List cybersec
ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 6, 2026 Cybersecurity
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
{ "priority": "HIGH", "cve": "N/A", "target": "Drift", "threat_actor": "DPRK", "patch_ready": false, "insight": "DPRK conducted a six-month social engineering operation to steal $285 milli..
8:10 pm, April 5, 2026 Cybersecurity
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demandin..
8:10 pm, April 5, 2026 Cybersecurity
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]
7:10 pm, April 5, 2026 Cybersecurity
Hackers exploit React2Shell in automated credential theft campaign
{ "priority": "HIGH", "cve": "CVE-2025-55182", "target": "Next.js", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers exploit React2Shell in automated credential theft campa..
3:10 pm, April 5, 2026 Cybersecurity
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
{ "priority": "CRITICAL", "cve": "CVE-2026-35616", "target": "FortiClient EMS", "threat_actor": "N/A", "patch_ready": true, "insight": "Fortinet patches actively exploited CVE-2026-35616 i..
6:10 am, April 5, 2026 Cybersecurity
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
``` { "priority": "HIGH", "cve": "N/A", "target": "npm registry, Redis, PostgreSQL", "threat_actor": "N/A", "patch_ready": false, "insight": "Malicious npm packages disguised as Strapi CMS..
6:10 am, April 5, 2026 Cybersecurity
Axios npm hack used fake Teams error fix to hijack maintainer account
{ "priority": "HIGH", "cve": "N/A", "target": "Axios HTTP client", "threat_actor": "North Korean threat actors", "patch_ready": false, "insight": "A social engineering campaign targeting a..
9:10 pm, April 4, 2026 Cybersecurity
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
{ "priority": "MEDIUM", "cve": "N/A", "target": "LinkedIn", "threat_actor": "N/A", "patch_ready": false, "insight": "LinkedIn uses hidden JavaScript scripts to scan visitors' browsers for ..
3:10 pm, April 4, 2026 Cybersecurity
Device code phishing attacks surge 37x as new kits spread online
{ "priority": "HIGH", "cve": "N/A", "target": "OAuth 2.0", "threat_actor": "N/A", "patch_ready": false, "insight": "Device code phishing attacks abusing OAuth 2.0 Device Authorization Gran..
3:10 pm, April 4, 2026 Cybersecurity
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
{ "priority": "MEDIUM", "cve": "N/A", "target": "LinkedIn", "threat_actor": "N/A", "patch_ready": false, "insight": "LinkedIn uses hidden JavaScript scripts to scan visitors' browsers for ..
9:10 pm, April 3, 2026 Cybersecurity
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
{"priority":"HIGH","cve":"N/A","target":"PHP Web Shells on Linux Servers","threat_actor":"Threat Actors","patch_ready":false,"insight":"Threat actors use HTTP cookies as a control channel for PHP-base..
6:10 pm, April 3, 2026 Cybersecurity
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
{ "priority": "HIGH", "cve": "N/A", "target": "European Governments", "threat_actor": "TA416", "patch_ready": false, "insight": "China-linked TA416 targets European governments with PlugX ..
6:10 pm, April 3, 2026 Cybersecurity
Hims & Hers warns of data breach after Zendesk support ticket breach
{ "priority": "HIGH", "cve": "N/A", "target": "Hims & Hers Health", "threat_actor": "N/A", "patch_ready": false, "insight": "Telehealth company Hims & Hers Health suffered a data breach af..
6:10 pm, April 3, 2026 Cybersecurity
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]
5:10 pm, April 3, 2026 Cybersecurity
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The article discusses the evolution of ransomware attacks, specifically multi-..
3:10 pm, April 3, 2026 Cybersecurity
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
``` { "priority": "HIGH", "cve": "N/A", "target": "European Commission Cloud, Sportradar, Mercor AI, axios, LiteLLM", "threat_actor": "TeamPCP", "patch_ready": false, "insight": "CERT-EU c..
2:10 pm, April 3, 2026 Cybersecurity
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
{"priority":"MEDIUM","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The biggest gap in clients' security posture is third-party risk, as breaches often occur through tr..
1:10 pm, April 3, 2026 Cybersecurity
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
{"priority":"HIGH","cve":"N/A","target":"Axios npm package","threat_actor":"UNC1069","patch_ready":false,"insight":"North Korean threat actors UNC1069 used social engineering to compromise Axios maint..
1:10 pm, April 3, 2026 Cybersecurity
Microsoft still working to fix Exchange Online mailbox access issues
Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. [...]
12:10 pm, April 3, 2026 Cybersecurity
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
``` { "priority": "CRITICAL", "cve": "N/A", "target": "Drift Protocol", "threat_actor": "DPRK", "patch_ready": false, "insight": "A novel social engineering attack involving durable nonces..
10:10 am, April 3, 2026 Cybersecurity
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
{ "priority": "HIGH", "cve": "N/A", "target": "iOS, Android Apps", "threat_actor": "SparkCat", "patch_ready": false, "insight": "New SparkCat malware variant steals crypto wallet recovery ..
10:10 am, April 3, 2026 Cybersecurity
Man admits to locking thousands of Windows devices in extortion plot
{ "priority": "MEDIUM", "cve": "N/A", "target": "Windows", "threat_actor": "Individual (former core infrastructure engineer)", "patch_ready": false, "insight": "A former infrastructure eng..
9:10 am, April 3, 2026 Cybersecurity
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
{"priority": "INFO", "cve": "N/A", "target": "Windows 11", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft has started force-upgrading unmanaged Windows 11 24H2 Home and Pro devices..
8:10 am, April 3, 2026 Cybersecurity
CERT-EU: European Commission hack exposes data of 30 EU entities
The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other..
7:10 am, April 3, 2026 Cybersecurity
Drift loses $280 million North Korean hackers seize Security Council powers
{ "priority": "CRITICAL", "cve": "N/A", "target": "Drift Protocol", "threat_actor": "North Korean hackers", "patch_ready": false, "insight": "Drift Protocol lost $280 million to North Kore..
6:10 am, April 3, 2026 Cybersecurity
ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Summary of ISC Stormcast podcast for April 3rd, 2026, no specific threat intel..
2:10 am, April 3, 2026 Cybersecurity
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web S..
9:10 pm, April 2, 2026 Cybersecurity
Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]
9:10 pm, April 2, 2026 Cybersecurity
Drift loses $280 million as hackers seize Security Council powers
{"priority":"CRITICAL","cve":"N/A","target":"Drift Protocol","threat_actor":"N/A","patch_ready":false,"insight":"A threat actor seized control of Drift Protocol's Security Council administrative power..
7:10 pm, April 2, 2026 Cybersecurity
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
{ "priority": "CRITICAL", "cve": "CVE-2026-20093", "target": "Cisco IMC", "threat_actor": "N/A", "patch_ready": true, "insight": "Cisco patches critical 9.8 CVSS flaw in IMC allowing remot..
5:10 pm, April 2, 2026 Cybersecurity
Residential proxies evaded IP reputation checks in 78% of 4B sessions
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Researchers warn that residential proxies used to route malicious traffic are ..
4:10 pm, April 2, 2026 Cybersecurity
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
{ "priority": "HIGH", "cve": "CVE-2025-30208", "target": "Vite", "threat_actor": "N/A", "patch_ready": true, "insight": "Attempts to exploit exposed Vite installs have been detected." }
3:10 pm, April 2, 2026 Cybersecurity
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The ThreatsDay Bulletin covers various cybersecurity topics, including pre-aut..
2:10 pm, April 2, 2026 Cybersecurity
Medtech giant Stryker fully operational after data-wiping attack
{ "priority": "HIGH", "cve": "N/A", "target": "Stryker Corporation", "threat_actor": "Handala", "patch_ready": false, "insight": "Medtech giant Stryker restored operations after a data-wip..
2:10 pm, April 2, 2026 Cybersecurity
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
{ "priority": "CRITICAL", "cve": "N/A", "target": "Progress ShareFile", "threat_actor": "N/A", "patch_ready": false, "insight": "Chained vulnerabilities allow pre-auth RCE attacks" }
2:10 pm, April 2, 2026 Cybersecurity
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Threat actors exploit vacant homes as drop addresses to intercept mail and fac..
2:10 pm, April 2, 2026 Cybersecurity
The State of Trusted Open Source Report
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The State of Trusted Open Source Report provides insights on open source consu..
12:10 pm, April 2, 2026 Cybersecurity
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
{ "priority": "HIGH", "cve": "N/A", "target": "N/A", "threat_actor": "REF1695", "patch_ready": false, "insight": "REF1695 uses fake installers to deploy RATs and crypto miners, monetizing ..
12:10 pm, April 2, 2026 Cybersecurity
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
{"priority":"HIGH","cve":"N/A","target":"WhatsApp iOS app","threat_actor":"Unknown","patch_ready":false,"insight":"WhatsApp alerted 200 users of a fake iOS app with spyware, mostly affecting Italian t..
11:10 am, April 2, 2026 Cybersecurity
Critical Cisco IMC auth bypass gives attackers Admin access
{ "priority": "CRITICAL", "cve": "N/A", "target": "Cisco IMC", "threat_actor": "N/A", "patch_ready": true, "insight": "Cisco patched a critical authentication bypass in Integrated Manageme..
11:10 am, April 2, 2026 Cybersecurity
Microsoft links Classic Outlook issue to email delivery problems
{ "priority": "INFO", "cve": "N/A", "target": "Microsoft Classic Outlook", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft is investigating an issue with Classic Outlook..
10:10 am, April 2, 2026 Cybersecurity
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
{ "priority": "CRITICAL", "cve": "CVE-2022-1388 or N/A", "target": "F5 BIG-IP APM", "threat_actor": "N/A", "patch_ready": false, "insight": "Over 14,000 F5 BIG-IP APM instances are exposed..
9:10 am, April 2, 2026 Cybersecurity
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
{ "priority": "HIGH", "cve": "N/A", "target": "Apple iOS", "threat_actor": "N/A", "patch_ready": true, "insight": "Apple expanded iOS 18.7.7 update to more devices to block DarkSword explo..
8:10 am, April 2, 2026 Cybersecurity
ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "ISC Stormcast podcast for Thursday, April 2nd, 2026, discussing various cybers..
2:10 am, April 2, 2026 Cybersecurity
New CrystalRAT malware adds RAT, stealer and prankware features
{ "priority": "HIGH", "cve": "N/A", "target": "CrystalRAT", "threat_actor": "N/A", "patch_ready": false, "insight": "New CrystalRAT malware-as-a-service offers remote access, data theft, k..
12:10 am, April 2, 2026 Cybersecurity
Hackers exploit TrueConf zero-day to push malicious software updates
{ "priority": "CRITICAL", "cve": "N/A", "target": "TrueConf", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers exploit TrueConf zero-day to execute arbitrary files on conne..
10:10 pm, April 1, 2026 Cybersecurity
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
{ "priority": "HIGH", "cve": "N/A", "target": "iPhones running iOS 18", "threat_actor": "DarkSword", "patch_ready": true, "insight": "Apple expands iOS 18 updates to more iPhones to block ..
10:10 pm, April 1, 2026 Cybersecurity
New EvilTokens service fuels Microsoft device code phishing attacks
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft", "threat_actor": "EvilTokens", "patch_ready": false, "insight": "EvilTokens kit enables device code phishing to hijack Microsoft a..
8:10 pm, April 1, 2026 Cybersecurity
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
{"priority":"HIGH","cve":"N/A","target":"N/A","threat_actor":"UAC-0255","patch_ready":false,"insight":"CERT-UA impersonated to spread AGEWHEEZE malware via 1 million emails"}
6:10 pm, April 1, 2026 Cybersecurity
AI Testing
