⚠️ This cyberweapon existed before Stuxnet in 2005

Called "fast16," it sabotaged systems by quietly altering engineering calculations instead of destroying code.

🔗 Full report and findings → https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html

⚠️ WARNING - Fake CAPTCHA pages are now triggering up to 60 hidden SMS charges per victim.

Users are tricked into texting premium international numbers, quietly adding charges to their phone bills.

🔗 See how the scam runs → https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html

🚨 11,000+ fake government portals found.

A global scam called GovTrap is copying real public service sites to steal personal data and payments from citizens worldwide.

🔗 See how the operation works → https://thehackernews.com/expert-insights/2026/04/ctm360-exposes-global-govtrap-campaign.html

🚨 73 VS Code extensions flagged as malicious.

Researchers say some are sleeper packages that later update to steal data and install backdoors across developer tools.

🔗 Full details: https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html

⚠️ Hackers breached TrueConf servers across Russia.

PhantomCore chained 3 privately developed bugs to skip login, run commands, and move inside networks. Attacks started weeks after patches.

🔗 See how the attacks worked → https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html

🚨 AI finds bugs faster than teams fix them...

More tools = more alerts, but most never get fixed in time.

🔗 See what’s breaking → https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html

⚡ This week’s #cybersecurity recap is ugly in the usual way.

• Poisoned password manager CLI
• Fake Teams help desks
• Federal firewall backdoor
• Energy wiper
• Booby-trapped AI pages
• Fake Authenticator extensions
• and many more...

Read → https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html

⚡ Checkmarx data is on the dark web...

Company links it to a GitHub repo breach from its March supply chain attack. Scope still under review, no customer data confirmed.

🔗 See what’s known so far → https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html

⚙️ Your AI agents are only as smart as the context they operate on❗Most security teams are racing to deploy AI, autonomous workflows, self-healing environments, and agents that triage before a human even sees the alert. But underneath all of it? Context that's fragmented, stale, and contradictor

The technology is ready. The foundation isn't.

The team at Axonius is hosting a live webinar on Tuesday, May 26 at 12 PM ET to dig into exactly this.

🗓 AI is Only as Smart as Its Context: Building a Foundation for Trusted Automation. This webinar will cover:

• Why conflicting data causes AI agents to hallucinate, and how to fix it
• How to build multi-source consensus with verifiable provenance
• What decision-grade asset intelligence actually looks like in practice

If your team is serious about making AI-driven security actually work, this one is for you!

Register here: https://thn.news/trusted-automation

🚨 WARNING: Microsoft confirmed active exploitation of a Windows flaw → CVE-2026-32202.

The bug stems from an incomplete fix, allowing attackers to steal credentials via SMB authentication when a malicious file is opened.

🔗 Read details → https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html

😳 Entra ID Agent ID Administrator role flaw enabled service principal takeover.

Users could take over non-agent service principals, add credentials, and escalate privileges before Microsoft’s April 9, 2026 patch.

🔗 See how the attack worked → https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html

A user ran malware and no alerts fired...

As Ryan Boerner, Founder and CEO at Keep Aware, shows, the browser is now the real OS, but tools below it miss in-session actions where AI and scripts act as the user, breaking identity trust.

🔗 Learn how browser-based attacks bypass modern security stacks → https://thehackernews.com/expert-insights/2026/04/work-moved-into-browser-security-didnt.html

A Chinese national linked to Silk Typhoon has been extradited to the U.S. over alleged COVID-19 research cyberattacks.

Prosecutors say Xu Zewei exploited zero-days to breach vaccine research systems under direction of China’s MSS.

🔗 Details → https://thehackernews.com/2026/04/chinese-silk-typhoon-hacker-extradited.html

AI has erased the patch window.

Exploit discovery now takes minutes, not weeks—leaving organizations exposed before fixes exist. Security shifts from prevention to real-time containment.

🔗 How AI-driven exploits are forcing an assume-breach model → https://thehackernews.com/2026/04/after-mythos-new-playbooks-for-zero.html

⚠️ An unpatched critical flaw in Hugging Face’s LeRobot enables remote code execution (CVSS 9.3).

Untrusted pickle over unauthenticated gRPC (no TLS) lets attackers take over servers, steal keys and models, and impact connected robots.

🔗 Details → https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html

Security teams treat data as trusted once it crosses domains. That’s the ⚠️ flaw.

53% still rely on manual processes, even as attacks hit 137 times a week and 🤖 AI drives response speeds on both sides. The gap isn’t identity. It’s how data moves.

🔗 Why data movement is the weakest layer in Zero Trust → https://thehackernews.com/2026/04/why-secure-data-movement-is-zero-trust.html

🚨 9 days ago, a compromised OAuth token resulted in a breach at Vercel.

This is the reality facing security teams:

🥷 An infostealer hits a vendor in your SaaS ecosystem, the attacker works backwards from stolen access, and an old consent becomes the front door. 🚪

If you haven't made OAuth grant reviews a regular part of your on-going security program, you should.

Here's a step-by-step guide from Nudge Security to help you → https://thn.news/oauth-checklist

🛑 VECT 2.0 ransomware can’t restore what it destroys.

Files over 131 KB are permanently destroyed, not encrypted—because required nonces are discarded during execution.

No attacker can recover the data, even after payment.

🔗 Read → https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html

Google flags indirect prompt injection as a primary attack vector for AI agents.

Attackers embed hidden commands in websites and documents—seen by AI, not humans—redirecting execution away from user intent. Detections rose 32% in recent scans.

The risk sits in what models consume.

🔗 How web content is being weaponized against AI systems → https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html#:~:text=Turning%20the%20Web%20Into%20a%20Trap%20for%20LLMs

⚠️ A Brazilian cybercrime group is back, targeting Minecraft players with a fake mod.

LofyStealer runs directly in memory, stealing passwords, tokens, and banking data across major browsers after a single install.

🔗 Read more → https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html