11:53:04.000Z Microsoft Speech - Lateral Movement https://www.securityweek.com/gpubreach-root-shell-access-achieved-via-gpu-rowhammer-attack/ ThreatAft en 2026-04-07T11:31:38.000Z GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack https://thehackernews.com/2026/04/the-hidden-cost-of-recurring-credential.html ThreatAft en 2026-04-07T11:30:00.000Z The Hidden Cost of Recurring Credential Incidents https://www.reddit.com/r/cybersecurity/comments/1sesllm/flowise_ai_agent_builder_under_active_cvss_100/ ThreatAft en 2026-04-07T10:55:02.000Z Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed https://www.securityweek.com/medusa-ransomware-fast-to-exploit-vulnerabilities-breached-systems/ ThreatAft en 2026-04-07T10:52:33.000Z Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems https://www.malwarebytes.com/blog/data-breaches/2026/04/support-platform-breach-exposes-hims-hers-customer-data ThreatAft en 2026-04-07T10:45:50.000Z Support platform breach exposes Hims & Hers customer data https://www.reddit.com/r/cybersecurity/comments/1ses0p6/need_some_help_to_grow/ ThreatAft en 2026-04-07T10:23:00.000Z Need some help to grow https://industrialcyber.co/industrial-cyber-attacks/csis-flags-irans-shift-from-episodic-cyberattacks-to-sustained-campaign-against-critical-infrastructure/ ThreatAft en 2026-04-07T10:18:55.000Z CSIS flags Iran’s shift from episodic cyberattacks to sustained campaign against critical infrastructure https://industrialcyber.co/news/microchip-secures-iec-62443-4-1-ml2-certification-as-regulatory-pressure-mounts-on-device-security/ ThreatAft en 2026-04-07T10:13:03.000Z Microchip secures IEC 62443-4-1 ML2 certification as regulatory pressure mounts on device security https://www.infosecurity-magazine.com/news/storm1175-medusa-attacks/ ThreatAft en 2026-04-07T10:02:00.000Z Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks https://www.reddit.com/r/cybersecurity/comments/1serfuv/having_a_siem_does_not_mean_you_have_forensic/ ThreatAft en 2026-04-07T09:50:16.000Z Having a SIEM Does Not Mean You Have Forensic Readiness https://www.reddit.com/r/cybersecurity/comments/1serejf/pqaudit_scan_your_codebase_for_quantumvulnerable/ ThreatAft en 2026-04-07T09:48:06.000Z pqaudit - scan your codebase for quantum-vulnerable cryptography https://www.helpnetsecurity.com/2026/04/07/github-copilot-rubber-duck-cross-model-review/ ThreatAft en 2026-04-07T09:27:06.000Z GitHub Copilot CLI gets a second-opinion feature built on cross-model review https://www.infosecurity-magazine.com/news/fortinet-emergency-patch-ems-bug/ ThreatAft en 2026-04-07T09:26:00.000Z Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited https://www.securityweek.com/german-police-unmask-revil-ransomware-leader/ ThreatAft en 2026-04-07T09:24:40.000Z German Police Unmask REvil Ransomware Leader https://www.reddit.com/r/cybersecurity/comments/1seqwbz/i_built_an_autonomous_4agent_cve_redteam_loop/ ThreatAft en 2026-04-07T09:17:25.000Z I built an autonomous 4-agent CVE red-team loop that runs overnight on an Android phone — no cloud, no GPU, BLAKE3-verified logs https://www.welivesecurity.com/en/business-security/breakout-time-accelerates-prevention-first-cybersecurity-center-stage/ ThreatAft en 2026-04-07T09:00:00.000Z As breakout time accelerates, prevention-first cybersecurity takes center stage https://www.helpnetsecurity.com/2026/04/07/comp-ai-open-source-compliance-platform/ ThreatAft en 2026-04-07T08:45:44.000Z Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR https://www.helpnetsecurity.com/2026/04/07/openai-safety-fellowship-applications/ ThreatAft en 2026-04-07T08:39:52.000Z OpenAI opens applications for an external AI safety research fellowship https://thehackernews.com/2026/04/new-gpubreach-attack-enables-full-cpu.html ThreatAft en 2026-04-07T08:38:00.000Z New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips https://www.reddit.com/r/cybersecurity/comments/1seq5mg/chipsoft_website_is_offline/ ThreatAft en 2026-04-07T08:31:29.000Z Chipsoft website is offline https://www.securityweek.com/white-house-seeks-to-slash-cisa-funding-by-707-million/ ThreatAft en 2026-04-07T08:29:41.000Z White House Seeks to Slash CISA Funding by $707 Million https://www.reddit.com/r/netsec/comments/1sep4hy/detecting_cicd_supply_chain_attacks_with_canary/ ThreatAft en 2026-04-07T07:27:50.000Z Detecting CI/CD Supply Chain Attacks with Canary Credentials https://thehackernews.com/2026/04/china-linked-storm-1175-exploits-zero.html ThreatAft en 2026-04-07T06:35:00.000Z China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware https://www.securityweek.com/wynn-resorts-says-21000-employees-affected-by-shinyhunters-hack/ ThreatAft en 2026-04-07T06:05:54.000Z Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html ThreatAft en 2026-04-07T05:56:00.000Z Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed https://www.reddit.com/r/cybersecurity/comments/1senj1s/결제_도용fraud_시도로_인한_트래픽_폭주_및_인프라_가용성_보호_전략/ ThreatAft en 2026-04-07T05:54:45.000Z 결제 도용(Fraud) 시도로 인한 트래픽 폭주 및 인프라 가용성 보호 전략 https://www.reddit.com/r/Malware/comments/1semz63/another_cryptominer_undected_by_windows_defender/ ThreatAft en 2026-04-07T05:23:57.000Z Another cryptominer - undected by Windows Defender / ESET NOD32 and Malwarebytes https://www.reddit.com/r/cybersecurity/comments/1semk5r/prompt_injection_detection/ ThreatAft en 2026-04-07T05:01:36.000Z Prompt Injection Detection? https://www.helpnetsecurity.com/2026/04/07/alec-summers-mitre-cwe-vulnerability-mapping/ ThreatAft en 2026-04-07T05:00:51.000Z The case for fixing CWE weakness patterns instead of patching one bug at a time https://www.crowdstrike.com/en-us/blog/crowdstrike-founding-member-anthropic-mythos-frontier-model-to-secure-ai/ ThreatAft en 2026-04-07T05:00:00.000Z Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs https://www.helpnetsecurity.com/2026/04/07/mimecast-api-email-security-protection-video/ ThreatAft en 2026-04-07T04:30:18.000Z How Mimecast brings enterprise-grade email protection to API deployment https://www.reddit.com/r/cybersecurity/comments/1selt3a/metatron_ai_penetration_testing_assistant_open/ ThreatAft en 2026-04-07T04:22:28.000Z Metatron -AI PENETRATION TESTING ASSISTANT (open source) https://www.reddit.com/r/Malware/comments/1sellln/i_was_targeted_by_a_fake_job_interview_on/ ThreatAft en 2026-04-07T04:12:05.000Z I was targeted by a fake job interview on Wellfound. Instead of becoming a victim I reverse-engineered the malware. Here's the full analysis: 571 encrypted config values decrypted, C2 and Sentry DSN exposed, DPRK/Contagious Interview attribution. https://www.helpnetsecurity.com/2026/04/07/google-llm-content-moderation/ ThreatAft en 2026-04-07T04:00:57.000Z Google study finds LLMs are embedded at every stage of abuse detection https://www.reddit.com/r/cybersecurity/comments/1sejkxy/orewatch_opensource_malicious_package_scanner/ ThreatAft en 2026-04-07T02:37:34.000Z OreWatch – open-source malicious package scanner across 6 ecosystems, now with an MCP server so your AI coding agent stops installing malware. https://www.reddit.com/r/cybersecurity/comments/1sej7hc/deepzero_an_automated_agentic_vulnerability/ ThreatAft en 2026-04-07T02:20:41.000Z DeepZero: An automated, agentic vulnerability research pipeline for finding kernel zero-days https://www.reddit.com/r/netsec/comments/1sej48f/deepzero_an_automated_llmghidra_pipeline_for/ ThreatAft en 2026-04-07T02:16:40.000Z DeepZero: An automated LLM/Ghidra pipeline for finding BYOVD zero-days in Windows drivers https://isc.sans.edu/diary/rss/32872 ThreatAft en 2026-04-07T02:00:02.000Z ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th) https://www.reddit.com/r/cybersecurity/comments/1seimh0/schedule_reporting_use_cases_in_opencti/ ThreatAft en 2026-04-07T01:54:41.000Z Schedule reporting use cases in OpenCTI https://www.reddit.com/r/cybersecurity/comments/1seifit/recurring_failure_patterns_when_testing_llmbacked/ ThreatAft en 2026-04-07T01:46:08.000Z Recurring failure patterns when testing LLM-backed APIs from a security perspective https://www.reddit.com/r/cybersecurity/comments/1segtd7/discover_the_top_25_cybersecurity_companies_in/ ThreatAft en 2026-04-07T00:35:59.000Z Discover the top 25 cybersecurity companies in the U.S. that are leading the fight against cyber threats. https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/ ThreatAft en 2026-04-06T23:54:04.000Z German authorities identify REvil and GangCrab ransomware bosses https://www.reddit.com/r/cybersecurity/comments/1sefbus/this_video_demonstrates_a_reproducible_googleside/ ThreatAft en 2026-04-06T23:32:50.000Z This video demonstrates a reproducible Google‑side issue where the system restores data that the user has deleted. The behavior happens in real time. It is not a cache problem, not a UI refresh glitch, and not user error https://www.reddit.com/r/cybersecurity/comments/1seenqt/fbi_ic3_report_finding_sim_swap_attacks_surging/ ThreatAft en 2026-04-06T23:05:14.000Z FBI IC3 report- Finding: Sim swap attacks surging https://therecord.media/rostelecom-cyberattack-disrupts-russian-internet-access ThreatAft en 2026-04-06T23:00:00.000Z Cyberattack on telecom giant Rostelecom disrupts internet services across Russia https://www.reddit.com/r/cybersecurity/comments/1see9fk/hackathon/ ThreatAft en 2026-04-06T22:49:15.000Z Hack-a-Thon https://www.reddit.com/r/cybersecurity/comments/1sede4m/disgruntled_researcher_leaks_bluehammer_windows/ ThreatAft en 2026-04-06T22:14:42.000Z Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit https://unit42.paloaltonetworks.com/modern-kubernetes-threats/ ThreatAft en 2026-04-06T22:00:08.000Z Understanding Current Threats to Kubernetes Environments https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/ ThreatAft en 2026-04-06T21:44:15.000Z New GPUBreach attack enables system takeover via GPU rowhammer https://www.darkreading.com/application-security/ai-assisted-supply-chain-attack-targets-github ThreatAft en 2026-04-06T21:38:53.000Z AI-Assisted Supply Chain Attack Targets GitHub https://cyberscoop.com/fortinet-forticlient-ems-zero-day-cve-2026-35616-hotfix-known-exploited/ ThreatAft en 2026-04-06T21:12:01.000Z Fortinet customers confront actively exploited zero-day, with a full patch still pending