List cybersec
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
{"priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Weekly recap of various cybersecurity topics including fiber optic spying, Windows rootkit,..
2:10 pm, April 13, 2026 Cybersecurity
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
{ "priority": "HIGH", "cve": "N/A", "target": "Browser Sessions", "threat_actor": "Storm", "patch_ready": false, "insight": "New 'Storm' infostealer enables session hijacking by decrypting..
2:10 pm, April 13, 2026 Cybersecurity
Your MTTD Looks Great. Your Post-Alert Gap Doesn't
{ "priority": "CRITICAL", "cve": "N/A", "target": "Major operating systems and browsers", "threat_actor": "Anthropic", "patch_ready": false, "insight": "Anthropic's Mythos Preview model au..
1:10 pm, April 13, 2026 Cybersecurity
Scans for EncystPHP Webshell, (Mon, Apr 13th)
{ "priority": "INFO", "cve": "N/A", "target": "EncystPHP Webshell", "threat_actor": "N/A", "patch_ready": false, "insight": "Attackers are scanning for EncystPHP webshell, a favorite among..
1:10 pm, April 13, 2026 Cybersecurity
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
{ "priority": "HIGH", "cve": "N/A", "target": "Facebook users", "threat_actor": "APT37 (ScarCruft)", "patch_ready": false, "insight": "APT37 uses Facebook social engineering to deliver Rok..
11:10 am, April 13, 2026 Cybersecurity
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
{ "priority": "HIGH", "cve": "N/A", "target": "OpenAI macOS App", "threat_actor": "N/A", "patch_ready": true, "insight": "OpenAI revoked a macOS app certificate due to a malicious Axios su..
8:10 am, April 13, 2026 Cybersecurity
ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 13, 2026 Cybersecurity
Critical Marimo pre-auth RCE flaw now under active exploitation
{ "priority": "CRITICAL", "cve": "N/A", "target": "Marimo", "threat_actor": "N/A", "patch_ready": false, "insight": "A critical pre-authentication remote code execution (RCE) vulnerability..
3:10 pm, April 12, 2026 Cybersecurity
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
{"priority": "CRITICAL", "cve": "CVE-2026-34621", "target": "Adobe Acrobat Reader", "threat_actor": "N/A", "patch_ready": true, "insight": "Adobe patches actively exploited Acrobat Reader flaw CVE-202..
6:10 am, April 12, 2026 Cybersecurity
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
{ "priority": "HIGH", "cve": "N/A", "target": "CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor", "threat_actor": "Unknown threat actors", "patch_ready": false, "insight": "CPUID website b..
6:10 am, April 12, 2026 Cybersecurity
Over 20,000 crypto fraud victims identified in international crackdown
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "An international law enforcement action identified over 20,000 victims of cryp..
3:10 pm, April 11, 2026 Cybersecurity
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
{ "priority": "INFO", "cve": "N/A", "target": "Webloc", "threat_actor": "Law Enforcement", "patch_ready": false, "insight": "Law enforcement used Webloc, an ad-based geolocation tool by Co..
8:10 am, April 11, 2026 Cybersecurity
ChatGPT rolls out new $100 Pro subscription to challenge Claude
{ "priority": "INFO", "cve": "N/A", "target": "ChatGPT", "threat_actor": "N/A", "patch_ready": false, "insight": "OpenAI introduces a $100 Pro subscription for ChatGPT, competing with Clau..
2:10 am, April 11, 2026 Cybersecurity
CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
{ "priority": "HIGH", "cve": "N/A", "target": "CPU-Z and HWMonitor", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers hacked CPUID's API to serve malware via CPU-Z and HWMo..
5:10 pm, April 10, 2026 Cybersecurity
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
{ "priority": "HIGH", "cve": "N/A", "target": "Rockwell Automation PLCs", "threat_actor": "Iranian-linked hackers", "patch_ready": false, "insight": "Thousands of US industrial devices are..
4:10 pm, April 10, 2026 Cybersecurity
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
{ "priority": "HIGH", "cve": "N/A", "target": "CPU-Z/HWMonitor", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers used a compromised API to serve malware through CPU-Z and ..
2:10 pm, April 10, 2026 Cybersecurity
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
{ "priority": "HIGH", "cve": "N/A", "target": "Multiple Developer IDEs", "threat_actor": "GlassWorm", "patch_ready": false, "insight": "GlassWorm campaign uses Zig dropper to infect multip..
2:10 pm, April 10, 2026 Cybersecurity
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Analysis of 1 billion CISA KEV remediation records reveals limitations in huma..
2:10 pm, April 10, 2026 Cybersecurity
Microsoft: Canadian employees targeted in payroll pirate attacks
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft", "threat_actor": "Storm-2755", "patch_ready": false, "insight": "A financially motivated threat actor is stealing Canadian employe..
12:10 pm, April 10, 2026 Cybersecurity
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
{ "priority": "CRITICAL", "cve": "CVE-2026-39987", "target": "Marimo", "threat_actor": "N/A", "patch_ready": false, "insight": "A pre-authenticated remote code execution vulnerability in M..
11:10 am, April 10, 2026 Cybersecurity
Google rolls out Gmail end-to-end encryption on mobile devices
{ "priority": "INFO", "cve": "N/A", "target": "Gmail", "threat_actor": "N/A", "patch_ready": false, "insight": "Google has made end-to-end encryption available for Gmail on all Android and..
11:10 am, April 10, 2026 Cybersecurity
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
{"priority":"INFO","cve":"N/A","target":"AI browser extensions","threat_actor":"N/A","patch_ready":false,"insight":"A new report highlights the potential dangers of AI browser extensions as a largely ..
11:10 am, April 10, 2026 Cybersecurity
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
{"priority":"MEDIUM","cve":"N/A","target":"Google Chrome","threat_actor":"N/A","patch_ready":true,"insight":"Google has released Device Bound Session Credentials (DBSC) in Chrome 146 to prevent sessio..
9:10 am, April 10, 2026 Cybersecurity
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
{ "priority": "CRITICAL", "cve": "N/A", "target": "Smart Slider 3 Pro", "threat_actor": "Unknown threat actors", "patch_ready": false, "insight": "Backdoored Smart Slider 3 Pro update dist..
8:10 am, April 10, 2026 Cybersecurity
Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "A JavaScript file, cbmjlzan.JS, was found in a phishing email and identified a..
7:10 am, April 10, 2026 Cybersecurity
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
{ "priority": "HIGH", "cve": "N/A", "target": "EngageLab SDK", "threat_actor": "N/A", "patch_ready": true, "insight": "A security vulnerability in EngageLab SDK exposed 50M Android users, ..
6:10 am, April 10, 2026 Cybersecurity
New VENOM phishing attacks steal senior executives' Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]
10:10 pm, April 9, 2026 Cybersecurity
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
{ "priority": "MEDIUM", "cve": "N/A", "target": "LucidRook malware", "threat_actor": "N/A", "patch_ready": false, "insight": "A new Lua-based malware called LucidRook is targeting NGOs and..
10:10 pm, April 9, 2026 Cybersecurity
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurren..
8:10 pm, April 9, 2026 Cybersecurity
Healthcare IT solutions provider ChipSoft hit by ransomware attack
{ "priority": "HIGH", "cve": "N/A", "target": "ChipSoft", "threat_actor": "N/A", "patch_ready": false, "insight": "Dutch healthcare software vendor ChipSoft was hit by a ransomware attack,..
8:10 pm, April 9, 2026 Cybersecurity
Google Chrome adds infostealer protection against session cookie theft
{ "priority": "MEDIUM", "cve": "N/A", "target": "Google Chrome", "threat_actor": "N/A", "patch_ready": true, "insight": "Google Chrome adds infostealer protection against session cookie th..
7:10 pm, April 9, 2026 Cybersecurity
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]
5:10 pm, April 9, 2026 Cybersecurity
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
{ "priority": "HIGH", "cve": "N/A", "target": "Taiwanese NGOs", "threat_actor": "UAT-10362", "patch_ready": false, "insight": "UAT-10362 uses LucidRook Malware in spear-phishing campaigns ..
5:10 pm, April 9, 2026 Cybersecurity
When attackers already have the keys, MFA is just another door to open
{"priority":"MEDIUM","cve":"N/A","target":"MFA systems","threat_actor":"N/A","patch_ready":false,"insight":"Stolen credentials can bypass MFA, but wearable biometric authentication can verify users an..
3:10 pm, April 9, 2026 Cybersecurity
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The ThreatsDay Bulletin covers various cybersecurity stories, including a hybr..
2:10 pm, April 9, 2026 Cybersecurity
Webinar: From noise to signal - What threat actors are targeting next
Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn how..
1:10 pm, April 9, 2026 Cybersecurity
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
{ "priority": "HIGH", "cve": "N/A", "target": "Journalists, Activists, Government Officials", "threat_actor": "Bitter, suspected ties to Indian government", "patch_ready": false, "insight"..
12:10 pm, April 9, 2026 Cybersecurity
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
{ "priority": "CRITICAL", "cve": "N/A", "target": "Adobe Reader", "threat_actor": "N/A", "patch_ready": false, "insight": "A zero-day vulnerability in Adobe Reader has been exploited via m..
12:10 pm, April 9, 2026 Cybersecurity
The Hidden Security Risks of Shadow AI in Enterprises
{"priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The use of unapproved AI tools by employees creates new security blind spots, known as shad..
12:10 pm, April 9, 2026 Cybersecurity
Eurail says December data breach impacts 300,000 individuals
{ "priority": "HIGH", "cve": "N/A", "target": "Eurail B.V.", "threat_actor": "N/A", "patch_ready": false, "insight": "Eurail B.V. suffered a data breach in December 2025, affecting over 30..
11:10 am, April 9, 2026 Cybersecurity
Hackers exploiting Acrobat Reader zero-day flaw since December
{ "priority": "CRITICAL", "cve": "N/A", "target": "Adobe Reader", "threat_actor": "N/A", "patch_ready": false, "insight": "Attackers have been exploiting a zero-day vulnerability in Adobe ..
10:10 am, April 9, 2026 Cybersecurity
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
{ "priority": "HIGH", "cve": "N/A", "target": "Bitcoin Depot", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers stole $3.6 million from Bitcoin Depot's crypto wallets after..
8:10 am, April 9, 2026 Cybersecurity
Microsoft suspends dev accounts for high-profile open source projects
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from ..
7:10 am, April 9, 2026 Cybersecurity
ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "ISC Stormcast podcast for Thursday, April 9th, 2026, providing cybersecurity u..
2:10 am, April 9, 2026 Cybersecurity
Number Usage in Passwords: Take Two, (Thu, Apr 9th)
{"priority":"INFO","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The article discusses how numbers, particularly years and seasons, are used in passwords, often due to..
1:10 am, April 9, 2026 Cybersecurity
Hackers use pixel-large SVG trick to hide credit card stealer
{ "priority": "HIGH", "cve": "N/A", "target": "Magento e-commerce platform", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers hide credit card-stealing code in a pixel-size..
11:10 pm, April 8, 2026 Cybersecurity
Google: New UNC6783 hackers steal corporate Zendesk support tickets
{ "priority": "HIGH", "cve": "N/A", "target": "Zendesk", "threat_actor": "UNC6783", "patch_ready": false, "insight": "UNC6783 hackers compromise BPO providers to steal corporate Zendesk su..
10:10 pm, April 8, 2026 Cybersecurity
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
{ "priority": "MEDIUM", "cve": "N/A", "target": "Cloud Deployments", "threat_actor": "Chaos", "patch_ready": false, "insight": "New Chaos malware variant targets misconfigured cloud deploy..
7:10 pm, April 8, 2026 Cybersecurity
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since..
7:10 pm, April 8, 2026 Cybersecurity
New macOS stealer campaign uses Script Editor in ClickFix attack
{ "priority": "HIGH", "cve": "N/A", "target": "macOS", "threat_actor": "N/A", "patch_ready": false, "insight": "A new Atomic Stealer malware campaign targets macOS users via a Script Edito..
7:10 pm, April 8, 2026 Cybersecurity
AI Testing
