🛑 Chrome 0-day Warning!

Tracked as CVE-2026-5281, this WebGPU (Dawn) use-after-free bug allows code execution via a crafted page if the renderer is compromised.

It’s the 4th exploited Chrome browser zero-day in 2026.

🔗 Read → https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html

Cyberattacks are shifting away from malware.

84% now use built-in tools like PowerShell and WMIC to move inside systems without raising alarms. These actions look normal, making detection harder while excess access creates hidden risk.

🔗 Why attackers now use your own tools → https://thehackernews.com/2026/04/3-reasons-attackers-are-using-your.html

🚨 Microsoft identified a campaign using WhatsApp to deliver malicious VBS files.

The attack renames Windows tools, uses cloud payloads and installs AnyDesk to enable stealthy persistence and remote access while blending into normal activity.

🔗 Read → https://thehackernews.com/2026/04/microsoft-warns-of-whatsapp-delivered.html

🚫 Blocking #ChatGPT or DeepSeek doesn’t stop usage—it pushes it out of sight.

70% of users in one firm still used AI via browser extensions after a block, routing data externally without detection.

This is “theatrical security”: control on paper, blind in practice.

🔗 Why security is shifting to browser-level governance → https://thehackernews.com/2026/04/block-prompt-not-work-end-of-doctor-no.html

CERT-UA warned of a phishing campaign impersonating the agency to spread AGEWHEEZE malware.

The malware enables full system control, but confirmed infections were limited despite wide targeting.

🔗 Campaign details and malware capabilities → https://thehackernews.com/2026/04/cert-ua-impersonation-campaign-spread.html

🤔 Threat intelligence is great, but do you have proof that your defenses actually work against real threat actors?

Stop guessing. Start validating.

Join this practical session to learn how to leverage modern tooling to automate security testing and continuously improve your posture.

WATCH NOW ⬇️ https://thehacker.news/automate-testing-security-posture

🔥 Apple expanded iOS 18.7.7 security updates to more iPhones and iPads to fix DarkSword exploits.

The fixes were released in 2025, and now also protect devices that are not on iOS 26—so users can stay on iOS 18 & still get security updates.

🔗 Read → https://thehackernews.com/2026/04/apple-expands-ios-1877-update-to-more.html

🛑 WhatsApp alerted ~200 users targeted by a fake iOS app carrying #spyware, mostly in Italy.

The attack used social engineering to mimic #WhatsApp. Meta is acting against an Italian firm linked to the spyware.

🔗 Read details here → https://thehackernews.com/2026/04/whatsapp-alerts-200-users-after-fake.html

A critical Oracle WebLogic flaw (CVSS 10.0) saw exploitation almost immediately after public exploit code was released.

CloudSEK observed automated scanning targeting this and older flaws via VPS infrastructure in a spray-and-pray campaign.

🔗 Full attack patterns → https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html#:~:text=Exploitation%20Against%20Oracle%20WebLogic%20Servers

⚠️ Brazil-based attackers are targeting Spanish-speaking users with a multi-channel phishing campaign delivering Casbaneiro.

Court-themed PDFs trigger malware, then Horabot spreads it via phishing emails sent from victims’ Outlook accounts.

🔗 How email hijacking drives the spread → https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.html

⚡ AI is speeding up code—and risk.

145% more vulnerabilities and 3x more fixes in one quarter, as Python (72.1%) and PostgreSQL (+73%) surge with AI.

96% of risk sits outside core tools.

🔗 Where most security exposure actually lives → https://thehackernews.com/2026/04/the-state-of-trusted-open-source-report.html

🚨 From zero-days to mass infections — this week has it all...

⚠️ ShareFile pre-auth RCE
📱 Android rootkit at scale
🖼️ ImageMagick 0-days → RCE
🕵️ XLoader stealth upgrades
🎣 Mobile phishing surge
📦 Supply chain attacks ×14

📖 Read the full ThreatsDay Bulletin → https://thehackernews.com/2026/04/threatsday-bulletin-pre-auth-chains.html

⚠️ A cybercrime campaign since 2023 spreads malware via fake installers.

REF1695 delivers RATs, crypto miners, and CNB Bot via ISO files, tricks users to bypass Windows protections, and uses GitHub to host payloads.

🔗 Key tactics, payloads, and earnings → https://thehackernews.com/2026/04/researchers-uncover-mining-operation.html

🚨 Cisco fixed two critical flaws that allow full system takeover without login.

CVSS 9.8 vulnerabilities let attackers reset admin passwords (IMC) or run commands as root (SSM On-Prem) using crafted requests.

No workaround is available. Patching is required.

🔗 Read → https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html

⚠️ ALERT - A threat group exploited a Next.js flaw to compromise 766+ hosts and steal cloud credentials at scale.

Using automated scripts, attackers extracted AWS secrets, SSH keys, and API tokens, all managed through a central dashboard for reuse.

🔗 Read → https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html

Drift Protocol lost $285M after attackers took over governance, not by breaking code but by abusing approvals.

They used pre-signed transactions, social engineering, and a zero-timelock change to gain admin control, add a fake asset, and remove limits to drain funds.

🔗 How governance and multisig failures enabled the exploit → https://thehackernews.com/2026/04/drift-loses-285-million-in-durable.html

⚠️ WARNING - Attackers are weaponizing the Claude Code leak.

Fake GitHub repos now deploy Vidar Stealer and GhostSocks, using trojanized builds that look legitimate.

🔗 Read → https://thehackernews.com/2026/04/claude-code-tleaked-via-npm-packaging.html#fake-claude-code-repos-deploy-vidar-stealer-and-ghostsocks

⚡ It turns out Axios npm was compromised via a targeted UNC1069 social engineering attack.

Attackers used a fake Slack + Teams setup to install malware, steal npm credentials, and publish trojanized versions (1.14.1, 0.30.4).

🔗 Details here → https://thehackernews.com/2026/04/unc1069-social-engineering-of-axios.html

Apple is testing a safeguard against copy-paste attacks.

macOS 26.4 adds Terminal paste warnings, targeting scams that trick users into running malicious commands. Users can still override.

ClickFix-style attacks are now widely used.
🔗 Reads → https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html#:~:text=Apple%20Tests%20Ways%20to%20Block%20Malicious%20Copy%2DPastes%20in%20macOS

30% of breaches now involve third parties like vendors and SaaS.

The perimeter has shifted outward, and regulations now require continuous oversight. Cynomi shows TPRM is now a core security function, not just compliance.

🔗 Why TPRM is becoming central to security → https://thehackernews.com/2026/04/why-third-party-risk-is-biggest-gap-in.html

SparkCat malware has reappeared on Apple and Google app stores, hiding inside everyday apps.

It scans photos for crypto recovery phrases and sends them to attackers, using OCR to extract sensitive data from images.

🔗 Read → https://thehackernews.com/2026/04/new-sparkcat-variant-in-ios-android.html