List cybersec
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
8:10 pm, April 6, 2026 Cybersecurity
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
{ "priority": "HIGH", "cve": "N/A", "target": "South Korea", "threat_actor": "DPRK-Linked Hackers", "patch_ready": false, "insight": "DPRK-linked hackers use GitHub as C2 infrastructure in..
6:10 pm, April 6, 2026 Cybersecurity
Microsoft removes Support and Recovery Assistant from Windows
{ "priority": "INFO", "cve": "N/A", "target": "Windows", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft has deprecated and removed the Support and Recovery Assistant (S..
6:10 pm, April 6, 2026 Cybersecurity
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
{ "priority": "CRITICAL", "cve": "N/A", "target": "FortiClient Enterprise Management Server (EMS)", "threat_actor": "N/A", "patch_ready": true, "insight": "CISA orders federal agencies to ..
5:10 pm, April 6, 2026 Cybersecurity
Drift $280M crypto theft linked to 6-month in-person operation
{ "priority": "HIGH", "cve": "N/A", "target": "Drift Protocol", "threat_actor": "N/A", "patch_ready": false, "insight": "A $280M crypto theft from Drift Protocol involved a 6-month in-pers..
5:10 pm, April 6, 2026 Cybersecurity
Microsoft links Medusa ransomware affiliate to zero-day attacks
{"priority": "HIGH", "cve": "N/A", "target": "Microsoft", "threat_actor": "Storm-1175", "patch_ready": false, "insight": "Microsoft links Medusa ransomware affiliate to zero-day attacks"}
5:10 pm, April 6, 2026 Cybersecurity
CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability..
4:10 pm, April 6, 2026 Cybersecurity
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
{ "priority": "CRITICAL", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Multiple critical vulnerabilities and exploits were disclosed this week, i..
3:10 pm, April 6, 2026 Cybersecurity
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linu..
3:10 pm, April 6, 2026 Cybersecurity
Why Simple Breach Monitoring is No Longer Enough
{ "priority": "MEDIUM", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Simple breach monitoring is insufficient against modern credential-based att..
2:10 pm, April 6, 2026 Cybersecurity
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
{ "priority": "HIGH", "cve": "N/A", "target": "LiteLLM", "threat_actor": "TeamPCP", "patch_ready": false, "insight": "LiteLLM developer machines were compromised by TeamPCP threat actor, t..
1:10 pm, April 6, 2026 Cybersecurity
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
{ "priority": "HIGH", "cve": "N/A", "target": "EDR Tools", "threat_actor": "Qilin and Warlock", "patch_ready": false, "insight": "Qilin and Warlock ransomware operations use vulnerable dri..
11:10 am, April 6, 2026 Cybersecurity
How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The article discusses the use of open redirects in phishing attacks, citing a ..
9:10 am, April 6, 2026 Cybersecurity
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
``` { "priority": "HIGH", "cve": "N/A", "target": "REvil (Sodinokibi) ransomware", "threat_actor": "UNKN", "patch_ready": false, "insight": "BKA identifies REvil ransomware leader UNKN beh..
7:10 am, April 6, 2026 Cybersecurity
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
{"priority":"HIGH","cve":"N/A","target":"REvil, GandCrab","threat_actor":"Daniil Maksimovich Shchukin (UNKN)","patch_ready":false,"insight":"German authorities identify 31-year-old Russian national Da..
3:10 am, April 6, 2026 Cybersecurity
ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 6, 2026 Cybersecurity
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
{ "priority": "HIGH", "cve": "N/A", "target": "Drift", "threat_actor": "DPRK", "patch_ready": false, "insight": "DPRK conducted a six-month social engineering operation to steal $285 milli..
8:10 pm, April 5, 2026 Cybersecurity
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demandin..
8:10 pm, April 5, 2026 Cybersecurity
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]
7:10 pm, April 5, 2026 Cybersecurity
Hackers exploit React2Shell in automated credential theft campaign
{ "priority": "HIGH", "cve": "CVE-2025-55182", "target": "Next.js", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers exploit React2Shell in automated credential theft campa..
3:10 pm, April 5, 2026 Cybersecurity
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
{ "priority": "CRITICAL", "cve": "CVE-2026-35616", "target": "FortiClient EMS", "threat_actor": "N/A", "patch_ready": true, "insight": "Fortinet patches actively exploited CVE-2026-35616 i..
6:10 am, April 5, 2026 Cybersecurity
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
``` { "priority": "HIGH", "cve": "N/A", "target": "npm registry, Redis, PostgreSQL", "threat_actor": "N/A", "patch_ready": false, "insight": "Malicious npm packages disguised as Strapi CMS..
6:10 am, April 5, 2026 Cybersecurity
Axios npm hack used fake Teams error fix to hijack maintainer account
{ "priority": "HIGH", "cve": "N/A", "target": "Axios HTTP client", "threat_actor": "North Korean threat actors", "patch_ready": false, "insight": "A social engineering campaign targeting a..
9:10 pm, April 4, 2026 Cybersecurity
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
{ "priority": "MEDIUM", "cve": "N/A", "target": "LinkedIn", "threat_actor": "N/A", "patch_ready": false, "insight": "LinkedIn uses hidden JavaScript scripts to scan visitors' browsers for ..
3:10 pm, April 4, 2026 Cybersecurity
Device code phishing attacks surge 37x as new kits spread online
{ "priority": "HIGH", "cve": "N/A", "target": "OAuth 2.0", "threat_actor": "N/A", "patch_ready": false, "insight": "Device code phishing attacks abusing OAuth 2.0 Device Authorization Gran..
3:10 pm, April 4, 2026 Cybersecurity
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
{ "priority": "MEDIUM", "cve": "N/A", "target": "LinkedIn", "threat_actor": "N/A", "patch_ready": false, "insight": "LinkedIn uses hidden JavaScript scripts to scan visitors' browsers for ..
9:10 pm, April 3, 2026 Cybersecurity
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
{"priority":"HIGH","cve":"N/A","target":"PHP Web Shells on Linux Servers","threat_actor":"Threat Actors","patch_ready":false,"insight":"Threat actors use HTTP cookies as a control channel for PHP-base..
6:10 pm, April 3, 2026 Cybersecurity
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
{ "priority": "HIGH", "cve": "N/A", "target": "European Governments", "threat_actor": "TA416", "patch_ready": false, "insight": "China-linked TA416 targets European governments with PlugX ..
6:10 pm, April 3, 2026 Cybersecurity
Hims & Hers warns of data breach after Zendesk support ticket breach
{ "priority": "HIGH", "cve": "N/A", "target": "Hims & Hers Health", "threat_actor": "N/A", "patch_ready": false, "insight": "Telehealth company Hims & Hers Health suffered a data breach af..
6:10 pm, April 3, 2026 Cybersecurity
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]
5:10 pm, April 3, 2026 Cybersecurity
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The article discusses the evolution of ransomware attacks, specifically multi-..
3:10 pm, April 3, 2026 Cybersecurity
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
``` { "priority": "HIGH", "cve": "N/A", "target": "European Commission Cloud, Sportradar, Mercor AI, axios, LiteLLM", "threat_actor": "TeamPCP", "patch_ready": false, "insight": "CERT-EU c..
2:10 pm, April 3, 2026 Cybersecurity
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
{"priority":"MEDIUM","cve":"N/A","target":"N/A","threat_actor":"N/A","patch_ready":false,"insight":"The biggest gap in clients' security posture is third-party risk, as breaches often occur through tr..
1:10 pm, April 3, 2026 Cybersecurity
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
{"priority":"HIGH","cve":"N/A","target":"Axios npm package","threat_actor":"UNC1069","patch_ready":false,"insight":"North Korean threat actors UNC1069 used social engineering to compromise Axios maint..
1:10 pm, April 3, 2026 Cybersecurity
Microsoft still working to fix Exchange Online mailbox access issues
Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. [...]
12:10 pm, April 3, 2026 Cybersecurity
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
``` { "priority": "CRITICAL", "cve": "N/A", "target": "Drift Protocol", "threat_actor": "DPRK", "patch_ready": false, "insight": "A novel social engineering attack involving durable nonces..
10:10 am, April 3, 2026 Cybersecurity
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
{ "priority": "HIGH", "cve": "N/A", "target": "iOS, Android Apps", "threat_actor": "SparkCat", "patch_ready": false, "insight": "New SparkCat malware variant steals crypto wallet recovery ..
10:10 am, April 3, 2026 Cybersecurity
Man admits to locking thousands of Windows devices in extortion plot
{ "priority": "MEDIUM", "cve": "N/A", "target": "Windows", "threat_actor": "Individual (former core infrastructure engineer)", "patch_ready": false, "insight": "A former infrastructure eng..
9:10 am, April 3, 2026 Cybersecurity
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
{"priority": "INFO", "cve": "N/A", "target": "Windows 11", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft has started force-upgrading unmanaged Windows 11 24H2 Home and Pro devices..
8:10 am, April 3, 2026 Cybersecurity
CERT-EU: European Commission hack exposes data of 30 EU entities
The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other..
7:10 am, April 3, 2026 Cybersecurity
Drift loses $280 million North Korean hackers seize Security Council powers
{ "priority": "CRITICAL", "cve": "N/A", "target": "Drift Protocol", "threat_actor": "North Korean hackers", "patch_ready": false, "insight": "Drift Protocol lost $280 million to North Kore..
6:10 am, April 3, 2026 Cybersecurity
ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Summary of ISC Stormcast podcast for April 3rd, 2026, no specific threat intel..
2:10 am, April 3, 2026 Cybersecurity
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web S..
9:10 pm, April 2, 2026 Cybersecurity
Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]
9:10 pm, April 2, 2026 Cybersecurity
Drift loses $280 million as hackers seize Security Council powers
{"priority":"CRITICAL","cve":"N/A","target":"Drift Protocol","threat_actor":"N/A","patch_ready":false,"insight":"A threat actor seized control of Drift Protocol's Security Council administrative power..
7:10 pm, April 2, 2026 Cybersecurity
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
{ "priority": "CRITICAL", "cve": "CVE-2026-20093", "target": "Cisco IMC", "threat_actor": "N/A", "patch_ready": true, "insight": "Cisco patches critical 9.8 CVSS flaw in IMC allowing remot..
5:10 pm, April 2, 2026 Cybersecurity
Residential proxies evaded IP reputation checks in 78% of 4B sessions
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Researchers warn that residential proxies used to route malicious traffic are ..
4:10 pm, April 2, 2026 Cybersecurity
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
{ "priority": "HIGH", "cve": "CVE-2025-30208", "target": "Vite", "threat_actor": "N/A", "patch_ready": true, "insight": "Attempts to exploit exposed Vite installs have been detected." }
3:10 pm, April 2, 2026 Cybersecurity
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The ThreatsDay Bulletin covers various cybersecurity topics, including pre-aut..
2:10 pm, April 2, 2026 Cybersecurity
Medtech giant Stryker fully operational after data-wiping attack
{ "priority": "HIGH", "cve": "N/A", "target": "Stryker Corporation", "threat_actor": "Handala", "patch_ready": false, "insight": "Medtech giant Stryker restored operations after a data-wip..
2:10 pm, April 2, 2026 Cybersecurity
AI Testing
