List cybersec
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed Glass..
12:10 pm, April 27, 2026 Cybersecurity
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
{ "priority": "HIGH", "cve": "N/A", "target": "TrueConf video conferencing software", "threat_actor": "PhantomCore", "patch_ready": false, "insight": "PhantomCore exploits TrueConf vulnera..
12:10 pm, April 27, 2026 Cybersecurity
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
{"priority":"INFO","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The article discusses the impact of Anthropic's Claude Mythos Preview on vulnerability discovery and r..
12:10 pm, April 27, 2026 Cybersecurity
Microsoft says Outlook.com outage is causing sign‑in failures
{ "priority": "MEDIUM", "cve": "N/A", "target": "Microsoft Outlook.com", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft is investigating an Outlook.com outage causing s..
12:10 pm, April 27, 2026 Cybersecurity
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
{ "priority": "MEDIUM", "cve": "N/A", "target": "N/A", "threat_actor": "Keitaro", "patch_ready": false, "insight": "Fake CAPTCHA IRSF scam and 120 Keitaro campaigns drive global SMS and cr..
9:10 am, April 27, 2026 Cybersecurity
American utility firm Itron discloses breach of internal IT network
{ "priority": "HIGH", "cve": "N/A", "target": "Itron Inc.", "threat_actor": "N/A", "patch_ready": false, "insight": "Itron Inc. disclosed a cybersecurity breach where an unauthorized third..
3:10 pm, April 26, 2026 Cybersecurity
Microsoft rolls out revamped Windows Insider Program
{ "priority": "INFO", "cve": "N/A", "target": "Windows Insider Program", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft has revamped the Windows Insider Program as part..
5:10 pm, April 25, 2026 Cybersecurity
Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]
4:10 pm, April 25, 2026 Cybersecurity
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
{"priority":"HIGH","cve":"N/A","target":"Engineering Software","threat_actor":"N/A","patch_ready":false,"insight":"Researchers discovered a Lua-based malware called 'fast16' targeting engineering soft..
10:10 am, April 25, 2026 Cybersecurity
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
{ "priority": "CRITICAL", "cve": "CVE-2024-57726", "target": "SimpleHelp, Samsung MagicINFO 9 Server, D-Link DIR-823X series routers", "threat_actor": "N/A", "patch_ready": true, "insight"..
6:10 am, April 25, 2026 Cybersecurity
ADT confirms data breach after ShinyHunters leak threat
{ "priority": "HIGH", "cve": "N/A", "target": "ADT", "threat_actor": "ShinyHunters", "patch_ready": false, "insight": "ADT confirms data breach after ShinyHunters leak threat." }
11:10 pm, April 24, 2026 Cybersecurity
Firestarter malware survives Cisco firewall updates, security patches
{ "priority": "HIGH", "cve": "N/A", "target": "Cisco Firepower and Secure Firewall devices", "threat_actor": "N/A", "patch_ready": false, "insight": "Firestarter malware persists on Cisco ..
9:10 pm, April 24, 2026 Cybersecurity
Windows Update gets new controls to reduce forced restarts
{ "priority": "INFO", "cve": "N/A", "target": "Windows Update", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft introduces new controls for Windows Update to minimize fo..
8:10 pm, April 24, 2026 Cybersecurity
Microsoft to roll out Entra passkeys on Windows in late April
{ "priority": "INFO", "cve": "N/A", "target": "Microsoft Entra", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft announces passkey support for Microsoft Entra on Windows..
7:10 pm, April 24, 2026 Cybersecurity
New BlackFile extortion group linked to surge of vishing attacks
{ "priority": "INFO", "cve": "N/A", "target": "Retail and hospitality organizations", "threat_actor": "BlackFile", "patch_ready": false, "insight": "New financially motivated hacking group..
7:10 pm, April 24, 2026 Cybersecurity
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was co..
6:10 pm, April 24, 2026 Cybersecurity
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
{ "priority": "HIGH", "cve": "N/A", "target": "Linux", "threat_actor": "N/A", "patch_ready": false, "insight": "New vulnerability Pack2TheRoot in PackageKit daemon allows local Linux users..
6:10 pm, April 24, 2026 Cybersecurity
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
{ "priority": "HIGH", "cve": "N/A", "target": "NASA, U.S. Defense Software", "threat_actor": "Chinese national", "patch_ready": false, "insight": "Chinese national posed as U.S. researcher..
4:10 pm, April 24, 2026 Cybersecurity
DORA and operational resilience: Credential management as a financial risk control
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach looks like when those controls are missi..
3:10 pm, April 24, 2026 Cybersecurity
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]
2:10 pm, April 24, 2026 Cybersecurity
Microsoft now lets admins uninstall Copilot on enterprise devices
{"priority":"INFO","cve":"N/A","target":"Microsoft Copilot","threat_actor":"N/A","patch_ready":false,"insight":"Microsoft has introduced a policy setting to allow IT administrators to uninstall Copilo..
12:10 pm, April 24, 2026 Cybersecurity
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
{ "priority": "HIGH", "cve": "N/A", "target": "Apple App Store", "threat_actor": "N/A", "patch_ready": false, "insight": "Malicious apps impersonating cryptocurrency wallets found on Apple..
12:10 pm, April 24, 2026 Cybersecurity
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
{"priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The article discusses the AI Agent Authority Gap in enterprise security, highlighting the n..
12:10 pm, April 24, 2026 Cybersecurity
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft Teams", "threat_actor": "UNC6692", "patch_ready": false, "insight": "UNC6692 uses social engineering via Microsoft Teams to deploy ..
10:10 am, April 24, 2026 Cybersecurity
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
{ "priority": "HIGH", "cve": "N/A", "target": "SumatraPDF reader, Microsoft Visual Studio Code (VS Code)", "threat_actor": "Tropic Trooper", "patch_ready": false, "insight": "Tropic Troope..
10:10 am, April 24, 2026 Cybersecurity
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
{"priority": "HIGH", "cve": "CVE-2026-33626", "target": "LMDeploy", "threat_actor": "N/A", "patch_ready": false, "insight": "CVE-2026-33626 SSRF vulnerability in LMDeploy exploited within 13 hours of ..
9:10 am, April 24, 2026 Cybersecurity
ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 24, 2026 Cybersecurity
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]
10:10 pm, April 23, 2026 Cybersecurity
Bitwarden CLI npm package compromised to steal developer credentials
{ "priority": "HIGH", "cve": "N/A", "target": "Bitwarden CLI", "threat_actor": "N/A", "patch_ready": false, "insight": "Bitwarden CLI npm package compromised to steal developer credentials..
8:10 pm, April 23, 2026 Cybersecurity
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft Teams", "threat_actor": "UNC6692", "patch_ready": false, "insight": "UNC6692 uses social engineering via Microsoft Teams to deploy ..
7:10 pm, April 23, 2026 Cybersecurity
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...]
7:10 pm, April 23, 2026 Cybersecurity
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
4:10 pm, April 23, 2026 Cybersecurity
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The bulletin highlights various threats including a $290M DeFi hack, macOS Lot..
3:10 pm, April 23, 2026 Cybersecurity
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affected package version appears to be @bitw..
3:10 pm, April 23, 2026 Cybersecurity
Regular Password Resets Aren’t as Safe as You Think
{ "priority": "MEDIUM", "cve": "N/A", "target": "Specops Software", "threat_actor": "N/A", "patch_ready": false, "insight": "Helpdesk social engineering can turn password reset requests in..
3:10 pm, April 23, 2026 Cybersecurity
Cosmetics giant Rituals discloses data breach affecting customers
{ "priority": "MEDIUM", "cve": "N/A", "target": "Rituals My Rituals membership database", "threat_actor": "N/A", "patch_ready": false, "insight": "Rituals cosmetics giant discloses data br..
3:10 pm, April 23, 2026 Cybersecurity
Microsoft: Some Teams users can’t join meetings after Edge update
{ "priority": "MEDIUM", "cve": "N/A", "target": "Microsoft Teams", "threat_actor": "N/A", "patch_ready": false, "insight": "A recent Microsoft Edge browser update introduced a bug preventi..
2:10 pm, April 23, 2026 Cybersecurity
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
{"priority": "HIGH", "cve": "N/A", "target": "Anthropic's Project Glasswing", "threat_actor": "N/A", "patch_ready": "true", "insight": "Anthropic's AI model, Project Glasswing, discovers software vuln..
1:10 pm, April 23, 2026 Cybersecurity
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The Collapsing Exploit Window refers to the shrinking time frame to fix vulner..
1:10 pm, April 23, 2026 Cybersecurity
UK warns of Chinese hackers using proxy networks to evade detection
The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer devices ..
1:10 pm, April 23, 2026 Cybersecurity
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
{ "priority": "HIGH", "cve": "N/A", "target": "Government Entities", "threat_actor": "GopherWhisper", "patch_ready": false, "insight": "New APT group GopherWhisper abuses Outlook, Slack, D..
12:10 pm, April 23, 2026 Cybersecurity
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
{ "priority": "MEDIUM", "cve": "CVE-2026-28950", "target": "Apple iOS and iPadOS", "threat_actor": "N/A", "patch_ready": true, "insight": "Apple fixes iOS flaw that allowed FBI to recover ..
11:10 am, April 23, 2026 Cybersecurity
Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
{ "priority": "HIGH", "cve": "CVE-2026-28950", "target": "Apple iOS/iPadOS", "threat_actor": "N/A", "patch_ready": true, "insight": "Apple patches exploited Notification Services vulnerabi..
11:10 am, April 23, 2026 Cybersecurity
CISA orders feds to patch BlueHammer flaw exploited as zero-day
{ "priority": "CRITICAL", "cve": "N/A", "target": "Microsoft Defender", "threat_actor": "N/A", "patch_ready": true, "insight": "CISA ordered U.S. federal agencies to patch a Microsoft Defe..
11:10 am, April 23, 2026 Cybersecurity
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
{ "priority": "HIGH", "cve": "N/A", "target": "Vercel", "threat_actor": "N/A", "patch_ready": false, "insight": "Vercel discovered additional compromised customer accounts from a security ..
10:10 am, April 23, 2026 Cybersecurity
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
{ "priority": "HIGH", "cve": "N/A", "target": "Mongolian Government Systems", "threat_actor": "GopherWhisper", "patch_ready": false, "insight": "China-linked APT group GopherWhisper infect..
10:10 am, April 23, 2026 Cybersecurity
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
{ "priority": "MEDIUM", "cve": "CVE-2026-28950", "target": "iOS", "threat_actor": "N/A", "patch_ready": true, "insight": "Apple patched an iOS flaw that stored deleted Signal notifications..
9:10 am, April 23, 2026 Cybersecurity
Apple fixes bug that let the FBI recover deleted Signal messages
{ "priority": "HIGH", "cve": "N/A", "target": "Apple iPhone and iPad", "threat_actor": "FBI", "patch_ready": true, "insight": "Apple fixes bug that allowed FBI to recover deleted Signal me..
6:10 am, April 23, 2026 Cybersecurity
ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904, (Thu, Apr 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 23, 2026 Cybersecurity
Apple fixes iOS bug that retained deleted notification data
{ "priority": "MEDIUM", "cve": "N/A", "target": "Apple iOS", "threat_actor": "N/A", "patch_ready": true, "insight": "Apple fixes iOS bug that retained deleted notification data" }
9:10 pm, April 22, 2026 Cybersecurity
AI Testing
