🛑 WARNING: Bitwarden CLI was compromised in a supply chain attack.

@bitwarden/cli@2026.4.0 included malicious code after attackers hijacked GitHub Actions, stole secrets, and pushed a tampered version to npm.

🔗 Learn how the attack worked → https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html

The math doesn't add up anymore.
AI finds vulnerabilities in ⚡ milliseconds.
Manual patching takes ⏳ weeks.

Learn how to beat the bots at their own game.

🎙️ Featuring: Ofer Gayer (VP Product, Miggo Security)
📍 Webinar: Rethinking Prioritization

Secure your spot → https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html

⚠️ Hackers are breaching companies through Microsoft Teams, posing as IT helpdesk staff.

They flood inboxes, then send a Teams message with a “fix” link. One click installs malware, steals credentials, and gives full remote access.

🔗 Learn more → https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html

⚠️ LMDeploy flaw exploited within 12.5 hours of disclosure.

The SSRF bug let attackers hit AWS metadata, Redis, and internal services via the image loader to scan networks and access data.

WordPress plugin bugs are also being used for full site takeovers.

🔗 Read → https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

macOS attacks are now hiding in system features.

Payloads stored in Spotlight metadata let attackers run code without suspicious files, using native scripting and protocols to move and persist outside standard monitoring.

🔗 Learn how macOS built-ins are being weaponized → https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html#macos-stealth-execution-abuse

🛑 A fake PDF reader is being used to quietly take over systems.

Tropic Trooper spreads a trojanized app that runs AdaptixC2 via GitHub-based control, then uses Microsoft Visual Studio Code tunnels for access on high-value targets.

🔗 Read → https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html

🛑 26 fake wallet apps on Apple’s App Store stole recovery phrases and private keys.

They mimicked MetaMask and Coinbase, worked via China-region accounts, and used phishing, OCR, or injected code to capture seed phrases.

🔗 Read → https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html

AI agents don’t create risk. They expose it.

The real problem is delegated authority. Most orgs still don’t see or control who is granting that power. If the source is broken, agents will scale the risk fast.

🔗 Learn why AI security starts with fixing delegation → https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html

⚡ NASA staff unknowingly shared defense tech with China.

A fake U.S. researcher spent years tricking agencies and universities into sending sensitive aerospace software used in weapons development.

🔗 Learn what investigators found in the case → https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html

🔥 A U.S. federal agency was hacked via Cisco firewall.

Attackers used ASA flaws to install FIRESTARTER, a backdoor that stays even after patches and normal reboots.

Fix requires full reimage or hard power cycle, not just updating software.

🔗 Read → https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html

🚨 Four actively exploited flaws flagged.

CISA warns SimpleHelp, Samsung, and D-Link bugs are already used for ransomware and botnets, including admin takeovers and remote command execution.

🔗 See what to patch or replace → https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html

⚠️ This cyberweapon existed before Stuxnet in 2005

Called "fast16," it sabotaged systems by quietly altering engineering calculations instead of destroying code.

🔗 Full report and findings → https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html

⚠️ WARNING - Fake CAPTCHA pages are now triggering up to 60 hidden SMS charges per victim.

Users are tricked into texting premium international numbers, quietly adding charges to their phone bills.

🔗 See how the scam runs → https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html

🚨 11,000+ fake government portals found.

A global scam called GovTrap is copying real public service sites to steal personal data and payments from citizens worldwide.

🔗 See how the operation works → https://thehackernews.com/expert-insights/2026/04/ctm360-exposes-global-govtrap-campaign.html

🚨 73 VS Code extensions flagged as malicious.

Researchers say some are sleeper packages that later update to steal data and install backdoors across developer tools.

🔗 Full details: https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html

⚠️ Hackers breached TrueConf servers across Russia.

PhantomCore chained 3 privately developed bugs to skip login, run commands, and move inside networks. Attacks started weeks after patches.

🔗 See how the attacks worked → https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html

🚨 AI finds bugs faster than teams fix them...

More tools = more alerts, but most never get fixed in time.

🔗 See what’s breaking → https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html

⚡ This week’s #cybersecurity recap is ugly in the usual way.

• Poisoned password manager CLI
• Fake Teams help desks
• Federal firewall backdoor
• Energy wiper
• Booby-trapped AI pages
• Fake Authenticator extensions
• and many more...

Read → https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html

⚡ Checkmarx data is on the dark web...

Company links it to a GitHub repo breach from its March supply chain attack. Scope still under review, no customer data confirmed.

🔗 See what’s known so far → https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html

⚙️ Your AI agents are only as smart as the context they operate on❗Most security teams are racing to deploy AI, autonomous workflows, self-healing environments, and agents that triage before a human even sees the alert. But underneath all of it? Context that's fragmented, stale, and contradictor

The technology is ready. The foundation isn't.

The team at Axonius is hosting a live webinar on Tuesday, May 26 at 12 PM ET to dig into exactly this.

🗓 AI is Only as Smart as Its Context: Building a Foundation for Trusted Automation. This webinar will cover:

• Why conflicting data causes AI agents to hallucinate, and how to fix it
• How to build multi-source consensus with verifiable provenance
• What decision-grade asset intelligence actually looks like in practice

If your team is serious about making AI-driven security actually work, this one is for you!

Register here: https://thn.news/trusted-automation