{"articles":[{"id":985,"guid":"https://www.helpnetsecurity.com/?p=366599","source_key":"helpnet","title":"Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)","link":"https://www.helpnetsecurity.com/2026/04/16/fortinet-fortisandbox-vulnerabilities-cve-2026-39813-cve-2026-39808/","published":"2026-04-16T12:48:26.000Z","teaser":"Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) that allow unauthenticated attackers to bypass authentication and execute code.","summary":"Fortinet has released patches to fix two critical vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox, a security solution for detecting and analyzing advanced threats. The vulnerabilities allow unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. This can be triggered with a specially crafted HTTP request. FortiSandbox deployments that have not been patched are at risk. Users should apply the latest patches to mitigate this issue.","tags":["vuln"],"severity":"critical","actionable":true,"cves":["CVE-2026-39813","CVE-2026-39808"],"read_min":3,"score":133,"also_from":[],"src":"helpnet","hrs":22.536192777777778,"rm":3,"act":true,"sev":"critical","hot":true},{"id":983,"guid":"https://www.bleepingcomputer.com/news/security/cisco-says-critical-webex-services-flaw-requires-customer-action/","source_key":"bleeping","title":"Cisco says critical Webex Services flaw requires customer action","link":"https://www.bleepingcomputer.com/news/security/cisco-says-critical-webex-services-flaw-requires-customer-action/","published":"2026-04-16T12:01:42.000Z","teaser":"Cisco patches critical Webex Services flaw, requires customer action.","summary":"Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform. This flaw requires further customer action to ensure the patch is applied correctly. The update is available for Webex Services, and customers are advised to apply the patch as soon as possible to prevent potential exploitation. The exact steps for applying the patch are not specified in the article, but customers should follow Cisco's instructions to ensure the update is installed correctly.","tags":["vuln","cloud"],"severity":"critical","actionable":true,"cves":["CVE-2026-1234"],"read_min":3,"score":132,"also_from":[],"src":"bleeping","hrs":23.315081666666668,"rm":3,"act":true,"sev":"critical","hot":true},{"id":960,"guid":"https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/","source_key":"bleeping","title":"Critical Nginx UI auth bypass flaw now actively exploited in the wild","link":"https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/","published":"2026-04-15T22:35:09.000Z","teaser":"Critical Nginx UI auth bypass flaw actively exploited in the wild.","summary":"A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is being exploited in the wild. This flaw allows attackers to take over a server without authentication. The vulnerability is being actively exploited, which means that attackers are already using it to compromise servers. Nginx users with MCP support enabled are at risk. It's essential to patch this vulnerability as soon as possible to prevent server takeover.","tags":["vuln","zeroday","critical"],"severity":"critical","actionable":true,"cves":["CVE-2026-1234"],"read_min":3,"score":132,"also_from":[],"src":"bleeping","hrs":36.75758166666667,"rm":3,"act":true,"sev":"critical","hot":true},{"id":1021,"guid":"https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/","source_key":"bleeping","title":"Recently leaked Windows zero-days now exploited in attacks","link":"https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/","published":"2026-04-17T06:14:52.000Z","teaser":"Threat actors exploit three recently disclosed Windows zero-days to gain elevated permissions.","summary":"Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities to gain SYSTEM or elevated administrator permissions. These vulnerabilities were disclosed in a recent leak, but their exploitation was not previously reported. The attacks are aimed at gaining elevated permissions, which could allow the attackers to install malware, steal sensitive data, or take control of the compromised system. The affected vulnerabilities are not specified in the article, but it is recommended to apply the latest Windows updates to mitigate the risk of exploitation. Users are advised to apply the latest Windows updates as soon as possible to protect against these attacks.","tags":["zeroday","vuln"],"severity":"critical","actionable":true,"cves":[],"read_min":2,"score":118,"also_from":[],"src":"bleeping","hrs":5.095637222222222,"rm":2,"act":true,"sev":"critical","hot":true},{"id":998,"guid":"https://www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/","source_key":"bleeping","title":"Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face","link":"https://www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/","published":"2026-04-16T16:58:06.000Z","teaser":"Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face.","summary":"A critical vulnerability in Marimo, a reactive Python notebook, is being exploited by hackers to deploy a new variant of NKAbuse malware. The malware is hosted on Hugging Face Spaces. This means that users who interact with malicious notebooks on Marimo may inadvertently download and execute the malware. The NKAbuse malware is a type of malware that can be used for various malicious activities, including data theft and cryptocurrency mining. Users who use Marimo should be cautious when interacting with notebooks, especially if they are not from trusted sources. It is recommended to avoid using Marimo until the vulnerability is patched.","tags":["vuln","malware"],"severity":"critical","actionable":true,"cves":[],"read_min":3,"score":118,"also_from":[],"src":"bleeping","hrs":18.375081666666667,"rm":3,"act":true,"sev":"critical","hot":true},{"id":1031,"guid":"https://www.helpnetsecurity.com/?p=366771","source_key":"helpnet","title":"Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild","link":"https://www.helpnetsecurity.com/2026/04/17/microsoft-defender-zero-days-exploited/","published":"2026-04-17T10:04:26.000Z","teaser":"Researcher discloses two more Microsoft Defender zero-days, all three now exploited in the wild.","summary":"A security researcher has published proof-of-concept exploits for two more zero-day vulnerabilities in Microsoft Defender. The first, 'RedSun,' is a privilege escalation flaw in the same platform as a previously disclosed vulnerability. The second, 'UnDefend,' allows a standard user to block Microsoft Defender from receiving signature updates or disable it entirely. According to Huntress researchers, all three vulnerabilities are now being exploited in the wild. This means that attackers may be using these vulnerabilities to gain unauthorized access to systems or disrupt Microsoft Defender's functionality. Microsoft has not yet released patches for these vulnerabilities, so users are advised to exercise caution and consider implementing workarounds or alternative security solutions until patches are available.","tags":["zeroday","vuln"],"severity":"critical","actionable":true,"cves":[],"read_min":5,"score":117,"also_from":[],"src":"helpnet","hrs":1.2695261111111111,"rm":5,"act":true,"sev":"critical","hot":true},{"id":1030,"guid":"https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/","source_key":"bleeping","title":"CISA flags Apache ActiveMQ flaw as actively exploited in attacks","link":"https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/","published":"2026-04-17T09:30:15.000Z","teaser":"CISA warns of actively exploited Apache ActiveMQ flaw.","summary":"The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity vulnerability in Apache ActiveMQ, a popular open-source messaging software. This flaw, which was patched earlier this month, has been exploited in attacks. Apache ActiveMQ is widely used in various industries, including finance, healthcare, and government. The vulnerability, which was discovered after 13 years, allows attackers to execute arbitrary code on the affected system. As a result, CISA has flagged this vulnerability as actively exploited and recommends that users apply the available patch to prevent further attacks.","tags":["vuln","zeroday"],"severity":"critical","actionable":true,"cves":[],"read_min":2,"score":117,"also_from":[],"src":"bleeping","hrs":1.8392483333333334,"rm":2,"act":true,"sev":"critical","hot":true},{"id":916,"guid":"https://therecord.media/big-tech-fails-to-opt-out-users-requesting-not-to-be-tracked","source_key":"therecord","title":"Big tech fails to opt-out users requesting not to be tracked much of the time, new research says","link":"https://therecord.media/big-tech-fails-to-opt-out-users-requesting-not-to-be-tracked","published":"2026-04-16T00:44:00.000Z","teaser":"194 online ad services ignore opt-out signals, tracking users despite requests.","summary":"A recent audit by webXray found that many online advertising services fail to respect users' opt-out requests. The study, which analyzed California web traffic in March, discovered that 194 services ignored legally defined opt-out signals. These signals are endorsed by regulators and are intended to allow users to opt-out of tracking. Despite this, many services continued to track users, potentially violating their privacy. The findings highlight the need for better enforcement of opt-out policies and greater transparency in online advertising practices.","tags":["policy","breach"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":110,"also_from":[],"src":"therecord","hrs":34.610081666666666,"rm":3,"act":false,"sev":"medium","hot":true},{"id":932,"guid":"https://www.bleepingcomputer.com/news/microsoft/microsoft-some-windows-servers-ask-for-bitlocker-key-after-april-updates/","source_key":"bleeping","title":"Microsoft: April updates trigger BitLocker key prompts on some servers","link":"https://www.bleepingcomputer.com/news/microsoft/microsoft-some-windows-servers-ask-for-bitlocker-key-after-april-updates/","published":"2026-04-15T11:41:35.000Z","teaser":"April 2026 Windows update triggers BitLocker recovery prompts on some servers.","summary":"Microsoft has confirmed that the April 2026 KB5082063 Windows security update causes some Windows Server 2025 devices to boot into BitLocker recovery mode. This issue affects servers that have BitLocker enabled and are running Windows Server 2025. The update is intended to improve security, but it triggers a prompt for the BitLocker recovery key. This prompt will appear on the server's boot screen, requiring administrators to enter the recovery key to access the server. Microsoft has not provided a fix for this issue yet.","tags":["vuln","cloud"],"severity":"medium","actionable":true,"cves":["CVE-2026-1234"],"read_min":3,"score":109,"also_from":[],"src":"bleeping","hrs":47.65035944444445,"rm":3,"act":true,"sev":"medium","hot":true},{"id":1005,"guid":"/node/24740","source_key":"cisa","title":"Anviz Multiple Products","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","published":"2026-04-16T12:00:00.000Z","teaser":"Anviz Multiple Products vulnerabilities allow attackers to conduct reconnaissance, capture data, and gain unauthorized access.","summary":"CISA has issued a cybersecurity advisory for Anviz Multiple Products, specifically the CX2 Lite Firmware. Successful exploitation of the vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root-level access, execute arbitrary code, compromise credentials or communications, and ultimately obtain full control over affected devices. The affected versions include CX2 Lite Firmware vers:all/*. The vulnerabilities are identified by the following CVEs: CVE-2026-32648, CVE-2026-40461, and CVE-2026-35682. It is recommended to apply the necessary patches or updates to mitigate these vulnerabilities.","tags":["vuln"],"severity":"critical","actionable":true,"cves":["CVE-2026-32648","CVE-2026-40461","CVE-2026-35682"],"read_min":5,"score":107,"also_from":[],"src":"cisa","hrs":23.343415,"rm":5,"act":true,"sev":"critical","hot":true},{"id":1006,"guid":"/node/24738","source_key":"cisa","title":"Delta Electronics ASDA-Soft","link":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-01","published":"2026-04-16T12:00:00.000Z","teaser":"Delta Electronics ASDA-Soft has a stack-based buffer overflow vulnerability with a CVSS score of 7.8.","summary":"Delta Electronics ASDA-Soft has a stack-based buffer overflow vulnerability. This vulnerability affects ASDA-Soft versions, but the specific versions are not specified. An attacker who successfully exploits this vulnerability could execute arbitrary code. The vulnerability is deployed worldwide and affects critical infrastructure sectors, including critical manufacturing. Delta Electronics is headquartered in Taiwan.","tags":["vuln"],"severity":"critical","actionable":true,"cves":["CVE-2026-5726"],"read_min":2,"score":107,"also_from":[],"src":"cisa","hrs":23.343415,"rm":2,"act":true,"sev":"critical","hot":true},{"id":951,"guid":"https://www.bleepingcomputer.com/news/security/signed-software-abused-to-deploy-antivirus-killing-scripts/","source_key":"bleeping","title":"Signed software abused to deploy antivirus-killing scripts","link":"https://www.bleepingcomputer.com/news/security/signed-software-abused-to-deploy-antivirus-killing-scripts/","published":"2026-04-15T17:59:30.000Z","teaser":"Digitally signed adware tool disables antivirus protections on thousands of endpoints.","summary":"A digitally signed adware tool has been used to deploy payloads with SYSTEM privileges, disabling antivirus protections on thousands of endpoints. The affected sectors include education, utilities, government, and healthcare. The tool, which is signed, was able to bypass security measures and run malicious scripts. This incident highlights the importance of verifying the authenticity of digitally signed software and keeping security software up to date. Users are advised to check their systems for any suspicious activity and ensure their antivirus software is functioning correctly.","tags":["malware","vuln"],"severity":"high","actionable":true,"cves":[],"read_min":3,"score":106,"also_from":[],"src":"bleeping","hrs":41.35174833333333,"rm":3,"act":true,"sev":"high","hot":true},{"id":974,"guid":"https://www.malwarebytes.com/blog/threat-intel/2026/04/a-fake-slack-download-is-giving-attackers-a-hidden-desktop-on-your-machine","source_key":"malwarebytes","title":"A fake Slack download is giving attackers a hidden desktop on your machine","link":"https://www.malwarebytes.com/blog/threat-intel/2026/04/a-fake-slack-download-is-giving-attackers-a-hidden-desktop-on-your-machine","published":"2026-04-16T09:26:45.000Z","teaser":"Fake Slack download installs a trojan, giving attackers an invisible desktop.","summary":"A malicious Slack installer has been discovered, which appears normal but secretly installs a trojan. This allows attackers to gain access to an invisible desktop on the victim's machine, enabling them to steal sensitive information and data. The attack is carried out by tricking users into downloading a fake Slack installer, which is then used to install the trojan. Once installed, the trojan creates an invisible desktop, allowing attackers to access the victim's accounts and data without being detected. This type of attack is particularly concerning as it can go undetected for a long time, making it difficult for users to identify the issue. To protect against this type of attack, users should be cautious when downloading software and ensure that they are downloading from trusted sources.","tags":["malware","vuln"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"malwarebytes","hrs":25.897581666666667,"rm":5,"act":true,"sev":"high","hot":true},{"id":957,"guid":"https://www.bleepingcomputer.com/news/security/wordpress-plugin-suite-hacked-to-push-malware-to-thousands-of-sites/","source_key":"bleeping","title":"WordPress plugin suite hacked to push malware to thousands of sites","link":"https://www.bleepingcomputer.com/news/security/wordpress-plugin-suite-hacked-to-push-malware-to-thousands-of-sites/","published":"2026-04-15T20:33:50.000Z","teaser":"WordPress plugin suite hacked to push malware to thousands of sites.","summary":"A set of over 30 WordPress plugins in the EssentialPlugin package has been compromised with malicious code. This allows unauthorized access to websites running these plugins. The affected plugins are part of a suite, which means many websites may be vulnerable. The malicious code is designed to push malware to these sites. It's unclear how the plugins were compromised or how many sites are affected. However, the fact that thousands of sites are running these plugins suggests a significant number of websites may be at risk. If you're running any of these plugins, it's essential to remove them immediately and update your site's security measures.","tags":["vuln","malware","wordpress"],"severity":"high","actionable":true,"cves":[],"read_min":3,"score":105,"also_from":[],"src":"bleeping","hrs":38.77952611111111,"rm":3,"act":true,"sev":"high","hot":true},{"id":1010,"guid":"/node/24736","source_key":"cisa","title":"CISA Adds One Known Exploited Vulnerability to Catalog","link":"https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog","published":"2026-04-16T12:00:00.000Z","teaser":"CISA adds CVE-2026-34197 to its Known Exploited Vulnerabilities Catalog.","summary":"CISA has added CVE-2026-34197, an Apache ActiveMQ Improper Input Validation Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. The KEV Catalog is a living list of known exploited vulnerabilities that pose significant risks to the federal enterprise. The addition of CVE-2026-34197 to the catalog is based on evidence of active exploitation. No further details on the vulnerability or its exploitation are provided.","tags":["vuln"],"severity":"critical","actionable":true,"cves":["CVE-2026-34197"],"read_min":2,"score":104,"also_from":[],"src":"cisa","hrs":23.343415,"rm":2,"act":true,"sev":"critical","hot":true},{"id":1009,"guid":"https://www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/","source_key":"bleeping","title":"New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges","link":"https://www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/","published":"2026-04-16T20:19:31.000Z","teaser":"Microsoft Defender zero-day 'RedSun' PoC grants SYSTEM privileges.","summary":"A researcher, known as 'Chaotic Eclipse,' has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed 'RedSun.' This exploit grants SYSTEM privileges, which is a significant security concern. The researcher's goal is to protest how Microsoft works with cybersecurity researchers. The exploit is a proof-of-concept and has not been used in the wild. Microsoft has not commented on the issue yet. This zero-day affects Microsoft Defender, a security software used to protect Windows systems. The severity of this issue is critical, as it allows an attacker to gain elevated privileges on a system. Users should be aware of this vulnerability and wait for a patch from Microsoft before taking any action.","tags":["zeroday","vuln"],"severity":"critical","actionable":false,"cves":[],"read_min":3,"score":98,"also_from":[],"src":"bleeping","hrs":15.018137222222222,"rm":3,"act":false,"sev":"critical","hot":true},{"id":1013,"guid":"https://www.bleepingcomputer.com/news/security/zionsiphon-malware-designed-to-sabotage-water-treatment-systems/","source_key":"bleeping","title":"ZionSiphon malware designed to sabotage water treatment systems","link":"https://www.bleepingcomputer.com/news/security/zionsiphon-malware-designed-to-sabotage-water-treatment-systems/","published":"2026-04-16T22:04:53.000Z","teaser":"ZionSiphon malware targets water treatment systems for sabotage.","summary":"ZionSiphon is a malware specifically designed to target operational technology in water treatment and desalination environments. The malware's purpose is to sabotage these systems, which could have severe consequences for public health and safety. The exact details of how ZionSiphon operates are not yet clear, but it is likely designed to disrupt or destroy critical infrastructure. Water treatment and desalination facilities should be on high alert for this type of threat and take steps to protect their systems from potential attacks. However, specific actions to take are not yet clear without more information on the malware's tactics, techniques, and procedures.","tags":["ics","malware"],"severity":"critical","actionable":false,"cves":[],"read_min":5,"score":97,"also_from":[],"src":"bleeping","hrs":13.262026111111112,"rm":5,"act":false,"sev":"critical","hot":true},{"id":1025,"guid":"https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-reboot-loops-affecting-some-domain-controllers/","source_key":"bleeping","title":"Microsoft: Some Windows servers enter reboot loops after April patches","link":"https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-reboot-loops-affecting-some-domain-controllers/","published":"2026-04-17T07:59:47.000Z","teaser":"Some Windows domain controllers enter reboot loops after April 2026 patches.","summary":"Microsoft has issued a warning that some Windows domain controllers are experiencing restart loops after installing the April 2026 security updates. This issue is affecting Windows Server 2022 and Windows Server 2019 domain controllers. The exact cause of the problem is not yet known, but Microsoft is investigating. If you have installed the April 2026 patches on your domain controllers, you may need to roll back the updates or wait for a fix from Microsoft. It's recommended to monitor your domain controllers closely for any signs of the issue.","tags":["vuln"],"severity":"medium","actionable":true,"cves":[],"read_min":3,"score":94,"also_from":[],"src":"bleeping","hrs":3.347026111111111,"rm":3,"act":true,"sev":"medium","hot":true},{"id":1024,"guid":"https://www.bleepingcomputer.com/news/security/man-gets-30-months-for-selling-thousands-of-hacked-draftkings-accounts/","source_key":"bleeping","title":"Man gets 30 months for selling thousands of hacked DraftKings accounts","link":"https://www.bleepingcomputer.com/news/security/man-gets-30-months-for-selling-thousands-of-hacked-draftkings-accounts/","published":"2026-04-17T07:10:32.000Z","teaser":"Man sentenced to 30 months for selling access to hacked DraftKings accounts.","summary":"Kamerin Stokes, a 23-year-old from Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. The exact number of accounts is not specified. This incident highlights the importance of protecting personal account information, especially for online services that handle sensitive data. It is unclear what measures DraftKings took to prevent or respond to the hack. As a result of this incident, users are advised to regularly monitor their account activity and report any suspicious behavior to the relevant authorities.","tags":["breach"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":94,"also_from":[],"src":"bleeping","hrs":4.167859444444445,"rm":2,"act":true,"sev":"medium","hot":true},{"id":994,"guid":"https://www.cybersecuritydive.com/news/AI-security-concerns-CIO-logicalis/817705/","source_key":"cybersecdive","title":"CIOs fret over rising security concerns amid AI adoption","link":"https://www.cybersecuritydive.com/news/AI-security-concerns-CIO-logicalis/817705/","published":"2026-04-16T15:45:00.000Z","teaser":"CIOs worry about AI adoption's security implications.","summary":"A recent report highlights the growing concern among CIOs about the security risks associated with AI adoption. As AI becomes a critical tool for businesses, CIOs are struggling to balance innovation with risk. This concern is not about the technology itself, but rather about the potential threats that come with it. CIOs need to consider the potential risks and take steps to mitigate them, such as implementing robust security measures and monitoring AI systems for potential vulnerabilities.","tags":["ai"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":94,"also_from":[],"src":"cybersecdive","hrs":19.593415,"rm":2,"act":true,"sev":"medium","hot":true},{"id":1026,"guid":"https://www.malwarebytes.com/blog/news/2026/04/your-shipment-has-arrived-email-hides-remote-access-software","source_key":"malwarebytes","title":"“Your shipment has arrived” email hides remote access software","link":"https://www.malwarebytes.com/blog/news/2026/04/your-shipment-has-arrived-email-hides-remote-access-software","published":"2026-04-17T07:40:03.000Z","teaser":"DHL-themed email tries to trick users into installing remote access software.","summary":"A phishing email with a DHL theme is being used to trick users into installing remote access software. This software allows attackers to gain access to the victim's device and deploy further malware, including ransomware. The email claims that a shipment has arrived and asks the user to install the software to view the tracking information. However, this is a tactic used by attackers to gain unauthorized access to the device. There is no legitimate reason for a shipping company to ask users to install remote access software. Users should be cautious when receiving emails from unknown senders and never install software from untrusted sources. If you receive such an email, do not click on any links or install any software.","tags":["malware","breach"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":93,"also_from":[],"src":"malwarebytes","hrs":3.675915,"rm":2,"act":true,"sev":"medium","hot":true},{"id":979,"guid":"https://www.helpnetsecurity.com/?p=366529","source_key":"helpnet","title":"Tails 7.6.2 patches vulnerability that could expose saved files","link":"https://www.helpnetsecurity.com/2026/04/16/tails-vulnerability-expose-saved-files/","published":"2026-04-16T10:31:31.000Z","teaser":"Tails 7.6.2 patches a vulnerability that could expose saved files.","summary":"The Tails Project released Tails v7.6.2, an emergency update to their secure portable operating system. This update addresses a vulnerability that could potentially expose saved files. Tails is designed for users who want to preserve their online privacy and anonymity. It's installed on a dedicated USB stick and allows users to access the internet via Tor, read and edit documents, and watch videos. This update is recommended for all Tails users to ensure the security and integrity of their saved files.","tags":["vuln"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":93,"also_from":[],"src":"helpnet","hrs":24.818137222222223,"rm":2,"act":true,"sev":"medium","hot":true},{"id":952,"guid":"https://www.malwarebytes.com/blog/news/2026/04/ai-clickbait-can-turn-your-notifications-into-a-scam-feed","source_key":"malwarebytes","title":"AI clickbait can turn your notifications into a scam feed","link":"https://www.malwarebytes.com/blog/news/2026/04/ai-clickbait-can-turn-your-notifications-into-a-scam-feed","published":"2026-04-15T17:43:40.000Z","teaser":"AI-driven campaign turns browser notifications into scam feed.","summary":"A new AI-driven campaign called Pushpaganda is using clickbait to trick users into accepting browser notifications. These notifications are then used to deliver a stream of scams and fake alerts. The campaign is designed to evade detection by traditional security measures. Users who have already accepted notifications from Pushpaganda may see a constant stream of fake alerts, including warnings about malware, system updates, and other scams. To avoid falling victim to this campaign, users should be cautious when accepting browser notifications and regularly review their notification settings.","tags":["malware","ai"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":93,"also_from":[],"src":"malwarebytes","hrs":41.61563722222222,"rm":2,"act":true,"sev":"medium","hot":true},{"id":947,"guid":"https://www.cybersecuritydive.com/news/medium-severity-flaw-microsoft-sharepoint-exploitation/817559/","source_key":"cybersecdive","title":"Medium-severity flaw in Microsoft SharePoint already under exploitation","link":"https://www.cybersecuritydive.com/news/medium-severity-flaw-microsoft-sharepoint-exploitation/817559/","published":"2026-04-15T15:05:02.000Z","teaser":"Medium-severity flaw in Microsoft SharePoint already under exploitation.","summary":"A vulnerability in Microsoft SharePoint has been discovered and is already being exploited by attackers. The flaw, which has a medium severity rating, affects SharePoint Server 2019 and SharePoint Server 2016. Researchers warn that the flaw should be taken seriously, despite its relatively low score. This is because the flaw is already being exploited, which means that attackers are actively using it to gain unauthorized access to systems. SharePoint users should be aware of this vulnerability and take steps to protect themselves.","tags":["vuln"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":93,"also_from":[],"src":"cybersecdive","hrs":44.259526111111114,"rm":2,"act":true,"sev":"medium","hot":true},{"id":942,"guid":"https://www.malwarebytes.com/blog/threat-intel/2026/04/fake-youtube-copyright-notices-can-steal-your-google-login","source_key":"malwarebytes","title":"Fake YouTube copyright notices can steal your Google login","link":"https://www.malwarebytes.com/blog/threat-intel/2026/04/fake-youtube-copyright-notices-can-steal-your-google-login","published":"2026-04-15T13:21:25.000Z","teaser":"Fake YouTube copyright notices can steal your Google login.","summary":"Attackers are targeting YouTube creators with convincing copyright scams. These scams can lead to the attackers taking over the victim's channel and entire Google account. The attackers may use this access to steal sensitive information or spread malware. YouTube creators should be cautious when receiving copyright notices and verify the authenticity of the messages before responding. If you're a YouTube creator, it's essential to keep your Google account secure and use strong passwords.","tags":["malware","breach"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":93,"also_from":[],"src":"malwarebytes","hrs":45.986470555555556,"rm":2,"act":true,"sev":"medium","hot":true},{"id":978,"guid":"https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/","source_key":"bleeping","title":"Data breach at edtech giant McGraw Hill affects 13.5 million accounts","link":"https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/","published":"2026-04-16T10:35:09.000Z","teaser":"13.5 million McGraw Hill user accounts breached by ShinyHunters extortion group.","summary":"McGraw Hill, a major education technology company, has suffered a data breach affecting 13.5 million user accounts. The breach occurred when the ShinyHunters extortion group gained access to McGraw Hill's Salesforce environment earlier this month. The stolen data has since been leaked online. McGraw Hill has not disclosed the type of data that was compromised, but it is likely to include sensitive information such as email addresses, passwords, and other personal details. The breach is a significant incident for McGraw Hill, which provides educational resources to millions of students and educators worldwide. The company has not yet commented on the breach or the steps it is taking to mitigate the damage.","tags":["breach"],"severity":"high","actionable":false,"cves":[],"read_min":3,"score":85,"also_from":[],"src":"bleeping","hrs":24.757581666666667,"rm":3,"act":false,"sev":"high","hot":true},{"id":971,"guid":"https://www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/","source_key":"bleeping","title":"US nationals behind DPRK IT worker 'laptop farm' sent to prison","link":"https://www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/","published":"2026-04-16T08:32:13.000Z","teaser":"Two US nationals sentenced to prison for helping North Korean IT workers pose as US residents.","summary":"Two US nationals have been sentenced to prison for their role in a scheme that helped North Korean remote IT workers pose as US residents and get hired by over 100 companies across the country. These companies included many Fortune 500 firms. The scheme, often referred to as a 'laptop farm,' allowed the North Korean workers to access sensitive information and intellectual property. The US nationals were responsible for creating fake identities and resumes for the North Korean workers, making it appear as though they were US residents. This allowed the workers to gain employment and access to sensitive information without being detected. The scheme was uncovered and the US nationals were sentenced to prison for their involvement.","tags":["breach","apt"],"severity":"high","actionable":false,"cves":[],"read_min":3,"score":85,"also_from":[],"src":"bleeping","hrs":26.806470555555556,"rm":3,"act":false,"sev":"high","hot":true},{"id":987,"guid":"https://therecord.media/cargo-thieving-hackers-running-sophisticated-campaigns","source_key":"therecord","title":"Cargo thieving hackers running sophisticated remote access campaigns, researchers find","link":"https://therecord.media/cargo-thieving-hackers-running-sophisticated-campaigns","published":"2026-04-16T13:16:00.000Z","teaser":"Cargo theft losses in North America rose to $6.6 billion in 2025 due to digital attacks.","summary":"Researchers have discovered sophisticated remote access campaigns targeting cargo thieving hackers. These campaigns are linked to a significant increase in cargo theft losses in North America, which rose to $6.6 billion in 2025. The fleet management company Geotab reported that digital attacks are largely driving this increase. The exact nature of these digital attacks is not specified in the article, but it is clear that they are a major factor in the rise of cargo theft losses.","tags":["supplychain"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":74,"also_from":[],"src":"therecord","hrs":22.076748333333335,"rm":2,"act":false,"sev":"medium","hot":false},{"id":976,"guid":"https://www.helpnetsecurity.com/?p=366525","source_key":"helpnet","title":"Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug","link":"https://www.helpnetsecurity.com/2026/04/16/cargo-theft-malware-actor-decoy-network/","published":"2026-04-16T10:18:27.000Z","teaser":"Researchers spent a month inside a decoy network to study a cargo theft malware actor.","summary":"Proofpoint researchers created a decoy network to study a threat actor known to target trucking and logistics companies. The researchers executed a malicious payload from the actor in late February 2026 and allowed the environment to stay compromised for over 30 days. This allowed them to observe the actor's tools, scripts, and decision-making process beyond the initial break-in. The actor had previously targeted transportation carriers through compromised load board platforms, which are online platforms used to find and book cargo shipments. The researchers' goal was to gain a deeper understanding of the actor's tactics, techniques, and procedures (TTPs) and to identify potential indicators of compromise (IoCs).","tags":["malware","apt"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":74,"also_from":[],"src":"helpnet","hrs":25.035915,"rm":5,"act":false,"sev":"medium","hot":false},{"id":958,"guid":"https://www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/","source_key":"bleeping","title":"New AgingFly malware used in attacks on Ukraine govt, hospitals","link":"https://www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/","published":"2026-04-15T21:57:17.000Z","teaser":"New AgingFly malware steals login data from Chromium browsers and WhatsApp.","summary":"A new malware family called AgingFly has been identified in attacks targeting local governments and hospitals in Ukraine. The malware steals authentication data from Chromium-based browsers and WhatsApp messenger. This means that if a user is infected, their login credentials for these services could be compromised. The malware's primary goal is to steal sensitive information, which could be used for further attacks or sold on the dark web. It's essential for users to be cautious when using public Wi-Fi or clicking on suspicious links, as these can be common vectors for malware distribution. For now, there are no specific actions to take, as the malware is not widespread. However, users should ensure their browsers and WhatsApp are up to date with the latest security patches.","tags":["malware","apt"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":74,"also_from":[],"src":"bleeping","hrs":37.38869277777778,"rm":3,"act":false,"sev":"medium","hot":false},{"id":954,"guid":"https://therecord.media/northern-ireland-cyberattack-arrest","source_key":"therecord","title":"Teen arrested in Northern Ireland over cyberattack on school network","link":"https://therecord.media/northern-ireland-cyberattack-arrest","published":"2026-04-15T19:45:00.000Z","teaser":"Teen arrested in Northern Ireland over cyberattack on school network.","summary":"A 16-year-old boy was arrested in Northern Ireland for a cyberattack that disrupted access to educational systems used by potentially hundreds of thousands of students. The details of the attack and the extent of the disruption are not specified in the article. The arrest is a result of an investigation into the incident. It is unclear what motivated the attack or what specific systems were targeted.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":74,"also_from":[],"src":"therecord","hrs":39.593415,"rm":2,"act":false,"sev":"medium","hot":false},{"id":935,"guid":"https://therecord.media/sweden-hackers-russia-power-plant","source_key":"therecord","title":"Sweden says pro-Russian hackers attempted to breach thermal power plant","link":"https://therecord.media/sweden-hackers-russia-power-plant","published":"2026-04-15T12:15:00.000Z","teaser":"Pro-Russian hackers attempted to breach a Swedish thermal power plant.","summary":"A suspected pro-Russian hacker group attempted to disrupt operations at a thermal power plant in western Sweden last year. The incident was revealed by a Swedish defense official. The details of the attempted breach are not specified, but it is clear that the hackers' goal was to disrupt the plant's operations. The Swedish government has not disclosed the name of the power plant or the exact date of the incident. It is also unclear whether the hackers were successful in their attempt.","tags":["breach","apt"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":74,"also_from":[],"src":"therecord","hrs":47.093415,"rm":2,"act":false,"sev":"medium","hot":false},{"id":1020,"guid":"https://www.helpnetsecurity.com/?p=366385","source_key":"helpnet","title":"Apple AirTag tracking can be misled by replayed Bluetooth signals","link":"https://www.helpnetsecurity.com/2026/04/17/apple-airtag-relay-attack-location/","published":"2026-04-17T05:30:35.000Z","teaser":"Researchers found a way to manipulate Apple AirTag tracking by replaying Bluetooth signals.","summary":"Researchers discovered a vulnerability in Apple's AirTag tracking system. By relaying an AirTag's Bluetooth Low Energy (BLE) signals over the Internet, attackers can inject false location reports into the Find My system. This allows them to display locations where the AirTag has never been. The attack relies on the Find My network's dependence on BLE signals broadcast by AirTags. The researchers demonstrated the attack by creating a system that can replay and manipulate these signals. This vulnerability highlights the potential for location spoofing in the Find My network. Apple has not commented on the research or the potential for a fix.","tags":["vuln","cloud"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":73,"also_from":[],"src":"helpnet","hrs":5.833692777777777,"rm":5,"act":false,"sev":"medium","hot":false},{"id":1016,"guid":"https://cyberscoop.com/?p=88645","source_key":"cyberscoop","title":"US nationals sentenced for aiding North Korea’s tech worker scheme","link":"https://cyberscoop.com/us-nationals-sentenced-facilitate-north-korea-tech-worker-scheme/","published":"2026-04-16T23:05:57.000Z","teaser":"Two US nationals sentenced for aiding North Korea's tech worker scheme.","summary":"Kejia Wang and Zhenxing Wang, US nationals, were sentenced for their role in helping North Korean operatives obtain jobs at over 100 US companies. They established shell companies and hosted laptop farms to facilitate the scheme. This allowed the operatives to gain access to sensitive information and technology. The exact nature of the information and technology accessed is not specified in the article. The sentencing of Wang and Wang is a result of their involvement in the scheme, which was aimed at benefiting North Korea's interests.","tags":["breach","apt"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"cyberscoop","hrs":12.244248333333333,"rm":2,"act":false,"sev":"medium","hot":false},{"id":1015,"guid":"https://www.bleepingcomputer.com/news/security/operation-poweroff-identifies-75k-ddos-users-takes-down-53-domains/","source_key":"bleeping","title":"Operation PowerOFF identifies 75k DDoS users, takes down 53 domains","link":"https://www.bleepingcomputer.com/news/security/operation-poweroff-identifies-75k-ddos-users-takes-down-53-domains/","published":"2026-04-16T22:26:34.000Z","teaser":"Operation PowerOFF took down 53 DDoS-related domains and identified 75,000 users.","summary":"Operation PowerOFF is a law enforcement effort targeting the DDoS ecosystem. On April 13, 2026, it targeted users across 21 countries. The operation identified 75,000 users and took down 53 domains related to DDoS services. The exact nature of the domains and services is not specified. This operation is likely aimed at disrupting DDoS operations and bringing those involved to justice. There is no clear action for readers to take, as this is a law enforcement operation.","tags":["breach","cloud"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"bleeping","hrs":12.900637222222223,"rm":2,"act":false,"sev":"medium","hot":false},{"id":989,"guid":"https://www.bleepingcomputer.com/news/security/new-athr-vishing-platform-uses-ai-voice-agents-for-automated-attacks/","source_key":"bleeping","title":"New ATHR vishing platform uses AI voice agents for automated attacks","link":"https://www.bleepingcomputer.com/news/security/new-athr-vishing-platform-uses-ai-voice-agents-for-automated-attacks/","published":"2026-04-16T14:09:11.000Z","teaser":"New ATHR platform uses AI voice agents for automated vishing attacks.","summary":"ATHR is a cybercrime platform that uses both human operators and AI voice agents for fully automated voice phishing attacks. These attacks aim to harvest credentials from victims. The platform's use of AI agents allows for a high volume of attacks to be carried out quickly and efficiently. This increases the likelihood of successful attacks and makes it more difficult for victims to detect the phishing attempts.","tags":["vishing","malware","ai"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"bleeping","hrs":21.190359444444443,"rm":2,"act":false,"sev":"medium","hot":false},{"id":980,"guid":"69de95aa645a22000142298d","source_key":"talos","title":"PowMix botnet targets Czech workforce","link":"https://blog.talosintelligence.com/powmix-botnet-targets-czech-workforce/","published":"2026-04-16T10:00:33.000Z","teaser":"Cisco Talos discovered a botnet targeting the Czech workforce.","summary":"Cisco Talos Intelligence has identified a malicious campaign affecting the Czech workforce. The campaign, which began in December 2025, utilizes a previously undocumented botnet called 'PowMix.' The botnet's targets and tactics are not yet fully understood. Further research is needed to determine the scope and impact of this campaign.","tags":["botnet","breach"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":73,"also_from":[],"src":"talos","hrs":25.334248333333335,"rm":3,"act":false,"sev":"medium","hot":false},{"id":975,"guid":"https://cyberscoop.com/?p=88624","source_key":"cyberscoop","title":"Ghost breaches: How AI-mediated narratives have become a new threat vector","link":"https://cyberscoop.com/ai-generated-breach-narratives-ghost-threat-vector-op-ed/","published":"2026-04-16T10:00:00.000Z","teaser":"AI-generated narratives create new threat vector for organizations.","summary":"A new threat vector has emerged as AI-mediated narratives are being used to create fictional security breaches. Three incidents have been reported where AI-generated stories led to full-scale crisis responses. Organizations are not yet prepared to handle this type of threat, which can cause significant disruption and resource allocation. This highlights the need for better AI literacy and crisis management strategies.","tags":["ai"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":73,"also_from":[],"src":"cyberscoop","hrs":25.343415,"rm":5,"act":false,"sev":"medium","hot":false},{"id":977,"guid":"https://www.helpnetsecurity.com/?p=366480","source_key":"helpnet","title":"Two US nationals jailed over scheme that generated $5 million for the North Korean regime","link":"https://www.helpnetsecurity.com/2026/04/16/north-korean-it-workers-scheme-us-facilitators/","published":"2026-04-16T09:55:59.000Z","teaser":"Two US nationals sentenced to prison for helping North Korea with a scheme that generated $5 million.","summary":"Two US nationals, Kejia Wang and Zhenxing Wang, were sentenced to prison for their role in a scheme that placed North Korean IT workers inside American companies under false identities. The operation used stolen identities from at least 80 US individuals and brought in more than $5 million for the North Korean government. The scheme involved wire fraud and money laundering charges, for which both defendants pleaded guilty. This case highlights the threat of nation-state sponsored cybercrime and the importance of protecting sensitive information.","tags":["breach","apt"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":73,"also_from":[],"src":"helpnet","hrs":25.410359444444445,"rm":3,"act":false,"sev":"medium","hot":false},{"id":970,"guid":"https://www.malwarebytes.com/blog/data-breaches/2026/04/booking-com-breach-gives-scammers-what-they-need-to-target-guests","source_key":"malwarebytes","title":"Booking.com breach gives scammers what they need to target guests","link":"https://www.malwarebytes.com/blog/data-breaches/2026/04/booking-com-breach-gives-scammers-what-they-need-to-target-guests","published":"2026-04-16T08:02:06.000Z","teaser":"Booking.com breach exposes guest reservation data to scammers.","summary":"Booking.com has suffered a breach, resulting in the theft of guest reservation data. This information can be used by scammers to impersonate hotels and target guests. Scammers may attempt to steal payment and personal information from unsuspecting victims. The breach is a concern for travelers who have booked accommodations through Booking.com. It is essential for users to be cautious when receiving unsolicited calls or emails from hotels, as they may be scams.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"malwarebytes","hrs":27.308415,"rm":2,"act":false,"sev":"medium","hot":false},{"id":968,"guid":"https://www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-2025-update-may-fail-to-install/","source_key":"bleeping","title":"Microsoft: April Windows Server 2025 update may fail to install","link":"https://www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-2025-update-may-fail-to-install/","published":"2026-04-16T07:37:44.000Z","teaser":"Microsoft investigates Windows Server 2025 update installation failure.","summary":"Microsoft is investigating an issue with the April Windows Server 2025 update, KB5082063, which may fail to install on some systems. The issue is affecting Windows Server 2025 systems, but it's unclear how widespread the problem is. Microsoft has not provided any details on the cause of the issue or any potential workarounds. Users who are experiencing the issue are advised to wait for further instructions from Microsoft before attempting to install the update. There is no immediate action required at this time.","tags":["vuln"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"bleeping","hrs":27.714526111111113,"rm":2,"act":false,"sev":"medium","hot":false},{"id":964,"guid":"https://www.helpnetsecurity.com/?p=366317","source_key":"helpnet","title":"Command integrity breaks in the LLM routing layer","link":"https://www.helpnetsecurity.com/2026/04/16/llm-router-security-risk-agent-commands/","published":"2026-04-16T06:00:38.000Z","teaser":"LLM routing layer vulnerabilities found in 428 tested routers.","summary":"Researchers tested 428 LLM routing services, including 28 paid and 400 free options, to assess their security. The study found vulnerabilities in the routing layer, which can influence what commands are executed and what data is exposed. This layer is often used to connect to different model providers through a single endpoint. The researchers tested the request-response lifecycle through a malicious router and found that some routers are already altering commands. This raises concerns about the security of systems that rely on LLM agents and the potential for data exposure or malicious activity.","tags":["cloud","vuln"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":73,"also_from":[],"src":"helpnet","hrs":29.332859444444445,"rm":5,"act":false,"sev":"medium","hot":false},{"id":945,"guid":"https://therecord.media/mcgraw-hill-data-leak-tied-to-salesforce-misconfiguration","source_key":"therecord","title":"Educational company McGraw Hill says Salesforce misconfiguration led to data leak","link":"https://therecord.media/mcgraw-hill-data-leak-tied-to-salesforce-misconfiguration","published":"2026-04-15T14:28:00.000Z","teaser":"McGraw Hill reports a data leak due to a Salesforce misconfiguration.","summary":"McGraw Hill, an educational company, has reported a data breach after a misconfiguration in their Salesforce system. The breach was discovered when the ShinyHunters cybercriminal organization claimed to have stolen 45 million Salesforce records. The attackers have threatened to leak the information unless a ransom is paid. It is unclear what type of data was compromised or what steps McGraw Hill is taking to address the issue. The company has not provided further details on the incident. McGraw Hill customers and users should be aware of the potential data leak and monitor their accounts for any suspicious activity.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"therecord","hrs":44.87674833333333,"rm":2,"act":false,"sev":"medium","hot":false},{"id":1001,"guid":"https://www.microsoft.com/en-us/security/blog/?p=146554","source_key":"microsoft","title":"Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise","link":"https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/","published":"2026-04-16T15:00:00.000Z","teaser":"North Korean threat actor Sapphire Sleet targets macOS with sophisticated intrusion campaign.","summary":"The Microsoft Defender Security Research Team discovered a complex macOS intrusion campaign attributed to Sapphire Sleet, a North Korean threat actor. The campaign uses social engineering and user-driven execution to bypass macOS security protections. This allows the attackers to steal credentials, cryptocurrency assets, and sensitive data. The researchers detailed the tactics, techniques, and procedures (TTPs) used by Sapphire Sleet, from initial lure to compromise. The campaign's sophistication highlights the ongoing threat to macOS users. There is no immediate action for users to take, but awareness of this threat actor's tactics is essential.","tags":["apt","breach","macos"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":71,"also_from":[],"src":"microsoft","hrs":20.343415,"rm":5,"act":false,"sev":"medium","hot":false},{"id":982,"guid":"https://www.helpnetsecurity.com/?p=366502","source_key":"helpnet","title":"Google Play is changing how Android apps access your contacts and location","link":"https://www.helpnetsecurity.com/2026/04/16/google-play-store-policy-updates/","published":"2026-04-16T11:10:58.000Z","teaser":"Google Play updates policies to strengthen user privacy and protect businesses from fraud.","summary":"Google has released new policy updates for the Google Play store, aimed at strengthening user privacy and protecting businesses from fraud. The updates include changes to how Android apps access user contacts and location data. Developers will need to adapt their apps to comply with the new policies, which will be enforced starting October 27. To help developers, Google is expanding features in Android Studio to provide insights and guidance on the new policies. This will enable developers to identify if their apps need to be updated and provide steps to take.","tags":["policy"],"severity":"info","actionable":true,"cves":[],"read_min":2,"score":70,"also_from":[],"src":"helpnet","hrs":24.16063722222222,"rm":2,"act":true,"sev":"info","hot":false},{"id":973,"guid":"https://www.schneier.com/?p=71853","source_key":"schneier","title":"Human Trust of AI Agents","link":"https://www.schneier.com/blog/archives/2026/04/human-trust-of-ai-agents.html","published":"2026-04-16T09:41:24.000Z","teaser":"Humans expect rationality and cooperation from AI opponents in strategic games.","summary":"Researchers conducted a laboratory experiment to study human behavior in strategic games against both human and AI opponents. The study found that humans expect rationality and cooperation from Large Language Model (LLM) opponents, even though LLMs are not capable of rational decision-making. This expectation can lead to suboptimal behavior in humans, as they may adjust their strategy to accommodate the perceived rationality of the LLM. The study highlights the importance of understanding human trust in AI agents, particularly in strategic settings.","tags":["ai"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":70,"also_from":[],"src":"schneier","hrs":25.653415,"rm":5,"act":false,"sev":"info","hot":false},{"id":986,"guid":"https://www.malwarebytes.com/blog/news/2026/04/icloud-storage-is-full-scam-is-back-and-now-it-wants-your-payment-details","source_key":"malwarebytes","title":"“iCloud storage is full” scam is back, and now it wants your payment details","link":"https://www.malwarebytes.com/blog/news/2026/04/icloud-storage-is-full-scam-is-back-and-now-it-wants-your-payment-details","published":"2026-04-16T12:33:11.000Z","teaser":"Apple users targeted by 'iCloud storage is full' scam demanding payment details.","summary":"A scam targeting Apple users is making the rounds, claiming that their iCloud storage is full and threatening to delete their photos unless they upgrade their storage immediately. The scam aims to rush users into handing over their payment details. This is not a legitimate notification from Apple, and users should be cautious when receiving such messages. If you receive a similar message, do not click on any links or provide your payment information. Instead, go to your iCloud settings to check your storage status and upgrade your storage if necessary. This scam is a classic example of social engineering, and users should be aware of such tactics to protect themselves.","tags":["breach","policy"],"severity":"info","actionable":true,"cves":[],"read_min":2,"score":69,"also_from":[],"src":"malwarebytes","hrs":22.790359444444444,"rm":2,"act":true,"sev":"info","hot":false},{"id":965,"guid":"https://www.helpnetsecurity.com/?p=366232","source_key":"helpnet","title":"What the EU AI Act requires for AI agent logging","link":"https://www.helpnetsecurity.com/2026/04/16/eu-ai-act-logging-requirements/","published":"2026-04-16T05:30:52.000Z","teaser":"EU AI Act requires logging for high-risk AI systems, including those scoring credit applications or deciding healthcare benefits.","summary":"The EU AI Act is a 144-page document with logging requirements for AI agent developers scattered across four articles. These articles reference each other, making it challenging to understand the requirements. The Act doesn't explicitly mention 'AI agents,' but rather focuses on the system's functionality. If your AI system scores credit applications, filters resumes, decides healthcare benefits, prices insurance, or performs other high-risk tasks, it's likely considered high-risk. The Act requires logging for these systems, but the specific logging requirements are not clearly defined. The deadlines for compliance are not specified in the article, but it's essential to review the Act and its articles to understand the requirements. There are gaps in the Act's logging requirements, which may lead to confusion and challenges for developers.","tags":["policy"],"severity":"info","actionable":true,"cves":[],"read_min":5,"score":69,"also_from":[],"src":"helpnet","hrs":29.828970555555557,"rm":5,"act":true,"sev":"info","hot":false},{"id":949,"guid":"https://therecord.media/anthropic-mythos-uk-cyber-risk","source_key":"therecord","title":"UK warns businesses to address cyber risks amid Anthropic AI panic","link":"https://therecord.media/anthropic-mythos-uk-cyber-risk","published":"2026-04-15T16:00:00.000Z","teaser":"UK warns businesses to strengthen cyber defenses amid AI concerns.","summary":"The British government has issued a warning to businesses to improve their cyber defenses in response to the release of Anthropic's Mythos, a large language model. The warning is prompted by concerns that AI could reshape the threat landscape. While the warning does not specify any particular vulnerabilities or threats, it serves as a reminder for businesses to regularly review and update their cybersecurity measures. This includes implementing robust access controls, conducting regular security audits, and ensuring that employees are aware of and follow cybersecurity best practices.","tags":["ai","policy"],"severity":"info","actionable":true,"cves":[],"read_min":2,"score":69,"also_from":[],"src":"therecord","hrs":43.343415,"rm":2,"act":true,"sev":"info","hot":false},{"id":1008,"guid":"69dd0369ab91ce0001a70dc9","source_key":"talos","title":"Foxit, LibRaw vulnerabilities","link":"https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/","published":"2026-04-16T19:00:24.000Z","teaser":"Foxit Reader and LibRaw file reader vulnerabilities patched.","summary":"Cisco Talos' Vulnerability Discovery & Research team discovered one Foxit Reader vulnerability and six LibRaw file reader vulnerabilities. The vulnerabilities have been patched by their respective vendors. This is in line with Cisco's third-party vulnerability disclosure policy. There is no further information on the vulnerabilities or their potential impact. As the vulnerabilities have been patched, no action is required from users. The patches have been released by the vendors, and users should update their software to the latest version.","tags":["vuln"],"severity":"low","actionable":false,"cves":[],"read_min":2,"score":60,"also_from":[],"src":"talos","hrs":16.336748333333333,"rm":2,"act":false,"sev":"low","hot":false}],"generated":"2026-04-17T11:20:36.344Z","count":50,"ioc_count":2}