π Supply chain attacks are stacking across npm, PyPI, and GitHub.
CanisterSprawl worm steals npm tokens via postinstall scripts, republishes infected packages, and spreads across ecosystems.
Other campaigns add backdoored packages, LLM proxy abuse, and GitHub Actions exploits.
π Read β https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html
CanisterSprawl worm steals npm tokens via postinstall scripts, republishes infected packages, and spreads across ecosystems.
Other campaigns add backdoored packages, LLM proxy abuse, and GitHub Actions exploits.
π Read β https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html
π₯7π6π1
β οΈ WARNING: Checkmarx KICS Docker repo breachedβmalicious images replaced trusted tags.
The modified images could encrypt and exfiltrate scan data, risking exposure of credentials in IaC files. Related VS Code extensions also ran unverified remote code.
π Details β https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html
The modified images could encrypt and exfiltrate scan data, risking exposure of credentials in IaC files. Related VS Code extensions also ran unverified remote code.
π Details β https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html
π7π₯6π±5π1
β‘ Apple fixed an iOS bug where deleted notifications stayed stored on devices.
The flaw let message data persist after apps like Signal were removed. It surfaced after forensic extraction. The patch now clears and prevents retention.
π Details β https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html
The flaw let message data persist after apps like Signal were removed. It surfaced after forensic extraction. The patch now clears and prevents retention.
π Details β https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html
π15π₯9π5β‘3π1π€1
π₯ Vercel found more compromised accounts, some predating the breach.
Attackers used malware β Google Workspace β Vercel access, then mapped systems and decrypted environment variables. OAuth trust enabled lateral movement.
π Details here β https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html
Attackers used malware β Google Workspace β Vercel access, then mapped systems and decrypted environment variables. OAuth trust enabled lateral movement.
π Details here β https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html
β‘7π₯4π3
β οΈ A China-aligned APT, GopherWhisper, targeted Mongolian government systems.
It uses Slack, Discord, Outlook, and file-io for control and data theft, deploying Go-based backdoors across at least 12 confirmed systems.
π Details β https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html
It uses Slack, Discord, Outlook, and file-io for control and data theft, deploying Go-based backdoors across at least 12 confirmed systems.
π Details β https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html
β‘8π4π₯4
Anthropic delayed its new AI after it proved too effective at finding and exploiting bugs.
It uncovered decades-old flaws and built working exploitsβbut under 1% were patched. The bottleneck is no longer discovery. Itβs fixing at speed.
π Learn how AI is overwhelming vulnerability patching β https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html
It uncovered decades-old flaws and built working exploitsβbut under 1% were patched. The bottleneck is no longer discovery. Itβs fixing at speed.
π Learn how AI is overwhelming vulnerability patching β https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html
π₯13π5β‘4π€4
Move from AI ethics to AI execution. Hereβs how to secure your AI deployment. Join Uncharted on May 5 for a technical deep dive.
Register here: https://thn.news/ai-summit-x
Register here: https://thn.news/ai-summit-x
π₯7π2π2π1
π₯ Internetβs on fire again...
πΈ $290 million DeFi hack
β οΈ Live RCE exploits
π¦ Rogue npm packages
π€ AI prompt attacks
π΅οΈ App data grab
π Passkey push
π§ Backdoor claims
π Ransomware feud
π§© Cryptor kits
π© Blank phishing
βοΈ Binary hijack
π RAT bundle
π macOS abuse
π‘ SIM farms
πͺπΊ EU sanctions
πͺ€ Bot farm bust
π StealTok extensions
π Joomla backdoor
π Leak Bazaar
π RDP scan spike
𧨠Perforce leak
π Catch the full ThreatsDay Bulletin for this week β https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html
πΈ $290 million DeFi hack
β οΈ Live RCE exploits
π¦ Rogue npm packages
π€ AI prompt attacks
π΅οΈ App data grab
π Passkey push
π§ Backdoor claims
π Ransomware feud
π§© Cryptor kits
π© Blank phishing
βοΈ Binary hijack
π RAT bundle
π macOS abuse
π‘ SIM farms
πͺπΊ EU sanctions
πͺ€ Bot farm bust
π StealTok extensions
π Joomla backdoor
π Leak Bazaar
π RDP scan spike
𧨠Perforce leak
π Catch the full ThreatsDay Bulletin for this week β https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html
π₯15π4β‘1
π WARNING: Bitwarden CLI was compromised in a supply chain attack.
@bitwarden/cli@2026.4.0 included malicious code after attackers hijacked GitHub Actions, stole secrets, and pushed a tampered version to npm.
π Learn how the attack worked β https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html
@bitwarden/cli@2026.4.0 included malicious code after attackers hijacked GitHub Actions, stole secrets, and pushed a tampered version to npm.
π Learn how the attack worked β https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html
π±27π4π3β‘2π₯1
The math doesn't add up anymore.
AI finds vulnerabilities in β‘ milliseconds.
Manual patching takes β³ weeks.
Learn how to beat the bots at their own game.
ποΈ Featuring: Ofer Gayer (VP Product, Miggo Security)
π Webinar: Rethinking Prioritization
Secure your spot β https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html
AI finds vulnerabilities in β‘ milliseconds.
Manual patching takes β³ weeks.
Learn how to beat the bots at their own game.
ποΈ Featuring: Ofer Gayer (VP Product, Miggo Security)
π Webinar: Rethinking Prioritization
Secure your spot β https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html
π11
β οΈ Hackers are breaching companies through Microsoft Teams, posing as IT helpdesk staff.
They flood inboxes, then send a Teams message with a βfixβ link. One click installs malware, steals credentials, and gives full remote access.
π Learn more β https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html
They flood inboxes, then send a Teams message with a βfixβ link. One click installs malware, steals credentials, and gives full remote access.
π Learn more β https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html
π14π6π€―6π₯5π±4β‘1
β οΈ LMDeploy flaw exploited within 12.5 hours of disclosure.
The SSRF bug let attackers hit AWS metadata, Redis, and internal services via the image loader to scan networks and access data.
WordPress plugin bugs are also being used for full site takeovers.
π Read β https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html
The SSRF bug let attackers hit AWS metadata, Redis, and internal services via the image loader to scan networks and access data.
WordPress plugin bugs are also being used for full site takeovers.
π Read β https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html
π6π₯6
macOS attacks are now hiding in system features.
Payloads stored in Spotlight metadata let attackers run code without suspicious files, using native scripting and protocols to move and persist outside standard monitoring.
π Learn how macOS built-ins are being weaponized β https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html#macos-stealth-execution-abuse
Payloads stored in Spotlight metadata let attackers run code without suspicious files, using native scripting and protocols to move and persist outside standard monitoring.
π Learn how macOS built-ins are being weaponized β https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html#macos-stealth-execution-abuse
π₯5π5π2π€―2
π A fake PDF reader is being used to quietly take over systems.
Tropic Trooper spreads a trojanized app that runs AdaptixC2 via GitHub-based control, then uses Microsoft Visual Studio Code tunnels for access on high-value targets.
π Read β https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html
Tropic Trooper spreads a trojanized app that runs AdaptixC2 via GitHub-based control, then uses Microsoft Visual Studio Code tunnels for access on high-value targets.
π Read β https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html
π₯9π±5π2π€―2
π 26 fake wallet apps on Appleβs App Store stole recovery phrases and private keys.
They mimicked MetaMask and Coinbase, worked via China-region accounts, and used phishing, OCR, or injected code to capture seed phrases.
π Read β https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html
They mimicked MetaMask and Coinbase, worked via China-region accounts, and used phishing, OCR, or injected code to capture seed phrases.
π Read β https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html
π9π₯5π±5π3
This media is not supported in your browser
VIEW IN TELEGRAM
AI agents donβt create risk. They expose it.
The real problem is delegated authority. Most orgs still donβt see or control who is granting that power. If the source is broken, agents will scale the risk fast.
π Learn why AI security starts with fixing delegation β https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html
The real problem is delegated authority. Most orgs still donβt see or control who is granting that power. If the source is broken, agents will scale the risk fast.
π Learn why AI security starts with fixing delegation β https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html
π€6
β‘ NASA staff unknowingly shared defense tech with China.
A fake U.S. researcher spent years tricking agencies and universities into sending sensitive aerospace software used in weapons development.
π Learn what investigators found in the case β https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
A fake U.S. researcher spent years tricking agencies and universities into sending sensitive aerospace software used in weapons development.
π Learn what investigators found in the case β https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
π21π±9π₯7π€―7π1
π₯ A U.S. federal agency was hacked via Cisco firewall.
Attackers used ASA flaws to install FIRESTARTER, a backdoor that stays even after patches and normal reboots.
Fix requires full reimage or hard power cycle, not just updating software.
π Read β https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html
Attackers used ASA flaws to install FIRESTARTER, a backdoor that stays even after patches and normal reboots.
Fix requires full reimage or hard power cycle, not just updating software.
π Read β https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html
π±25π₯14π8β‘2
π¨ Four actively exploited flaws flagged.
CISA warns SimpleHelp, Samsung, and D-Link bugs are already used for ransomware and botnets, including admin takeovers and remote command execution.
π See what to patch or replace β https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html
CISA warns SimpleHelp, Samsung, and D-Link bugs are already used for ransomware and botnets, including admin takeovers and remote command execution.
π See what to patch or replace β https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html
π10π4β‘2π₯2
β οΈ This cyberweapon existed before Stuxnet in 2005
Called "fast16," it sabotaged systems by quietly altering engineering calculations instead of destroying code.
π Full report and findings β https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html
Called "fast16," it sabotaged systems by quietly altering engineering calculations instead of destroying code.
π Full report and findings β https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html
π₯16π3β‘1