https://threatdigest.io/article/your-router-may-be-vulnerable-to-russian-hackers-fbi-warns-5-steps-to-take-now/ theAIcatchup en 2026-04-10T16:10:55.967941+00:00 Russian Hackers Are Hiding in Your Router: FBI's Urgent Wake-Up Call FBI router warning, GRU APT28, Russian hackers, router security https://threatdigest.io/article/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer/ theAIcatchup en 2026-04-10T16:02:57.432792+00:00 Fake Claude Site Drops PlugX via Signed Antivirus Sideloading Anthropic phishing, Claude malware, DLL sideloading, PlugX RAT https://threatdigest.io/article/nearly-4000-us-industrial-devices-exposed-to-iranian-cyberattacks/ theAIcatchup en 2026-04-10T15:50:16.837672+00:00 4,000 US Factory Brains Exposed: Iranian Hackers Poised to Pull the Plug Iranian cyberattacks, OT security, Rockwell Automation PLCs, critical infrastructure https://threatdigest.io/article/in-other-news-cyberattack-stings-stryker-windows-zero-day-china-supercomputer-hack/ theAIcatchup en 2026-04-10T14:44:59.498002+00:00 Windows Zero-Day Leaked as AI Floods Bug Bounties and Quantum Clocks Tick Faster Anthropic Mythos, Windows zero-day, cybersecurity roundup, post-quantum cryptography https://threatdigest.io/article/analysis-of-one-billion-cisa-kev-remediation-records-exposes-limits-of-human-scale-security/ theAIcatchup en 2026-04-10T13:27:57.192479+00:00 One Billion Patch Failures: Humans Hit Security's Hard Ceiling AI threats, CISA KEV, Risk Mass, vulnerability remediation https://threatdigest.io/article/clickfix-campaign-delivers-mac-malware-via-fake-apple-page/ theAIcatchup en 2026-04-10T13:27:56.760416+00:00 ClickFix Hits Macs Hard: Fake Apple Page Steals Passwords and Crypto Atomic Stealer, ClickFix campaign, Jamf security, Mac malware, macOS social engineering https://threatdigest.io/article/glassworm-campaign-uses-zig-dropper-to-infect-multiple-developer-ides/ theAIcatchup en 2026-04-10T13:26:14.790416+00:00 GlassWorm's Zig Dropper Hijacks Every IDE on Dev Machines GlassWorm campaign, IDE infections, VS Code malware, Zig dropper https://threatdigest.io/article/juniper-networks-patches-dozens-of-junos-os-vulnerabilities/ theAIcatchup en 2026-04-10T13:04:25.060123+00:00 Juniper's Junos Nightmare: 36 Holes, a Default Password, and Echoes of 2015 CVE-2026-33784, Juniper Networks, Junos OS vulnerabilities, privilege escalation https://threatdigest.io/article/cpuid-site-hijacked-to-serve-malware-instead-of-hwmonitor-downloads/ theAIcatchup en 2026-04-10T12:37:28.169424+00:00 CPUID's Trusted HWMonitor Downloads Swapped for Credential-Stealing Malware CPUID hijack, HWMonitor malware, credential stealer, supply chain attack https://threatdigest.io/article/industry-reactions-to-iran-hacking-ics-in-critical-infrastructure-feedback-friday/ theAIcatchup en 2026-04-10T12:33:36.631718+00:00 Iran Hackers Infiltrate US Water Plants via Exposed PLCs: CISA's Urgent Wake-Up Call CISA advisory, ICS attacks, Iran hackers, PLCs vulnerability https://threatdigest.io/article/orthanc-dicom-vulnerabilities-lead-to-crashes-rce/ theAIcatchup en 2026-04-10T11:42:09.780886+00:00 Orthanc DICOM Server Riddled with Nine Nasty Vulnerabilities: Crashes, Leaks, RCE CERT/CC advisory, DICOM server flaws, Orthanc vulnerabilities, RCE in healthcare https://threatdigest.io/article/microsoft-canadian-employees-targeted-in-payroll-pirate-attacks/ theAIcatchup en 2026-04-10T11:32:00.344904+00:00 Payroll Pirates Steal Microsoft Salaries in Canada: The AiTM Hijack Exposed AitM phishing, Microsoft 365 security, Storm-2755, payroll pirate attacks https://threatdigest.io/article/project-glasswing-and-open-source-software-the-good-the-bad-and-the-ugly/ theAIcatchup en 2026-04-10T11:31:09.332475+00:00 Project Glasswing: AI Unleashes a Vulnerability Storm on Open Source AI security tools, Anthropic AI, Anthropic Mythos, Mythos AI, Project Glasswing, open source vulnerabilities https://threatdigest.io/article/just-three-ransomware-gangs-accounted-for-40-of-attacks-last-month/ theAIcatchup en 2026-04-10T11:28:19.663767+00:00 Three Ransomware Gangs Fueled 40% of March's Digital Extortion Wave Akira ransomware, Check Point Research, Dragonforce, Qilin ransomware https://threatdigest.io/article/poisoned-office-365-search-results-lead-to-stolen-paychecks/ theAIcatchup en 2026-04-10T11:08:26.649545+00:00 Hackers Poison Office 365 Searches to Siphon Canadian Paychecks AiTM attacks, Office 365 phishing, Storm-2755, payroll theft https://threatdigest.io/article/chrome-147-patches-60-vulnerabilities-including-two-critical-flaws-worth-86000/ theAIcatchup en 2026-04-10T10:42:24.154617+00:00 Chrome 147 Plugs 60 Holes — But WebML's Bleeding Won't Stop CVE-2026-5858, Chrome 147, WebML vulnerabilities, browser security patches https://threatdigest.io/article/marimo-rce-flaw-cve-2026-39987-exploited-within-10-hours-of-disclosure/ theAIcatchup en 2026-04-10T10:39:50.165528+00:00 Marimo's Terminal Shell Cracked Open: CVE-2026-39987 Exploited in Under 10 Hours CVE-2026-39987, Marimo RCE, Marimo vulnerability, RCE exploit, Sysdig honeypot, WebSocket exploit https://threatdigest.io/article/browser-extensions-are-the-new-ai-consumption-channel-that-no-one-is-talking-about/ theAIcatchup en 2026-04-10T10:39:42.302623+00:00 AI Browser Extensions: The Sneaky Backdoor Nobody's Securing ai-browser-extensions, enterprise-risks, layerx-report, security-blind-spot https://threatdigest.io/article/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/ theAIcatchup en 2026-04-10T10:35:47.642033+00:00 Gmail E2EE Lands on Mobile — Enterprise Shield Up Gmail E2EE, Google Workspace, client-side encryption, enterprise email security, enterprise security https://threatdigest.io/article/gmails-end-to-end-encryption-comes-to-mobile-no-extra-apps-required/ theAIcatchup en 2026-04-10T09:52:32.165791+00:00 Gmail's Mobile E2EE: Enterprise Lock-In Masquerading as Privacy Gmail encryption, Google Workspace, end-to-end encryption, mobile security https://threatdigest.io/article/mitre-releases-fight-fraud-framework/ theAIcatchup en 2026-04-10T09:25:09.911506+00:00 MITRE's F3 Framework: Finally Mapping Fraud's Full Money Trail ATT&CK extension, Fight Fraud Framework, MITRE F3, cyber fraud TTPs https://threatdigest.io/article/critical-marimo-flaw-exploited-hours-after-public-disclosure/ theAIcatchup en 2026-04-10T09:07:45.665695+00:00 Hackers Crack Marimo's Critical Flaw in Under 10 Hours—No PoC Needed CVE-2026-39987, Marimo vulnerability, RCE exploit, Sysdig honeypot, Sysdig report https://threatdigest.io/article/to-counter-cookie-theft-chrome-ships-device-bound-session-credentials/ theAIcatchup en 2026-04-10T08:56:41.971376+00:00 Chrome's Device-Bound Sessions Land on Windows, Slashing Cookie Theft Risks chrome security, cookie theft, device bound session credentials, infostealer malware https://threatdigest.io/article/little-snitch-for-linux-shows-what-your-apps-are-connecting-to/ theAIcatchup en 2026-04-10T08:32:16.670352+00:00 Little Snitch Lands on Linux: The eBPF Firewall That Exposes Your Apps' Secret Chats Linux network monitoring, Little Snitch for Linux, app connection tracker, eBPF firewall https://threatdigest.io/article/apiiro-cli-turns-ai-coding-assistants-into-full-stack-security-engineers/ theAIcatchup en 2026-04-10T08:32:12.594243+00:00 Apiiro CLI: AI Coders as Security Engineers? I've Got Questions AI security, Apiiro CLI, devsecops, threat modeling https://threatdigest.io/article/google-rolls-out-dbsc-in-chrome-146-to-block-session-theft-on-windows/ theAIcatchup en 2026-04-10T08:06:42.693000+00:00 Google's DBSC Lands in Chrome: Stolen Cookies Finally Expire Worthless Chrome 146, DBSC, malware stealers, session theft https://threatdigest.io/article/unpacking-ai-security-in-2026-from-experimentation-to-the-agentic-era/ theAIcatchup en 2026-04-10T07:42:22.657076+00:00 Agentic AI in 2026: Your Autonomous Bots Are Now Hackable Time Bombs AI security in 2026, AI supply chain risks, Cisco AI report, agentic AI https://threatdigest.io/article/microsoft-finds-vulnerability-exposing-millions-of-android-crypto-wallet-users/ theAIcatchup en 2026-04-10T07:36:09.317203+00:00 Microsoft Exposes EngageSDK Flaw Risking 30 Million Android Crypto Wallets Android vulnerability, EngageSDK flaw, Microsoft security research, crypto wallet security https://threatdigest.io/article/google-rolls-out-cookie-theft-protections-in-chrome/ theAIcatchup en 2026-04-10T07:19:12.293039+00:00 Chrome's DBSC Locks Stolen Cookies to Devices — But Will Sites Follow? Chrome DBSC, cookie theft protection, infostealer malware, session security https://threatdigest.io/article/threat-digest-daily-briefing-april-10-2026/ theAIcatchup en 2026-04-10T07:06:07.963514+00:00 Threat Digest Daily Briefing: April 10, 2026 https://threatdigest.io/article/april-2026-patch-tuesday-forecast-spring-cleaning-of-a-preview/ theAIcatchup en 2026-04-10T06:57:03.932263+00:00 Microsoft's Botched Preview Patches Signal Bigger Update Storms Chrome zero-day, Microsoft EOL, Patch Tuesday, Windows 11 updates https://threatdigest.io/article/obfuscated-javascript-or-nothing-thu-apr-9th/ theAIcatchup en 2026-04-10T06:30:56.137618+00:00 10MB JS Time Bomb: How Phishing RARs Unleash Hidden Formbook Formbook, PowerShell loader, obfuscated JavaScript, phishing RAR https://threatdigest.io/article/us-public-sector-under-siege-threat-intelligence-for-q1-2026/ theAIcatchup en 2026-04-10T06:30:28.766244+00:00 3.9 Million School Records Exposed: Q1 2026's Relentless Cyber Siege on US Public Sector Salt Typhoon, Trump cyber strategy, public sector cybersecurity, ransomware education https://threatdigest.io/article/what-vibe-hunting-gets-right-about-ai-threat-hunting-and-where-it-breaks-down/ theAIcatchup en 2026-04-10T04:55:07.281677+00:00 Vibe Hunting: AI's Gut-Feel Threat Spotting – Promise or Peril? AI threat hunting, Exaforce, anomaly detection, vibe hunting https://threatdigest.io/article/health-insurance-lead-sites-sell-personal-data-within-seconds-of-form-submission/ theAIcatchup en 2026-04-10T04:53:14.467095+00:00 Health Insurance Quote Sites Auction Your Data Before Submit Hits PII selling, data privacy, health insurance leads, lead generation sites https://threatdigest.io/article/product-showcase-session-a-messenger-without-phone-numbers-or-metadata/ theAIcatchup en 2026-04-10T04:39:04.936280+00:00 Session Messenger: The App That Ditches Phone Numbers and Actually Might Stick Session messenger, decentralized chat, metadata protection, privacy messaging https://threatdigest.io/article/new-infosec-products-of-the-week-april-10-2026/ theAIcatchup en 2026-04-10T03:47:40.917277+00:00 AI Threat Intel Hits Security Ops: Four Fresh Infosec Tools Land This Week cloud security, compliance tools, malware scanning, threat intelligence https://threatdigest.io/article/surprise-not-every-lenovo-laptop-is-worth-recommending-in-2026-the-yoga-7i-is-proof/ theAIcatchup en 2026-04-10T02:08:29.705388+00:00 Lenovo Yoga 7i 2-in-1: Midrange Charm, 2026 Shortfall 2-in-1 laptop, Lenovo Yoga 7i, OLED touchscreen, laptop review https://threatdigest.io/article/new-lucidrook-malware-used-in-targeted-attacks-on-ngos-universities/ theAIcatchup en 2026-04-09T22:14:15.917596+00:00 LucidRook: Lua Malware's Sneaky Assault on Taiwan's NGOs and Universities Cisco Talos, LucidRook, Taiwan attacks, malware https://threatdigest.io/article/iranian-attacks-on-us-critical-infrastructure-puts-3900-devices-in-crosshairs/ theAIcatchup en 2026-04-09T21:39:07.571964+00:00 Iran's Hidden Assault: 3,900 US PLCs Exposed in the Wild Iran cyber attacks, OT security, PLC vulnerabilities, critical infrastructure https://threatdigest.io/article/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/ theAIcatchup en 2026-04-09T21:32:24.134185+00:00 VENOM Phishing: QR Codes That Hijack C-Suite Microsoft Logins C-suite credential theft, Microsoft phishing, PhaaS attacks, VENOM phishing https://threatdigest.io/article/why-is-the-timeline-to-quantum-proof-everything-constantly-shrinking/ theAIcatchup en 2026-04-09T20:59:39.476096+00:00 Quantum Encryption's Deadline Just Slipped to 2030 China quantum advances, encryption migration, post-quantum cryptography, quantum computing threats https://threatdigest.io/article/the-agentic-socrethinking-secops-for-the-next-decade/ theAIcatchup en 2026-04-09T20:15:40.833655+00:00 Agentic SOC: AI Savior or Vendor Hype Reloaded? AI in cybersecurity, SOC automation, SecOps transformation, agentic SOC https://threatdigest.io/article/engagelab-sdk-flaw-exposed-50m-android-users-including-30m-crypto-wallets/ theAIcatchup en 2026-04-09T19:52:21.057286+00:00 EngageLab SDK Flaw Exposed 50M Android Devices — 30M Crypto Wallets in the Crosshairs Android vulnerability, EngageLab SDK, crypto wallet security, intent redirection https://threatdigest.io/article/several-dozen-high-value-corporations-hit-by-new-extortion-crew-in-helpdesk-phishing-spree/ theAIcatchup en 2026-04-09T19:42:21.194001+00:00 Dozens of Elite Corporations Rocked by UNC6783's Helpdesk Phishing Onslaught BPO attacks, UNC6783, extortion crew, helpdesk phishing https://threatdigest.io/article/februarys-patch-tuesday-assumes-battle-stations/ theAIcatchup en 2026-04-09T19:40:02.898794+00:00 Microsoft's February Patch Tuesday: 58 Fixes, 6 Active Exploits, Azure in the Crosshairs Azure vulnerabilities, Microsoft CVEs, Patch Tuesday, active exploits https://threatdigest.io/article/evil-evolution-clickfix-and-macos-infostealers/ theAIcatchup en 2026-04-09T19:37:50.106554+00:00 ClickFix Mutates: macOS Infostealers Get Sneakier ClickFix, MacSync, macOS infostealers, malvertising https://threatdigest.io/article/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/ theAIcatchup en 2026-04-09T19:36:19.017319+00:00 ChipSoft Ransomware: When One Vendor's Glitch Cripples Dutch Hospitals ChipSoft ransomware, Dutch hospitals outage, EHR breach, healthcare IT attack https://threatdigest.io/article/oracle-vulnerability-cve-2026-21992-impacts-core-products/ theAIcatchup en 2026-04-09T19:35:47.088750+00:00 Oracle's CVE-2026-21992 Lets Hackers Run Wild on Identity Systems CVE-2026-21992, Fusion Middleware, Oracle vulnerability, remote code execution https://threatdigest.io/article/incident-responders-sil-vous-plait-invites-lead-to-odd-malware-events/ theAIcatchup en 2026-04-09T19:34:01.092782+00:00 Fake Party Invites Are Handing Hackers the Keys to Your PC LogMeIn Resolve, RMM malware, infostealer, phishing campaign https://threatdigest.io/article/google-chrome-adds-infostealer-protection-against-session-cookie-theft/ theAIcatchup en 2026-04-09T19:33:19.650547+00:00 Chrome's Hardware-Locked Sessions Crush Cookie-Stealing Malware — But Only If Sites Play Ball Chrome DBSC, TPM security, infostealer malware, session cookie theft https://threatdigest.io/article/march-patch-tuesday-visits-15-product-families/ theAIcatchup en 2026-04-09T19:32:02.336955+00:00 Microsoft's March Patch Bonanza: 84 Holes Plugged, But Obscure Gear Takes the Hits Elevation of Privilege, March 2026 updates, Microsoft CVEs, Patch Tuesday https://threatdigest.io/article/android-devices-ship-with-firmware-level-malware/ theAIcatchup en 2026-04-09T19:25:40.222634+00:00 Budget Android Phones Are Shipping Straight from Factories with Firmware Malware Android firmware infection, Android firmware malware, Keenadu backdoor, Keenadu malware, budget Android phones, budget Android security, supply chain attack, supply chain compromise https://threatdigest.io/article/axios-npm-package-compromised-to-deploy-malware/ theAIcatchup en 2026-04-09T19:23:10.234053+00:00 North Korean Hackers Compromise Axios NPM Package, Deploying RAT Across Platforms axios compromise, nickel gladstone, npm supply chain attack, remote access trojan https://threatdigest.io/article/hacktivist-campaigns-increase-as-united-states-iran-and-israel-conflict-intensifies/ theAIcatchup en 2026-04-09T19:22:37.521501+00:00 Iranian Hacktivists Light Up Chats as US-Israel Strikes Hit Iran DDoS threats, Iran cyber, Israel attacks, hacktivists https://threatdigest.io/article/initial-access-techniques-used-by-iran-based-threat-actors/ theAIcatchup en 2026-04-09T19:22:24.542592+00:00 Iranian Hackers Stick to Cheap Tricks: Phishing, Sprays, and Lazy Patches Fortinet exploits, Iranian threat actors, initial access techniques, password spraying, phishing T1566 https://threatdigest.io/article/chevin-pulls-the-handbrake-on-fleetwave-software-after-security-scare/ theAIcatchup en 2026-04-09T19:22:21.506372+00:00 FleetWave Blackout: Chevin's Azure Security Fumble Leaves Fleets Stranded Azure fleet management, Chevin security incident, FleetWave outage, SaaS cyber scare https://threatdigest.io/article/can-we-trust-ai-no-but-eventually-we-must/ theAIcatchup en 2026-04-09T19:18:53.881215+00:00 AI's Big Lie: We Can't Trust It, But Business Demands We Do AI hallucinations, AI trust issues, llm-vulnerabilities, model collapse https://threatdigest.io/article/security-researchers-tricked-apple-intelligence-into-cursing-at-users-it-could-have-been-a-lot-worse/ theAIcatchup en 2026-04-09T19:17:13.926127+00:00 Apple Intelligence Jailbroken to Curse and Fake Contacts Apple Intelligence, Neural Exec, RSAC security research, prompt injection https://threatdigest.io/article/opswat-adds-predictive-ai-engine-to-metadefender-for-pre-execution-threat-detection/ theAIcatchup en 2026-04-09T19:16:40.595667+00:00 OPSWAT's Predictive AI: Precision Filter or Just More Hype for Overworked SecOps? OPSWAT MetaDefender, Predictive AI, false positive reduction, pre-execution detection https://threatdigest.io/article/bitter-linked-hack-for-hire-campaign-targets-journalists-across-mena-region/ theAIcatchup en 2026-04-09T19:15:01.132489+00:00 Indian-Linked Hackers' Phishing Onslaught Hits MENA Journalists Hard Bitter APT, MENA phishing, hack-for-hire, journalist targeting https://threatdigest.io/article/nowhere-man-the-2026-active-adversary-report/ theAIcatchup en 2026-04-09T19:14:12.889398+00:00 Nowhere, Man: Cyber Threats Stuck in 2025's Same Old Groove active adversary report, cyber threats 2025, identity attacks, sophos ir https://threatdigest.io/article/webinar-from-noise-to-signal-what-threat-actors-are-targeting-next/ theAIcatchup en 2026-04-09T19:12:16.606990+00:00 Dark Web Chatter: Hackers Broadcasting Their Next Heist Before You Notice Telegram threats, dark web monitoring, proactive security, threat actor signals https://threatdigest.io/article/cisco-sd-wan-vulnerabilities-cve-2026-20127-cve-2022-20775-in-active-exploitation/ theAIcatchup en 2026-04-09T19:11:32.096025+00:00 Hackers Are Already Poking Holes in Cisco's SD-WAN – And Feds Are Scrambling CISA directive, CVE-2022-20775, CVE-2026-20127, Cisco SD-WAN https://threatdigest.io/article/google-api-keys-in-android-apps-expose-gemini-endpoints-to-unauthorized-access/ theAIcatchup en 2026-04-09T19:11:15.090209+00:00 Hidden Gemini Keys in Top Android Apps: 500 Million Users' Data on the Line API key leakage, Android API keys, Android security flaw, CloudSEK research, Gemini AI exposure, Gemini security flaw, Google API keys, Google Gemini https://threatdigest.io/article/mallory-brings-contextual-threat-intelligence-to-security-operations/ theAIcatchup en 2026-04-09T19:10:40.987009+00:00 Mallory's AI Threat Intel: Answers, Not Just Alarms AI security, CISO tools, Mallory, threat intelligence https://threatdigest.io/article/the-best-dedicated-web-hosting-of-2026-expert-tested-and-reviewed/ theAIcatchup en 2026-04-09T19:10:30.064046+00:00 Liquid Web Claims 2026's Dedicated Hosting Crown—But IONOS Steals Value Crown IONOS hosting, Liquid Web, WP Engine 2026, dedicated web hosting https://threatdigest.io/article/inside-the-fbis-router-takedown-that-cut-off-apt28s-tremendous-access/ theAIcatchup en 2026-04-09T19:10:06.180139+00:00 FBI's Precision Strike: Severing APT28's Grip on 18,000 Routers APT28, FBI takedown, Operation Masquerade, router compromise https://threatdigest.io/article/the-openclaw-experiment-is-a-warning-shot-for-enterprise-ai-security/ theAIcatchup en 2026-04-09T19:09:48.560012+00:00 OpenClaw's Exposed Underbelly: Agentic AI's Security Reckoning AI security risks, OpenClaw, agentic AI, prompt injection https://threatdigest.io/article/the-hidden-security-risks-of-shadow-ai-in-enterprises/ theAIcatchup en 2026-04-09T19:09:17.226618+00:00 Shadow AI: Enterprises' Invisible Data Leak Factory AI risks, data leaks, enterprise security, shadow AI https://threatdigest.io/article/claude-helps-researcher-dig-up-decade-old-apache-activemq-rce-vulnerability-cve-2026-34197/ theAIcatchup en 2026-04-09T19:07:00.322042+00:00 Claude Unearths 13-Year-Old ActiveMQ RCE Time Bomb (CVE-2026-34197) Apache ActiveMQ, CVE-2026-34197, Claude AI, Jolokia, RCE vulnerability https://threatdigest.io/article/when-attackers-already-have-the-keys-mfa-is-just-another-door-to-open/ theAIcatchup en 2026-04-09T19:05:25.619201+00:00 Figure Breach: When 967K Emails Turn MFA into a Speed Bump AiTM attacks, Figure breach, MFA bypass, credential stuffing https://threatdigest.io/article/zephyr-energy-loses-700k-in-cyber-hit-that-rerouted-contractor-payment/ theAIcatchup en 2026-04-09T19:04:27.243088+00:00 Zephyr Energy's £700K Payment Hijack: Old-School Scam Hits Oil Biz Hard Zephyr Energy cyber attack, business email compromise, oil gas cybersecurity, payment fraud https://threatdigest.io/article/113000-explicit-prompts-from-ai-girlfriend-platform-exposed-many-linked-to-user-ids/ theAIcatchup en 2026-04-09T19:03:09.363567+00:00 MyLovely.AI's Massive Leak: 113K Explicit Prompts Tied to User IDs AI data exposure, MyLovely.AI breach, NSFW AI leak, sextortion risk https://threatdigest.io/article/intent-redirection-vulnerability-in-third-party-sdk-exposed-millions-of-android-wallets-to-potential-risk/ theAIcatchup en 2026-04-09T19:02:58.564068+00:00 30 Million Android Wallets Nearly Drained by Sneaky SDK Flaw Android security, EngageSDK, crypto wallet risk, intent redirection vulnerability https://threatdigest.io/article/advenicas-file-scanner-kiosk-scans-usb-media-for-malware/ theAIcatchup en 2026-04-09T19:02:43.324217+00:00 Advenica's USB Kiosk Promises Malware-Free Transfers—But Is It Just Air-Gapping in a Box? Advenica kiosk, USB malware scanner, air-gapped security, file transfer protection https://threatdigest.io/article/claude-managed-agents-bring-execution-and-control-to-ai-agent-workflows/ theAIcatchup en 2026-04-09T19:00:44.732921+00:00 Claude Managed Agents: Anthropic Tames Wild AI Workflows AI agents, Anthropic, Claude Managed Agents, sandboxed execution https://threatdigest.io/article/threat-intelligence-executive-report-volume-2025-number-6/ theAIcatchup en 2026-04-09T19:00:29.167335+00:00 EDR Killers: Ransomware's Sneaky New Weapon BYOVD attacks, EDR killers, infostealers, ransomware precursors https://threatdigest.io/article/on-microsofts-lousy-cloud-security/ theAIcatchup en 2026-04-09T18:59:48.964625+00:00 Microsoft's Shoddy Cloud Docs Earn FedRAMP Nod Anyway—Taxpayers Foot the Bill FedRAMP, GCC High, Microsoft cloud security, ProPublica report https://threatdigest.io/article/adobe-reader-zero-day-exploited-for-months-researcher/ theAIcatchup en 2026-04-09T18:57:03.358505+00:00 Adobe Reader Zero-Day Sneaks Through PDFs for Months, Evading Detection Adobe Reader zero-day, Expmon, Haifei Li, PDF exploit, sandbox escape https://threatdigest.io/article/nickel-alley-strategy-fake-it-til-you-make-it/ theAIcatchup en 2026-04-09T18:55:51.531676+00:00 North Korea's NICKEL ALLEY Fakes Tech Jobs to Slip PyLangGhost RAT onto Dev Machines NICKEL ALLEY, North Korea malware, PyLangGhost RAT, fake job interviews https://threatdigest.io/article/google-warns-of-new-threat-group-targeting-bpos-and-helpdesks/ theAIcatchup en 2026-04-09T18:55:39.995011+00:00 Helpdesk Hell: Google's UNC6783 Warning Exposes BPO Phishing Plague BPO phishing, Google Threat Intelligence, UNC6783, helpdesk extortion https://threatdigest.io/article/we-let-openclaw-loose-on-an-internal-network-heres-what-it-found/ theAIcatchup en 2026-04-09T18:55:24.050561+00:00 Sophos Red Team Arms OpenClaw: 23 Vulnerabilities Unearthed in Hours on Legacy Network AI pentesting, OpenClaw, red teaming, vulnerability assessment https://threatdigest.io/article/hackers-exploiting-acrobat-reader-zero-day-flaw-since-december/ theAIcatchup en 2026-04-09T18:54:18.456699+00:00 Adobe Reader Zero-Day: Hackers Feast for Months Adobe Reader zero-day, Haifei Li, PDF exploit, russian phishing https://threatdigest.io/article/sticky-note-security-turned-gym-into-hall-of-80s-horrors/ theAIcatchup en 2026-04-09T18:52:15.877336+00:00 Post-it Note Fiasco: How Gym Treadmills Became '80s Hack Targets IoT vulnerabilities, default password fail, gym equipment hack, sticky note security https://threatdigest.io/article/36-million-stolen-in-bitcoin-depot-hack/ theAIcatchup en 2026-04-09T18:50:48.464875+00:00 Bitcoin Depot's $3.6M Bitcoin Heist: Wallets Wide Open Bitcoin Depot hack, SEC filing breach, bitcoin ATM security, crypto theft https://threatdigest.io/article/uat-10362-targets-taiwanese-ngos-with-lucidrook-malware-in-spear-phishing-campaigns/ theAIcatchup en 2026-04-09T18:50:41.898630+00:00 LucidRook Malware: The Lua-Powered Spy Invading Taiwanese NGOs Cisco Talos, DLL side-loading, LucidRook malware, Taiwan NGOs, UAT-10362, spear phishing https://threatdigest.io/article/acrobat-reader-zero-day-exploited-in-the-wild-for-many-months/ theAIcatchup en 2026-04-09T18:50:23.258393+00:00 Adobe Acrobat Zero-Day Lurks for Months, Hits Russian Energy Targets Acrobat Reader zero-day, Adobe vulnerability, PDF exploit, Russian targets https://threatdigest.io/article/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/ theAIcatchup en 2026-04-09T18:50:20.522440+00:00 Storm-2755's Payroll Pirates: Hijacking Canadian Paychecks via Session Theft AiTM attacks, MFA bypass, Storm-2755, payroll attacks https://threatdigest.io/article/prompt-injection-tags-along-as-genai-enters-daily-government-use/ theAIcatchup en 2026-04-09T18:49:46.617914+00:00 82% of State CIOs: GenAI's Daily in Government Workflows, Prompt Injection Crashes the Party GenAI security, government-ai-risks, llm-vulnerabilities, prompt injection https://threatdigest.io/article/300000-people-impacted-by-eurail-data-breach/ theAIcatchup en 2026-04-09T18:49:15.777645+00:00 Eurail Breach Exposes 300,000 Passports: Travelers' Nightmare Unfolds AWS S3 hack, Eurail data breach, passport theft, travel cybersecurity https://threatdigest.io/article/smart-slider-updates-hijacked-to-push-malicious-wordpress-joomla-versions/ theAIcatchup en 2026-04-09T18:47:46.004745+00:00 Smart Slider's Update Nightmare: Hackers Slip Backdoors into 900K+ WordPress Sites Joomla hack, Smart Slider malware, WordPress backdoor, plugin supply chain attack https://threatdigest.io/article/middle-east-hack-for-hire-operation-traced-to-south-asian-cyber-espionage-group/ theAIcatchup en 2026-04-09T18:47:11.754744+00:00 Journalists in Egypt and Lebanon Dodging South Asian Spyware Bullets Bitter APT, ProSpy spyware, hack-for-hire, spear phishing https://threatdigest.io/article/hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer/ theAIcatchup en 2026-04-09T18:46:12.948859+00:00 Pixel of Doom: How Tiny SVGs Steal Cards from Magento Shops Magento vulnerability, PolyShell, SVG skimmer, credit card stealer https://threatdigest.io/article/microsoft-suspends-dev-accounts-for-high-profile-open-source-projects/ theAIcatchup en 2026-04-09T18:45:41.233709+00:00 Microsoft's Silent Account Purge Leaves Windows Users Exposed to Unpatched Security Tools Microsoft developer accounts, Windows security tools, WireGuard VeraCrypt, open source suspension https://threatdigest.io/article/threatsday-bulletin-hybrid-p2p-botnet-13-year-old-apache-rce-and-18-more-stories/ theAIcatchup en 2026-04-09T18:41:59.594655+00:00 Phorpiex's Hybrid P2P Botnet Defies Takedowns — Plus Apache's 13-Year Ghost and Surging Fraud Losses AI DDoS attacks, Apache RCE, Phorpiex botnet, cyber fraud losses https://threatdigest.io/article/intruder-expands-cloud-security-with-agentless-container-image-scanning/ theAIcatchup en 2026-04-09T18:40:37.033464+00:00 Intruder's Agentless Scanning Hits Container Vulnerabilities Head-On Intruder, agentless scanning, cloud vulnerabilities, container security https://threatdigest.io/article/cryptographers-place-5000-bet-whether-quantum-will-matter/ theAIcatchup en 2026-04-09T18:40:35.604498+00:00 Cryptographers Wager $5K: Quantum Break or PQC Flop First? Shor's algorithm, cryptography bet, post-quantum cryptography, quantum computing https://threatdigest.io/article/apple-intelligence-ai-guardrails-bypassed-in-new-attack/ theAIcatchup en 2026-04-09T18:39:35.094887+00:00 Apple Intelligence Cracked: Gibberish Prompts and Backward Unicode Slip Past Guardrails AI guardrails bypass, Apple Intelligence, Unicode attack, prompt injection https://threatdigest.io/article/google-warns-of-new-campaign-targeting-bpos-to-steal-corporate-data/ theAIcatchup en 2026-04-09T18:38:38.492875+00:00 Hackers Are Storming the Backdoor: Google's Warning on BPO Data Heists BPO phishing, Google Threat Intelligence, UNC6783, data extortion https://threatdigest.io/article/cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday/ theAIcatchup en 2026-04-09T18:38:37.050610+00:00 CISA's Sunday Patch Deadline: Ivanti EPMM Hack Hits Feds Hard BOD 22-01, CISA, CVE-2026-1340, Ivanti EPMM, zero-day exploit https://threatdigest.io/article/palo-alto-networks-sonicwall-patch-high-severity-vulnerabilities/ theAIcatchup en 2026-04-09T18:37:27.882071+00:00 Palo Alto and SonicWall Patch Flaws That Could Unlock Enterprise Doors CVE-2026-0234, CVE-2026-4112, Palo Alto Networks vulnerabilities, SonicWall patches https://threatdigest.io/article/google-new-unc6783-hackers-steal-corporate-zendesk-support-tickets/ theAIcatchup en 2026-04-09T18:36:58.130923+00:00 UNC6783 Hackers Are Pillaging Zendesk Tickets from Dozens of Firms BPO compromise, UNC6783, Zendesk phishing, social engineering extortion https://threatdigest.io/article/asqav-open-source-sdk-for-ai-agent-governance/ theAIcatchup en 2026-04-09T18:36:12.302293+00:00 Asqav Chains AI Agent Actions with Unbreakable Quantum-Safe Signatures AI agent governance, Asqav, open-source SDK, quantum-safe crypto https://threatdigest.io/article/this-fake-windows-support-website-delivers-password-stealing-malware/ theAIcatchup en 2026-04-09T18:35:54.460144+00:00 Fake Windows Update Scam Steals French Users' Passwords and Bank Data electron stealer, france data breaches, password stealer, windows update malware https://threatdigest.io/article/whatsapp-brings-long-awaited-privacy-control-over-who-can-contact-you/ theAIcatchup en 2026-04-09T18:35:02.709671+00:00 WhatsApp Usernames: The End of Forced Phone Number Swaps Meta platforms, WhatsApp username, privacy features, spam protection https://threatdigest.io/article/shaky-ceasefire-unlikely-to-stop-cyberattacks-from-iran-linked-hackers-for-long/ theAIcatchup en 2026-04-09T18:31:14.787050+00:00 Iran's Proxy Hackers Dismiss Ceasefire, Eye U.S. Critical Infrastructure Next Handala group, Iran hackers, PLC attacks, cyber ceasefire https://threatdigest.io/article/critical-vulnerability-in-ninja-forms-exposes-wordpress-sites/ theAIcatchup en 2026-04-09T18:31:00.705431+00:00 Ninja Forms' Gaping Hole: Unauthenticated Hackers Can Now Own Your WordPress Site CVSS 9.8, Ninja Forms vulnerability, WordPress RCE, file upload exploit https://threatdigest.io/article/the-hidden-roi-of-visibility-better-decisions-better-behavior-better-security/ theAIcatchup en 2026-04-09T18:30:45.831944+00:00 Cameras Silenced My Psycho Neighbor—Security's Wake-Up Call ROI visibility, app layer security, security visibility, user behavior monitoring https://threatdigest.io/article/we-were-not-ready-for-this-lebanons-emergency-system-is-hanging-by-a-thread/ theAIcatchup en 2026-04-09T18:30:18.525440+00:00 Lebanon's Wartime Database: Lifeline or Liability? Lebanon war tech, digital infrastructure crisis, emergency alert system, humanitarian aid tracking https://threatdigest.io/article/trellix-strengthens-data-security-for-the-genai-era/ theAIcatchup en 2026-04-09T18:30:10.513289+00:00 Trellix's GenAI Security Kit: Essential Fix or Corporate Band-Aid? GenAI security, Trellix, data loss prevention, shadow AI https://threatdigest.io/article/politicians-are-spending-more-money-on-security-as-they-increasingly-become-targets/ theAIcatchup en 2026-04-09T18:29:12.087816+00:00 Politicians' Security Tabs Explode 500% as Death Threats Pile Up campaign security spending, election violence, political threats, public official safety https://threatdigest.io/article/the-long-road-to-your-crypto-clipbanker-and-its-marathon-infection-chain/ theAIcatchup en 2026-04-09T18:28:51.305863+00:00 ClipBanker's Endless Infection Chain Hijacks Your Crypto Clipboard ClipBanker, crypto stealer, fileless malware, malware infection chain https://threatdigest.io/article/new-chaos-variant-targets-misconfigured-cloud-deployments-adds-socks-proxy/ theAIcatchup en 2026-04-09T18:27:34.575298+00:00 Chaos Botnet's Cloud Pivot: SOCKS Proxies Signal Cybercrime's Next Cash Cow Chaos malware, SOCKS proxy, botnet evolution, cloud security https://threatdigest.io/article/eurail-says-december-data-breach-impacts-300000-individuals/ theAIcatchup en 2026-04-09T18:27:22.668827+00:00 Eurail's Massive Breach Dumps 300K Passports on Dark Web Eurail breach, dark web sale, passport data leak, travel cybersecurity https://threatdigest.io/article/number-usage-in-passwords-take-two-thu-apr-9th/ theAIcatchup en 2026-04-09T18:25:16.619938+00:00 Honeypots Snag 496K Passwords: Bots Are Already Hitting '2027' botnets, honeypots, number usage in passwords, password cracking https://threatdigest.io/article/metas-muse-spark-takes-ai-a-step-closer-to-personal-superintelligence/ theAIcatchup en 2026-04-09T18:24:13.985804+00:00 Meta's Muse Spark: AI That Thinks, Sees, and Builds Your World AI safety, Meta AI, Muse Spark, multimodal reasoning https://threatdigest.io/article/criminal-wannabes-even-more-dangerous-than-the-pros-says-ex-fbi-cyber-chief/ theAIcatchup en 2026-04-09T18:23:06.790497+00:00 Ex-FBI Cyber Boss: Script-Kiddie Hackers Ruin More Than the Big Leagues Pay2Key-attack, Sicarii-malware, ex-FBI-cyber, ransomware-wannabes https://threatdigest.io/article/phishers-sneak-through-using-github-and-jiras-own-mail-delivery-infrastructure/ theAIcatchup en 2026-04-09T18:22:28.403961+00:00 Phishers Hijack GitHub and Jira Notifications to Bypass Email Defenses Jira abuse, email notifications, github-security, phishing https://threatdigest.io/article/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/ theAIcatchup en 2026-04-09T18:22:10.780132+00:00 Hackers Weaponize macOS Script Editor for Atomic Stealer Sneak Attack Atomic Stealer, ClickFix attack, Script Editor exploit, macOS malware https://threatdigest.io/article/cracks-in-the-bedrock-agent-god-mode/ theAIcatchup en 2026-04-09T18:20:50.261472+00:00 Agent God Mode: AWS Bedrock's Starter Kit Unlocks Cloud Domination for Rogue AI Agents AI agent security, AWS Bedrock AgentCore, Agent God Mode, IAM privilege escalation https://threatdigest.io/article/why-i-stopped-using-modern-standby-on-my-windows-laptop-to-save-battery-overnight/ theAIcatchup en 2026-04-09T18:15:15.966819+00:00 Ditched Modern Standby — Reclaimed Full Battery Overnight on My Windows Laptop laptop hibernate, modern standby, power management, windows battery drain https://threatdigest.io/article/ai-agent-intent-is-a-starting-point-not-a-security-strategy/ theAIcatchup en 2026-04-09T18:15:07.045256+00:00 Dormant AI Agents: The Hidden Credentials Nightmare No One's Fixing AI agents, hard-coded credentials, prompt injection, security risks https://threatdigest.io/article/threat-digest-daily-briefing-april-09-2026/ theAIcatchup en 2026-04-09T17:03:27.045295+00:00 Threat Digest Daily Briefing: April 09, 2026 https://threatdigest.io/article/mobile-malware-evolution-in-2025/ theAIcatchup en 2026-04-08T17:11:05.310185+00:00 Mobile Malware's 2025 Firmware Takeover: Backdoors Baked Right In Android Trojans, Kaspersky 2025, firmware backdoors, mobile malware https://threatdigest.io/article/anatomy-of-a-cyber-world-global-report-2026/ theAIcatchup en 2026-04-08T17:10:51.635840+00:00 Kaspersky's 2026 Report: Fewer Big Bangs, More Creeping Dangers Kaspersky report, MDR services, MDR statistics, cyber threats 2025, incident response, incident response trends, trusted relationships https://threatdigest.io/article/financial-cyberthreats-in-2025-and-the-outlook-for-2026/ theAIcatchup en 2026-04-08T17:07:22.837289+00:00 Infostealers Eclipse Banking Trojans: Financial Cyberthreats Reshape in 2025 Kaspersky KSN, banking malware, financial cyberthreats, financial phishing, infostealers, infostealers 2025, phishing trends https://threatdigest.io/article/cve-2022-47426/ theAIcatchup en 2026-04-08T17:07:10.701456+00:00 Neshan Maps SQL Injection: CVE-2022-47426 Lets Hackers Hijack Your Maps CVE-2022-47426, Mapping Vulnerability, Neshan Maps, SQL injection, Web Vulnerability https://threatdigest.io/article/cve-2022-46860/ theAIcatchup en 2026-04-08T17:04:45.734227+00:00 CVE-2022-46860: SQL Injection Lets Hackers Hijack WordPress Short URLs CVE-2022-46860, KaizenCoders Short URL, SQL injection, WordPress plugin