⚠️ ALERT - CPUID’s site was compromised for ~19 hours, serving trojanized CPU-Z and HWMonitor installers.

Attackers used DLL sideloading to pair legit apps with a malicious file, deploying STX RAT.

150+ victims reported before detection.

🔗 Read → https://thehackernews.com/2026/04/cpuid-breach-distributes-stx-rat-via.html

⚠️ WARNING - Are you using #ChatGPT, Codex, or OpenAI Atlas browser?

Update now... Older #macOS apps will stop working after May 8, 2026 due to a supply chain attack on a dependency used in OpenAI’s signing workflow. No user data was compromised, but certificates are revoked.

🔗Read → https://thehackernews.com/2026/04/openai-revokes-macos-app-certificate.html

🚨 APT37 used Facebook to run a targeted malware campaign.

Fake profiles built trust, moved chats to Telegram, then pushed a trojanized PDF app that installs RokRAT via a JPG payload, using compromised sites and Zoho WorkDrive for control.

🔗 Read → https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html

Claude Code leak is now a malware vector.

A 512K-line source leak was mirrored on GitHub, where fake repos pushed Vidar, PureLogs, and GhostSocks via trojanized releases.

🔗 How attackers weaponized the leak for malware spread → https://thehackernews.com/2026/04/threatsday-bulletin-hybrid-p2p-botnet.html#code-leak-weaponized-for-malware-spread

Monday is here, and your patch list just got a lot longer.

🔥 Adobe 0-Day
🤖 AI Exploits
⚡ Infra War
📡 Router Botnets
🇰🇵 Crypto Sting
👂 Fiber Spying
📁 Payroll Pirates
🕵️ Hack-for-Hire
🔐 Signal Leak

Skim this before your next meeting. Let’s get into it: https://thehackernews.com/2026/04/weekly-recap-fiber-optic-spying-windows.html

⚡ Email is still the top attack vector and $3 Billion in BEC losses (2024) proves it.

Modern attacks use AI-written messages, not malware. Traditional filters miss them. Security teams are layering behavioral AI and automation on top of Microsoft 365 to close the gap.

🔗 Learn why email security is shifting to layered defense → https://thehackernews.com/expert-insights/2026/04/why-security-leaders-are-layering-email.html

FBI and Indonesian police dismantled W3LL, a phishing platform behind $20M+ fraud attempts.

Used by 500+ actors, it sold tools to steal credentials, bypass MFA, and resell access to 25,000+ accounts.

🔗 Learn how a $500 kit scaled global phishing → https://thehackernews.com/2026/04/fbi-and-indonesian-police-dismantle.html

Anthropic restricted a model after it exploited zero-days autonomously.

Attackers now move in 29 minutes, or 22 seconds between steps. Detection is fast. But alerts still wait, and investigations take 20 to 40 minutes, longer than the attack itself.

🔗 Learn the real gap in modern security → https://thehackernews.com/2026/04/your-mttd-looks-great-your-post-alert.html

⚠️ CISA added 6 flaws to its KEV list after active exploitation.

A Fortinet bug (9.1) allows unauthenticated remote code execution, while an Exchange flaw is being used to deploy Medusa ransomware.

Federal agencies must patch by April 27.

🔗 Read → https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html

🚨 A ShowDoc flaw (CVSS 9.4) is now under active exploitation.

CVE-2025-0520 lets attackers upload web shells via unauthenticated file upload → full server control. First attacks seen via a U.S. honeypot; ~2,000 instances remain exposed, mostly in China.

🔗 Details → https://thehackernews.com/2026/04/showdoc-rce-flaw-cve-2025-0520-actively.html

🛑 108 Chrome extensions with 20,000 installs were tied to one backend stealing user data.

They captured Google accounts, hijacked Telegram sessions, and injected scripts into every page—while posing as games and utilities.

🔗Read → https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html

Android trojan Mirax is spreading via Meta ads, hitting 220K+ accounts with fake streaming apps.

It gives attackers full device control and turns phones into proxy nodes to mask fraud using real IPs.

🔗 How RAT + proxy is reshaping mobile attacks → https://thehackernews.com/2026/04/mirax-android-rat-turns-devices-into.html

MFA protects login. Not the session.

As Alicia Townsend explains, session cookies become the real credential after authentication. If stolen, attackers get access with no password, no MFA, no alerts.

🔗 How session hijacking bypasses MFA → https://thehackernews.com/expert-insights/2026/04/session-cookie-theft-you-showed-your-id.html

Effective DDoS testing requires more than generating traffic.

It requires:
🔶 Precise attack modeling
🔶 Deep understanding of mitigation layers
🔶 Controlled execution against production-like environments

Otherwise, you’re measuring system behavior—not resilience to real world attacks.

Here’s how the main DDoS testing approaches stack up in 2026: https://thn.news/ddos-automation-testing

Security alerts rose 52%, but critical risk jumped ~400%.

OX Security shows AI-driven development is scaling high-impact flaws faster than teams can fix them, while business context now outweighs CVSS in real risk.

🔗 Read → https://thehackernews.com/2026/04/analysis-of-216m-security-findings.html

🔥 Google put Rust in Pixel 10’s modem DNS parser, cutting off a major class of memory bugs.

DNS powers core cellular functions, and unsafe parsing has enabled exploits like buffer overflows. This move reduces attack surface at one of the most exposed layers.

🔗 Read → https://thehackernews.com/2026/04/google-adds-rust-based-dns-parser-into.html

2026 Gartner® Magic Quadrant™ for Third-Party Risk Management Tools for Assurance Leaders

As organizations grow increasingly reliant on third parties and their technologies, the range of associated risks expands as well. Third-party risk is a slippery slope, which is why it’s even more important to have a trusted solution that best supports your team.

✨ Optro has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Third-Party Risk Management for Assurance Leaders!

Download your complimentary copy for unbiased recommendations and in-depth analyses of TPRM software: https://thn.news/2026-tprm-magic-quadrant

⚡ U.K. moves to jail tech execs over failure to remove non-consensual intimate images.

New bill amendments also criminalize incest porn and adults roleplaying as children, expanding platform liability.

🔗 What the law changes for platforms and execs → https://thehackernews.com/2026/04/weekly-recap-fiber-optic-spying-windows.html#:~:text=U.K.%20Government%20Threatens%20Tech%20Execs%20with%20Jail%20Time

A new ad fraud campaign used AI-written news to enter Google Discover and trick users.

Pushpaganda drove 240M ad requests in a week by forcing notification opt-ins, then pushing scam alerts and redirecting to ad sites.

🔗 Read → https://thehackernews.com/2026/04/ai-driven-pushpaganda-scam-exploits.html

⚠️ ALERT - Composer disclosed two command injection flaws (CVE-2026-40176 and CVE-2026-40261) with up to CVSS 8.8 severity.

Malicious composer.json or crafted source refs can execute arbitrary commands—even without Perforce installed. Affects multiple 2.x versions; patches released and metadata disabled as a precaution.

🔗 Read → https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html