🚨 CISA flags active exploitation of an Apache ActiveMQ flaw enabling remote code execution.

Attackers abuse the Jolokia API to run OS commands. Default creds—and in some versions no auth—make it easier to exploit.

🔗 Read → https://thehackernews.com/2026/04/apache-activemq-cve-2026-34197-added-to.html

⚠️ A global operation just disrupted DDoS-for-hire networks used by cybercriminals.

53 domains seized, 4 arrests in Operation PowerOFF across 21 countries. Authorities accessed 3M+ user accounts tied to these services.

🔗 Read → https://thehackernews.com/2026/04/operation-poweroff-seizes-53-ddos.html

🔥 NIST will now prioritize CVE analysis.

263% rise in vulnerabilities forced it to enrich only high-risk cases (KEV, federal, critical software). Others stay listed but without full analysis, marked “Not Scheduled.”

🔗 Read about it here → https://thehackernews.com/2026/04/nist-limits-cve-enrichment-after-263.html

Google updated Android 17 privacy rules while reporting 8.3B ads blocked and 24.9M accounts suspended in 2025.

Apps must now limit contact and location access or justify it. Separately, AI is stopping most malicious ads before users see them.

🔗 Read → https://thehackernews.com/2026/04/google-blocks-83b-policy-violating-ads.html

⚡ Researchers confirm exploitation of three Microsoft Defender flaws—one patched (CVE-2026-33825) , two unpatched.

Attackers escalate privileges and can block Defender updates.

🔗 Learn how these flaws are used in attacks → https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html

Attackers are exploiting CVE-2024-3721 in TBK DVRs to deploy Mirai variant Nexcorium.

It spreads via old exploits and default creds, persists on devices, and launches DDoS attacks. EoL TP-Link routers are also being targeted via known flaws.

🔗 Read → https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html

Sanctioned #cryptocurrency exchange Grinex is shutting down after a $13.74M hack.

Stolen funds were quickly moved and swapped to avoid freezing. The platform is linked to Garantex, flagged for laundering over $100M.

🔗 Read → https://thehackernews.com/2026/04/1374m-hack-shuts-down-sanctioned-grinex.html

The EU says its age verification app is ready for rollout.

Users can prove age with ID without sharing personal data. The system is anonymous, open source, and built to support child safety rules across platforms.

🔗 What the EU’s system actually does → https://thehackernews.com/2026/04/threatsday-bulletin-17-year-old-excel.html#anonymous-age-checks

🔥 Vercel disclosed a BREACH after an attacker used a compromised 3rd-party AI tool to take over an employee account.

Some internal systems, non-sensitive variables, and limited customer credentials were exposed. No evidence sensitive data was accessed.

🔗 Read → https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html

Researchers found OT malware targeting Israeli water systems.

ZionSiphon alters chlorine and pressure controls, scanning Modbus/DNP3/S7comm and spreading via USB. It activates only inside Israeli IP ranges + OT setups, but current code is unfinished.

🔗 Read → https://thehackernews.com/2026/04/researchers-detect-zionsiphon-malware.html

🛑 A design flaw in Anthropic’s MCP allows remote command execution on AI systems.

150M+ downloads affected as unsafe STDIO defaults expose 7,000+ services, including tools like LangChain and Flowise.

Anthropic calls the behavior “expected,” leaving the risk across the AI supply chain.

🔗 Read → https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html

AI tools look flawless in demos—but break in real operations.

Clean data and ideal prompts don’t exist in production. Messy inputs, latency, edge cases, and weak integrations quickly surface.

🔗 What breaks when AI leaves the demo → https://thehackernews.com/2026/04/why-most-ai-deployments-stall-after-demo.html

Stop using Spreadsheets & PDFs for Pentest Reporting.

Move from static files to live findings, automate remediation, and prove risk reduction.

🔗 See it in action → https://thn.news/plextrac-pentest

This week didn’t break anything. It bent everything:

⚡ Vercel hacked
🌐 DDoS busted
🤖 PowMix botnet
📢 Push fraud
📝 Obsidian RAT
⬇️ CPUID trojan
🧩 Chrome spyware
🧠 AI cyber
💰 Vect ransomware
💬 Teams trap
🗂️ CGrabber steal
📧 Mail breach
🔑 Access trade
🛠️ Adaptix C2
🧬 Adware backdoor
💉 SQL attacks
🖥️ VM stealth
🎭 Fake installer

🔗 Scroll through the full recap → https://thehackernews.com/2026/04/weekly-recap-vercel-hack-push-fraud.html

⚠️ SGLang has a critical flaw enabling remote code execution (CVSS 9.8) via malicious GGUF model files.

A crafted Jinja2 template runs when /v1/rerank is triggered, executing attacker code on the server.

🔗 How GGUF templates become an RCE path → https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html

⚠️ CISA added 8 actively exploited vulnerabilities to KEV across Cisco, Quest, PaperCut, TeamCity, Kentico, and Zimbra.

Includes 3 Cisco SD-WAN flaws and a Quest KACE bug (CVSS 10.0) enabling user impersonation.

Federal patch deadlines: April 23 (Cisco), May 4 (others).

🔗 Read → https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html

96% of security teams can’t confirm if risks are exploitable.

In this analysis, Jean-Philippe Salles of Filigran shows CTEM is failing at prioritization and validation, with 42% of SOC time wasted on low-value work.

The gap is poor use of threat intelligence.

🔗 Why CTEM breaks without intel-driven context → https://thehackernews.com/expert-insights/2026/04/why-threat-intelligence-is-missing-link.html

Google fixed an Antigravity IDE flaw that enabled arbitrary code execution via a search tool input.

Attackers could inject commands, bypass sandbox controls, and run scripts automatically. Similar prompt injection flaws are now seen across AI dev tools.

🔗 Read → https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html

🛑 Android malware is hijacking NFC payments via a real app.

Researchers found NGate abusing HandyPay to relay card data and steal PINs for ATM withdrawals. Spread via fake lottery sites and spoofed app pages, targeting Brazil since Nov 2025.

🔗 Read → https://thehackernews.com/2026/04/ngate-campaign-targets-brazil.html

99% of security leaders are confident in their ability to detect attacks. Yet nearly half of those who experienced one admit they detected it too late to prevent significant damage. 🤔

Something doesn't add up.

Halcyon recently surveyed 100 CISOs and senior security leaders on #ransomware, and their findings show the confidence-vs-reality gap is bigger than it should be:

⚠️ 98% use EDR; only 25% actually trust it to defend against today's threats
⚠️ #AI is giving attackers a 13:1 speed advantage over defenders
⚠️ 90% rate their security as sufficient - yet nearly half experienced moderate to significant disruption

The problem isn't experience or awareness. It's that most tools in use today weren't purpose-built for ransomware - and attackers know it.

The gap is real, it's measurable, and it's getting wider.

👉 Read the full report: https://thn.news/halcyon-survey-2026

Most breaches don’t start with exploits. Stolen credentials still dominate initial access.

Attackers log in, move laterally, and escalate fast—often reaching ransomware within hours. AI is accelerating this pattern, not changing it.

🔗 Why identity attacks still lead breaches → https://thehackernews.com/2026/04/no-exploit-needed-how-attackers-walk.html