Over 99% of Mythos-discovered vulnerabilities remain unpatched. The Glasswing report lands in July. The window between patch publication and AI-powered weaponization is collapsing.

Picus Security published 12 vendor-neutral recommendations for security teams preparing for what comes after.

Get your copy now: https://thn.news/post-mythos-actions

A 24-year-old linked to Scattered Spider pleaded guilty after stealing $8 million in digital assets from multiple companies.

The campaign used SMS phishing to capture employee credentials, then SIM swapping to take over accounts across telecom, tech, and crypto firms.

🔗 Read → https://thehackernews.com/2026/04/weekly-recap-vercel-hack-push-fraud.html#:~:text=British%20National%20Pleads%20Guilty%20to%20Scattered%20Spider%20Campaign

🚨 Researchers found 22 vulnerabilities in serial-to-IP converters, with ~20,000 devices exposed online.

Exploitation can enable device takeover and tampering with data between legacy systems and IP networks, impacting industrial operations.

🔗 Read → https://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html

🛑 A SystemBC-linked server exposed 1,570+ infected systems, mostly corporate.

An affiliate of The Gentlemen #ransomware used the proxy malware for covert access and staging—not all were confirmed ransomware victims.

🔗 Read → https://thehackernews.com/2026/04/systembc-c2-server-reveals-1570-victims.html

Many companies have backups but still can’t recover from ransomware.

As Acronis’ Subramani Rao explains, backups often fail before encryption as attackers disable, delete, or corrupt them after gaining access.

Recovery breaks down due to compromised systems and slow validation.

🔗 Why backup doesn’t equal recovery in real attacks → https://thehackernews.com/expert-insights/2026/04/why-your-backups-might-not-save-you.html

⚠️ A Python sandbox for untrusted code has a 9.3 flaw (CVE-2026-5752).

A Pyodide bug enables sandbox escape and root command execution. The project is unmaintained, so the issue remains UNPATCHED.

🔗 Learn more → https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html

⚡ Security teams track MTTR as a metric. Leadership sees every hour of dwell time as risk.

Delays rarely come from staffing—they come from disconnected threat intel, manual lookups, and tool switching that add up over time.

🔗 Learn why MTTR slows down inside most SOCs → https://thehackernews.com/2026/04/5-places-where-mature-socs-keep-mttr.html

🛑 China-linked APT targets India’s banks with updated malware.

LOTUSLITE v1.1 uses phishing, signed executables, and DLL sideloading to gain access—focused on espionage, not theft. Shift from U.S. govt targets to Indian financial systems.

🔗 Details → https://thehackernews.com/2026/04/mustang-pandas-new-lotuslite-variant.html

⚠️ Microsoft patched CVE-2026-40372 (CVSS 9.1) in ASP .NET Core enabling SYSTEM-level escalation.

A crypto flaw let attackers forge payloads and decrypt auth data in apps using vulnerable Data Protection on Linux/macOS.

🔗 Read → https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html

⚠️ Kaspersky found a new wiper targeting Venezuela’s energy sector.

Lotus Wiper fully destroys systems—no ransom, no recovery. It uses scripts to disable defenses, then wipes drives, deletes backups, and erases files using native Windows tools.

🔗 Details → https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html

Moltbook exposed 1.5M API tokens and 35,000 emails via an open database.

Agents also stored internal tokens and third-party credentials together in plaintext, creating cross-app access paths no one reviewed.

🔗 How “toxic combinations” form across SaaS → https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html

Join 15+ SANS Institute instructors in a panel-style webinar to gain practical tools, proven tactics, and real-world tradecraft you can apply immediately. Detect threats sooner and respond with precision.

15+ Cybersecurity Experts. 1 Can't-Miss Webinar. Register → https://thn.news/sans-2026-secure-fortress

🛑 A Linux backdoor is using Microsoft’s cloud to stay hidden.

Harvester’s GoGra uses Outlook mailboxes as C2, executing commands via email, returning results, then deleting traces to evade detection.

Targets likely include India and Afghanistan.

🔗 Read → https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html

🛑 Supply chain attacks are stacking across npm, PyPI, and GitHub.

CanisterSprawl worm steals npm tokens via postinstall scripts, republishes infected packages, and spreads across ecosystems.

Other campaigns add backdoored packages, LLM proxy abuse, and GitHub Actions exploits.

🔗 Read → https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html

⚠️ WARNING: Checkmarx KICS Docker repo breached—malicious images replaced trusted tags.

The modified images could encrypt and exfiltrate scan data, risking exposure of credentials in IaC files. Related VS Code extensions also ran unverified remote code.

🔗 Details → https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html

⚡ Apple fixed an iOS bug where deleted notifications stayed stored on devices.

The flaw let message data persist after apps like Signal were removed. It surfaced after forensic extraction. The patch now clears and prevents retention.

🔗 Details → https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html

🔥 Vercel found more compromised accounts, some predating the breach.

Attackers used malware → Google Workspace → Vercel access, then mapped systems and decrypted environment variables. OAuth trust enabled lateral movement.

🔗 Details here → https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html

⚠️ A China-aligned APT, GopherWhisper, targeted Mongolian government systems.

It uses Slack, Discord, Outlook, and file-io for control and data theft, deploying Go-based backdoors across at least 12 confirmed systems.

🔗 Details → https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html

Anthropic delayed its new AI after it proved too effective at finding and exploiting bugs.

It uncovered decades-old flaws and built working exploits—but under 1% were patched. The bottleneck is no longer discovery. It’s fixing at speed.

🔗 Learn how AI is overwhelming vulnerability patching → https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html

Move from AI ethics to AI execution. Here’s how to secure your AI deployment. Join Uncharted on May 5 for a technical deep dive.

Register here: https://thn.news/ai-summit-x

🔥 Internet’s on fire again...

💸 $290 million DeFi hack
⚠️ Live RCE exploits
📦 Rogue npm packages
🤖 AI prompt attacks
🕵️ App data grab
🔑 Passkey push
🧠 Backdoor claims
💀 Ransomware feud
🧩 Cryptor kits
📩 Blank phishing
⚙️ Binary hijack
🐀 RAT bundle
🍏 macOS abuse
📡 SIM farms
🇪🇺 EU sanctions
🪤 Bot farm bust
🎭 StealTok extensions
🌐 Joomla backdoor
🛒 Leak Bazaar
🌍 RDP scan spike
🧨 Perforce leak

🔗 Catch the full ThreatsDay Bulletin for this week → https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html