https://threatdigest.io/article/2025-the-untold-stories-of-check-point-research/ theAIcatchup en 2026-04-08T15:31:42.130458+00:00 Check Point's 2025 Threat Secrets: Hidden Clues to Tomorrow's Attacks 2025 cyber threats, Check Point Research, financial APTs, state-sponsored attacks https://threatdigest.io/article/caught-in-the-hook-rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536-cve-2026-21852/ theAIcatchup en 2026-04-08T15:28:12.056287+00:00 Claude Code's Hook Trap: RCE and Token Theft via Sneaky Project Files API token exfiltration, Anthropic security, Claude Code vulnerability, RCE CVE-2025-59536 https://threatdigest.io/article/iranian-mois-actors-the-cyber-crime-connection/ theAIcatchup en 2026-04-08T15:21:25.284908+00:00 Iran's Spy Agency Dives into the Cyber Crime Underworld Check Point Research, Iranian MOIS, cyber crime ecosystem, state-sponsored hacking https://threatdigest.io/article/silver-dragon-targets-organizations-in-southeast-asia-and-europe/ theAIcatchup en 2026-04-08T15:19:35.885117+00:00 Silver Dragon: Chinese Hackers Zero In on Asian and European Governments APT41, Chinese hackers, Silver Dragon, Southeast Asia cyber attacks https://threatdigest.io/article/iranian-hackers-launching-disruptive-attacks-at-us-energy-water-targets-feds-warn/ theAIcatchup en 2026-04-08T15:14:38.053678+00:00 Iranian Hackers Disrupt U.S. Power Grids and Water Plants — Feds' Urgent Warning Iranian hackers, SCADA vulnerabilities, US infrastructure attacks, energy sector cyber https://threatdigest.io/article/ai-threat-landscape-digest-january-february-2026/ theAIcatchup en 2026-04-08T15:13:49.294494+00:00 Solo Hacker + AI = Pro Malware in Days: The VoidLink Wake-Up Call AI-assisted malware, Check Point Research, VoidLink framework, cyber threat landscape https://threatdigest.io/article/grafanaghost-bypasses-grafanas-ai-defenses-without-leaving-a-trace/ theAIcatchup en 2026-04-08T15:03:10.970259+00:00 GrafanaGhost: Attackers Weaponize Grafana's AI for Stealthy Data Heists AI vulnerability, GrafanaGhost, data exfiltration, prompt injection https://threatdigest.io/article/house-dems-decry-confirmed-ice-usage-of-paragon-spyware/ theAIcatchup en 2026-04-08T15:01:54.118175+00:00 ICE's Paragon Spyware Gambit Ignites Democratic Fury Over Domestic Surveillance Creep House Democrats letter, ICE spyware, Paragon surveillance, domestic spyware https://threatdigest.io/article/wyden-warns-social-security-chief-trumps-voter-database-is-blatant-voter-suppression/ theAIcatchup en 2026-04-08T15:00:20.164751+00:00 Wyden's Fiery Letter Exposes Trump's SSA Voter Purge Playbook SSA database, Trump executive order, election security, voter suppression https://threatdigest.io/article/30th-march-threat-intelligence-report/ theAIcatchup en 2026-04-08T15:00:14.575918+00:00 Iranian Hackers Raid FBI Director's Gmail: Personal Pics and Payback FBI breach, Gmail security, Handala Hack, Iran cyber attacks https://threatdigest.io/article/fortinet-customers-confront-actively-exploited-zero-day-with-a-full-patch-still-pending/ theAIcatchup en 2026-04-08T14:57:46.896811+00:00 Fortinet's EMS Zero-Day: Hackers Strike While Patch Lags CVE-2024-21762, FortiClient EMS, Fortinet zero-day, endpoint vulnerability https://threatdigest.io/article/6th-april-threat-intelligence-report/ theAIcatchup en 2026-04-08T14:55:25.836906+00:00 Trivy Supply Chain Attack Cracks Open EU Commission's Europa.eu—Supply Chain's New Frontline Check Point Research, Europa.eu hack, European Commission breach, Trivy supply chain attack https://threatdigest.io/article/handala-hack-unveiling-groups-modus-operandi/ theAIcatchup en 2026-04-08T14:53:58.094970+00:00 Handala Hack: Iran's Destructive Leak Machine Exposed Handala Hack, Iranian APT, Void Manticore, wiper malware https://threatdigest.io/article/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices/ theAIcatchup en 2026-04-08T14:53:04.709917+00:00 Russia's Router Spies Hit 18,000 Devices — Feds Finally Unplug the Mess APT28, Forest Blizzard, GRU espionage, router hijacking https://threatdigest.io/article/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/ theAIcatchup en 2026-04-08T14:51:34.998964+00:00 ChatGPT's Code Runtime Hides a Data Siphon — Your Secrets at Risk AI sandbox breach, ChatGPT data leakage, OpenAI security flaw, code execution vulnerability https://threatdigest.io/article/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/ theAIcatchup en 2026-04-08T14:50:59.066233+00:00 TrueConf's Zero-Day Lets Hackers Infiltrate Southeast Asian Governments CVE-2026-3502, Operation TrueChaos, Southeast Asia cyber attacks, TrueConf zero-day https://threatdigest.io/article/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east/ theAIcatchup en 2026-04-08T14:50:57.255899+00:00 Iran's IP Camera Hack: Spying from Tel Aviv Traffic Cams During Missile Barrage IP camera hacks, Iran cyber attacks, Israel Iran war, cyber physical warfare https://threatdigest.io/article/rce-bug-lurked-in-apache-activemq-classic-for-13-years/ theAIcatchup en 2026-04-08T14:49:49.810334+00:00 Apache ActiveMQ's 13-Year RCE Nightmare: Auth Bypass via Ancient Flaw Chain Apache ActiveMQ, CVE-2026-34197, Jolokia API, RCE vulnerability https://threatdigest.io/article/23rd-march-threat-intelligence-report/ theAIcatchup en 2026-04-08T14:48:24.742394+00:00 Inside Check Point's March 23 Threat Report: Navia's 2.6 Million Record Nightmare Check Point Research, Navia breach, Threat Intelligence Report, data exfiltration https://threatdigest.io/article/iranian-threat-actors-disrupt-us-critical-infrastructure-via-exposed-plcs/ theAIcatchup en 2026-04-08T14:44:27.518590+00:00 Iranian Hackers Hijack 500+ Exposed US PLCs, Triggering Blackouts and $10M Losses Iranian threat actors, OT security, critical infrastructure attacks, exposed PLCs https://threatdigest.io/article/more-honeypot-fingerprinting-scans-wed-apr-8th/ theAIcatchup en 2026-04-08T14:31:10.693633+00:00 Hackers Type 'Honeypot' as Username—and It Works, Exposing the Trap Cowrie honeypot, SSH scanning, attacker evasion, cybersecurity decoys, honeypot fingerprinting, threat scans https://threatdigest.io/article/is-a-30000-gpu-good-at-password-cracking/ theAIcatchup en 2026-04-08T14:07:42.143054+00:00 Why $30K AI GPUs Crash on Password Cracking Benchmarks AI hardware security, GPU benchmarks, NVIDIA H100, Specops research, password cracking, weak passwords https://threatdigest.io/article/russian-hacking-group-targets-home-and-small-office-routers-to-spy-on-users/ theAIcatchup en 2026-04-08T13:05:50.394861+00:00 Russian Hackers Flip Your Router's DNS to Watch Everything DNS hijacking, FBI cyber warning, FBI warning, Russian hackers, SOHO router vulnerabilities, router DNS hijack, router hacking, router vulnerabilities https://threatdigest.io/article/massachusetts-hospital-diverts-ambulances-as-cyberattack-causes-disruption/ theAIcatchup en 2026-04-08T12:32:27.456799+00:00 Ambulances Rerouted in Brockton: Signature Healthcare's Cyber Nightmare Unfolds Brockton Hospital, Signature Healthcare, Signature Healthcare cyberattack, ambulance diversion, healthcare cyberattack, healthcare cybersecurity, hospital disruption, hospital ransomware, ransomware https://threatdigest.io/article/shrinking-the-iam-attack-surface-through-identity-visibility-and-intelligence-platforms-ivip/ theAIcatchup en 2026-04-08T12:02:55.044791+00:00 IVIPs Expose the 46% of Identities Hiding in Enterprise Shadows IAM attack surface, IAM visibility, IAM-security, IVIP, Orchid Security, identity dark matter https://threatdigest.io/article/evasive-masjesu-ddos-botnet-targets-iot-devices/ theAIcatchup en 2026-04-08T11:29:18.381647+00:00 Masjesu Botnet: Your Forgotten IoT Gadget's Secret Life as a DDoS Weapon DDoS attacks, IoT malware, IoT security, IoT vulnerabilities, Masjesu botnet, Telegram botnets, Trellix analysis https://threatdigest.io/article/us-disrupts-russian-espionage-operation-involving-hacked-routers-and-dns-hijacking/ theAIcatchup en 2026-04-08T11:06:25.966424+00:00 FBI Crushes GRU's Router Snooping Scheme: DNS Tricks and Hacked Home Gear Exposed APT28, DNS hijacking, Fancy Bear, Forest Blizzard, GRU espionage, SOHO Routers, SOHO router hack, SOHO router hacks https://threatdigest.io/article/us-thwarts-dns-hijacking-network-controlled-by-russian-apt28-hackers/ theAIcatchup en 2026-04-08T10:10:12.354344+00:00 US FBI's Daring Router Raid Crushes Russia's DNS Spy Network APT28, DNS hijacking, FBI Operation Masquerade, Operation Masquerade, Russian GRU, Russian hackers https://threatdigest.io/article/anthropics-claude-mythos-finds-thousands-of-zero-day-flaws-across-major-systems/ theAIcatchup en 2026-04-08T09:29:31.921395+00:00 Anthropic's Claude Mythos Digs Up Thousands of Zero-Days — But Who's Really Winning? Claude Mythos https://threatdigest.io/article/claude-discovers-apache-activemq-bug-hidden-for-13-years/ theAIcatchup en 2026-04-08T09:22:23.726671+00:00 Claude AI Digs Up 13-Year RCE Time Bomb in Apache ActiveMQ Apache ActiveMQ, CVE-2026-34197 https://threatdigest.io/article/n-korean-hackers-spread-1700-malicious-packages-across-npm-pypi-go-rust/ theAIcatchup en 2026-04-08T08:25:13.578412+00:00 North Korea's Hackers Hit 1,700 Malicious Packages Across npm, PyPI, Go, and Rust https://threatdigest.io/article/iranbacked-threat-actors-hit-us-cni-providers-via-internetfacing-ot-assets/ theAIcatchup en 2026-04-08T08:07:21.198236+00:00 Iran's Hackers Gut US Water Plants—Via Exposed PLCs CISA advisory, CNI attacks, Iran hackers, Iranian hackers, OT security, OT vulnerabilities, Rockwell PLCs, US CNI attacks https://threatdigest.io/article/men-are-buying-hacking-tools-to-use-against-their-wives-and-friends/ theAIcatchup en 2026-04-08T07:27:53.264066+00:00 Telegram's Dark Bazaar: Men Snap Up Spy Tools to Stalk Wives and Exes Telegram abuse, hacking services, hacking tools, nonconsensual imagery, online harassment, spyware market, stalkerware abuse, stalkerware sales, telegram spyware https://threatdigest.io/article/iran-linked-hackers-disrupt-us-critical-infrastructure-by-targeting-internet-exposed-plcs/ theAIcatchup en 2026-04-08T06:51:33.099921+00:00 Iran's Hackers Crack Open America's Industrial Controls Iran hackers, Iranian hackers, OT attacks, OT security, PLCs, critical infrastructure https://threatdigest.io/article/iran-linked-hackers-disrupt-us-critical-infrastructure-via-plc-attacks/ theAIcatchup en 2026-04-08T05:06:28.433369+00:00 Iran Hackers Cripple US Water and Energy PLCs in Coordinated Strikes CyberAv3ngers, Iran hackers, PLC attacks, critical infrastructure https://threatdigest.io/article/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/ theAIcatchup en 2026-04-07T21:33:46.152723+00:00 Hackers Slip PHP Shells into Ninja Forms — WordPress Sites Crumble Overnight CVE-2026-0740, Ninja Forms vulnerability, WordPress exploit, remote code execution https://threatdigest.io/article/anthropic-claude-mythos-preview-the-more-capable-ai-becomes-the-more-security-it-needs/ theAIcatchup en 2026-04-07T20:40:54.688333+00:00 Claude Mythos Preview: Why Frontier AI Demands Endpoint Armor from CrowdStrike CrowdStrike https://threatdigest.io/article/fbi-americans-lost-a-record-21-billion-to-cybercrime-last-year/ theAIcatchup en 2026-04-07T20:32:02.742862+00:00 $21 Billion Vanishes: FBI's Grim Cybercrime Tally for 2025 AI scams, FBI IC3 report, cybercrime losses, investment scams https://threatdigest.io/article/multi-os-cyberattacks-how-socs-close-a-critical-risk-in-3-steps/ theAIcatchup en 2026-04-07T20:17:43.436172+00:00 Multi-OS Attacks Hit 65% of Breaches—SOCs' 3-Step Fix ANY.RUN Sandbox, ClickFix campaign, ClickFix malware, SOC workflows, any-run-sandbox, cross-platform triage, multi-OS cyberattacks, soc-triage https://threatdigest.io/article/new-gpubreach-attack-enables-full-cpu-privilege-escalation-via-gddr6-bit-flips/ theAIcatchup en 2026-04-07T20:14:54.671598+00:00 GPUBreach: How RowHammer Just Cracked Open NVIDIA's GPU Fortress GPU security, GPUBreach, NVIDIA vulnerability, RowHammer GPU, Rowhammer, privilege escalation https://threatdigest.io/article/the-hack-that-exposed-syrias-sweeping-security-failures/ theAIcatchup en 2026-04-07T20:10:53.185028+00:00 Syria's Hacked Government Accounts: A Digital Embarrassment That Could Spark Real Chaos MFA absence, MFA neglect, Syria hack, account takeover, cybersecurity failures, government X accounts, government account takeover, government accounts https://threatdigest.io/article/hackers-are-posting-the-claude-code-leak-with-bonus-malware/ theAIcatchup en 2026-04-07T20:10:30.181051+00:00 Hackers Weaponize Claude Code Leak with Infostealer Malware on GitHub AI coding security, AI tool hacks, Anthropic malware, Anthropic security, GitHub infostealer, GitHub malware, GitHub repos, GitHub takedowns, infostealer attack, infostealer malware https://threatdigest.io/article/iran-linked-hackers-are-sabotaging-us-energy-and-water-infrastructure/ theAIcatchup en 2026-04-07T20:08:37.233864+00:00 Iran's Hackers Already Sabotaging US Power and Water Grids CyberAv3ngers, Iran hackers, PLC attacks, PLC sabotage, PLC vulnerabilities, US infrastructure, US infrastructure sabotage https://threatdigest.io/article/trent-ai-emerges-from-stealth-with-13-million-in-funding/ theAIcatchup en 2026-04-07T20:08:31.163308+00:00 Trent AI's $13M Gamble on Taming Wild AI Agents AI agent security, AI security platform, Trent AI, cybersecurity funding, cybersecurity startup, seed funding https://threatdigest.io/article/over-1000-exposed-comfyui-instances-targeted-in-cryptomining-botnet-campaign/ theAIcatchup en 2026-04-07T20:06:54.246777+00:00 Hackers Hijack 1,000 ComfyUI Servers for a Stealthy Crypto Mining Empire Censys report, ComfyUI botnet, ComfyUI exploit, Stable Diffusion exploit, XMRig Monero, XMRig malware, cryptomining botnet, cryptomining campaign, custom node exploit, remote code execution https://threatdigest.io/article/a-little-bit-pivoting-what-web-shells-are-attackers-looking-forx3f-tue-apr-7th/ theAIcatchup en 2026-04-07T20:04:15.474453+00:00 Microsoft IPs Scan 287 Sneaky Web Shells: Attackers' Hit List Exposed Microsoft Azure attacks, Microsoft Azure scans, WordPress attacks, WordPress vulnerabilities, persistence techniques, web shells, webshells https://threatdigest.io/article/dprk-linked-hackers-use-github-as-c2-in-multi-stage-attacks-targeting-south-korea/ theAIcatchup en 2026-04-07T20:04:12.415984+00:00 North Korean Hackers Turn GitHub into a Shadowy C2 Nerve Center for South Korean Targets DPRK hackers, GitHub C2, Kimsuky, LNK phishing, South Korea attacks, South Korea cyberattacks https://threatdigest.io/article/285-million-drift-hack-traced-to-six-month-dprk-social-engineering-operation/ theAIcatchup en 2026-04-07T20:04:08.810712+00:00 North Korea's Six-Month Con Job Steals $285M from Solana DEX Drift DPRK cyber, DPRK hackers, Drift hack, Solana DeFi, crypto theft, social engineering https://threatdigest.io/article/grafana-patches-ai-bug-that-could-have-leaked-user-data/ theAIcatchup en 2026-04-07T20:03:08.779026+00:00 Grafana's AI Feature Was One Sneaky Web Page Away from Spilling Secrets AI prompt injection, AI security patch, CVE-2024-9264, Grafana AI bug, Grafana vulnerability, data exfiltration, data leak, data leak vulnerability, observability security https://threatdigest.io/article/qilin-and-warlock-ransomware-use-vulnerable-drivers-to-disable-300-edr-tools/ theAIcatchup en 2026-04-07T20:01:26.059531+00:00 Qilin and Warlock's BYOVD Assault: Silencing 300+ EDRs in the Kernel BYOVD, BYOVD attacks, EDR bypass, Qilin ransomware, Warlock ransomware, vulnerable drivers https://threatdigest.io/article/the-hidden-cost-of-recurring-credential-incidents/ theAIcatchup en 2026-04-07T20:01:24.983512+00:00 Recurring Credential Incidents: The IT Time Sink Nobody Talks About breached passwords, helpdesk costs, password policies, password resets, password security, recurring credential incidents https://threatdigest.io/article/grafanaghost-attackers-can-abuse-grafana-to-leak-enterprise-data/ theAIcatchup en 2026-04-07T20:01:07.548460+00:00 GrafanaGhost: The AI Backdoor Turning Data Dashboards into Spy Tools AI prompt injection, AI vulnerability, Grafana vulnerability, GrafanaGhost, data exfiltration https://threatdigest.io/article/storm-1175-exploits-flaws-in-high-velocity-medusa-attacks/ theAIcatchup en 2026-04-07T20:01:06.783934+00:00 Storm-1175's 16-Vulnerability Blitz Powers Medusa Ransomware Onslaught Medusa ransomware, Microsoft threat intel, Storm-1175, healthcare ransomware, zero-day exploits https://threatdigest.io/article/google-wants-to-transition-to-post-quantum-cryptography-by-2029/ theAIcatchup en 2026-04-07T19:59:54.689583+00:00 Google's Rush to Post-Quantum Crypto by 2029: Prudent or Panic? Google security, crypto-agility, post-quantum cryptography, quantum computing threats, quantum threats https://threatdigest.io/article/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/ theAIcatchup en 2026-04-07T19:59:42.879062+00:00 Germany Names REvil and GandCrab Boss: Meet Daniil Shchukin Daniil Shchukin, GandCrab, Germany BKA, REvil, UNKN, double-extortion, ransomware, ransomware doxxing https://threatdigest.io/article/over-17bn-lost-to-cyber-fraud-in-the-last-year-warns-fbi/ theAIcatchup en 2026-04-07T19:59:33.661232+00:00 FBI Tallies $17.7 Billion Cyber Fraud Haul: Crypto Kings, AI Deepfakes, and Your Wallet's Nightmare AI scams, AI-enabled fraud, FBI IC3 report, FBI Internet Crime Report, crypto investment scams, cryptocurrency fraud, cryptocurrency scams, cyber fraud, cyber fraud losses https://threatdigest.io/article/russian-state-linked-apt28-exploits-soho-routers-in-global-dns-hijacking-campaign/ theAIcatchup en 2026-04-07T19:58:23.988435+00:00 APT28's FrostArmada: How Russian Spies Hijacked 18,000 Routers for Stealthy Global Espionage APT28, DNS hijacking, FrostArmada, SOHO Routers https://threatdigest.io/article/docker-cve-2026-34040-lets-attackers-bypass-authorization-and-gain-host-access/ theAIcatchup en 2026-04-07T19:56:24.816594+00:00 Docker's Sneaky Padding Trick: One Request Away from Host Takeover AI agent exploits, AuthZ bypass, Docker CVE-2026-34040, authorization bypass, container escape, container security https://threatdigest.io/article/bka-identifies-revil-leaders-behind-130-german-ransomware-attacks/ theAIcatchup en 2026-04-07T19:55:37.704054+00:00 Germany Names REvil's Ringleaders: 130 Attacks, €35M in Pain – Justice or Just a Whack-a-Mole? BKA, BKA investigation, REvil, REvil ransomware, Russian hackers, cybercrime arrests, ransomware, ransomware attacks Germany https://threatdigest.io/article/flowise-ai-agent-builder-under-active-cvss-100-rce-exploitation-12000-instances-exposed/ theAIcatchup en 2026-04-07T19:54:00.214124+00:00 Flowise's CVSS 10 RCE Nightmare: 12,000 Exposed AI Servers Under Siege AI security, CVE-2025-59528, Flowise, RCE exploitation https://threatdigest.io/article/china-linked-storm-1175-exploits-zero-days-to-rapidly-deploy-medusa-ransomware/ theAIcatchup en 2026-04-07T19:51:22.391042+00:00 Storm-1175's Zero-Day Rampage: China Hackers Dropping Medusa Ransomware in Record Time China threat actor, Medusa ransomware, Storm-1175, zero-day exploits https://threatdigest.io/article/anthropic-teams-up-with-its-rivals-to-keep-ai-from-hacking-everything/ theAIcatchup en 2026-04-07T19:51:17.492272+00:00 Anthropic's Project Glasswing: Rivals Unite Against AI's Hacking Edge Anthropic Claude Mythos, Anthropic consortium, vulnerability discovery https://threatdigest.io/article/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/ theAIcatchup en 2026-04-07T19:50:13.824098+00:00 Storm-1175's Zero-Day Blitz: Ransomware Hits Where It Hurts Most Medusa ransomware, Microsoft threat intel, Microsoft threat intelligence, Storm-1175, zero-day exploits https://threatdigest.io/article/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/ theAIcatchup en 2026-04-07T19:49:27.868154+00:00 Claude Mythos Unearths Decade-Old Bugs — But Hands Hackers a Loaded Gun https://threatdigest.io/article/cybersecurity-in-the-age-of-instant-software/ theAIcatchup en 2026-04-07T19:49:14.782523+00:00 Instant Software Upends Cybersecurity: Who Wins the AI Arms Race? AI arms race, AI patching, auto-patching, instant software, vulnerability discovery https://threatdigest.io/article/how-litellm-turned-developer-machines-into-credential-vaults-for-attackers/ theAIcatchup en 2026-04-07T19:48:53.465151+00:00 LiteLLM's Poisoned PyPI Packages Turned Dev Laptops Into Open Credential Safes LiteLLM attack, PyPI malware, PyPI supply chain, credential theft, developer endpoint security, developer security, supply chain compromise https://threatdigest.io/article/critical-flowise-vulnerability-in-attacker-crosshairs/ theAIcatchup en 2026-04-07T19:47:59.980491+00:00 Flowise's RCE Nightmare: 15,000 Exposed Servers in Hackers' Sights AI platform exploit, AI platform security, AI security, CVE-2025-59528, Flowise vulnerability, RCE exploit, remote code execution https://threatdigest.io/article/hong-kong-police-can-force-you-to-reveal-your-encryption-keys/ theAIcatchup en 2026-04-07T19:47:49.590521+00:00 Hong Kong Cops Now Demand Your Phone Passcodes — Even at the Airport Hong Kong encryption keys, Hong Kong encryption law, device password demand, device seizures, device unlocking, national security law, police device seizure, privacy border seizure, privacy rights, privacy warning, privacy warning travelers https://threatdigest.io/article/iran-linked-password-spraying-campaign-targets-300-israeli-microsoft-365-organizations/ theAIcatchup en 2026-04-07T19:46:34.671146+00:00 Iran's Hackers Spray Passwords at 300+ Israeli Microsoft 365 Targets—And It's Just Getting Started Gray Sandstorm, Iran cyber attacks, Iran cyber threats, Iran hackers, Iranian hackers, Microsoft 365 attacks, Microsoft 365 breach, Pay2Key ransomware, password spraying https://threatdigest.io/article/automated-credential-harvesting-campaign-exploits-react2shell-flaw/ theAIcatchup en 2026-04-07T19:45:45.520219+00:00 UAT-10608's Automated Credential Grab: Next.js Apps Bleeding Secrets via React2Shell Next.js vulnerability, React2Shell, React2Shell flaw, UAT-10608, credential harvesting https://threatdigest.io/article/fortinet-issues-emergency-patch-for-forticlient-zero-day/ theAIcatchup en 2026-04-07T19:44:10.325086+00:00 Fortinet's FortiClient Zero-Day Lets Hackers Slip Past Logins—Patch or Perish CVE-2026-35616, FortiClient, FortiClient zero-day, Fortinet, authentication bypass, zero-day https://threatdigest.io/article/rsac-2026-how-ai-is-reshaping-cybersecurity-faster-than-ever/ theAIcatchup en 2026-04-07T19:43:09.337889+00:00 RSAC 2026: AI's Cyber Arms Race Accelerates — But Who's Winning? Kelly Jackson Higgins, RSA Conference, RSAC 2026, predictive security, security hype, threat detection, threat hunting https://threatdigest.io/article/ai-assisted-supply-chain-attack-targets-github/ theAIcatchup en 2026-04-07T19:42:34.769099+00:00 PRT-Scan: AI Turns GitHub Misconfigs into Easy Supply Chain Prey AI malware, ai-threat-actors, github-security, prt-scan, supply chain attack https://threatdigest.io/article/fortinet-releases-emergency-patch-after-forticlient-ems-bug-is-exploited/ theAIcatchup en 2026-04-07T19:42:34.541890+00:00 Fortinet's FortiClient EMS Under Fire: Exploited Bugs Force Emergency Patches CVE-2026-35616, FortiClient EMS, Fortinet, SQL injection, zero-day exploit https://threatdigest.io/article/support-platform-breach-exposes-hims-amp-hers-customer-data/ theAIcatchup en 2026-04-07T19:42:12.561828+00:00 Hims & Hers Breach Puts ED and Hair Loss Secrets in Hacker Hands Hims & Hers breach, ShinyHunters, Zendesk hack, telehealth data leak https://threatdigest.io/article/webinar-today-why-automated-pentesting-alone-is-not-enough/ theAIcatchup en 2026-04-07T19:41:40.569216+00:00 Your Pentest Bot Went Quiet: The Hidden Gaps Killing Your Security APT tools, automated pentesting, coverage gaps, penetration testing, pentesting tools, security validation, security webinar, validation framework https://threatdigest.io/article/russian-apt28-hackers-hijack-routers-to-steal-credentials-uk-security-agency-warns/ theAIcatchup en 2026-04-07T19:40:44.552747+00:00 APT28's Router Trap: How Russian Hackers Are Siphoning Your Secrets Through Everyday WiFi Gear APT28, DNS hijacking, DNS theft, Fancy Bear, NCSC advisory, credential theft, router hijacking https://threatdigest.io/article/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants/ theAIcatchup en 2026-04-07T19:40:42.114899+00:00 36 Fake npm Strapi Plugins Slip Redis and Postgres Backdoors into Dev Pipelines PostgreSQL backdoor, Redis exploit, Redis exploitation, Strapi plugins, Strapi supply chain attack, malicious npm packages, supply chain attack https://threatdigest.io/article/understanding-current-threats-to-kubernetes-environments/ theAIcatchup en 2026-04-07T19:40:33.662818+00:00 Kubernetes Token Heists Spike 282%: Attackers' Fast Path to Your Cloud Core CVE-2025-55182, Kubernetes threats, React2Shell CVE, cloud pivoting, cloud pivots, service account tokens https://threatdigest.io/article/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/ theAIcatchup en 2026-04-07T19:40:31.462269+00:00 QR Codes Turn Traffic Texts into Data Heists QR code phishing, SMS scams, phishing texts, smishing attacks, smishing scams, traffic violation phishing, traffic violation scams https://threatdigest.io/article/medusa-ransomware-fast-to-exploit-vulnerabilities-breached-systems/ theAIcatchup en 2026-04-07T19:40:19.818187+00:00 Medusa Ransomware: Zero-Days to Encryption in Under 24 Hours Medusa ransomware, Storm-1175, double-extortion, zero-day exploits https://threatdigest.io/article/axios-attack-shows-complex-social-engineering-is-industrialized/ theAIcatchup en 2026-04-07T19:39:35.332119+00:00 Axios NPM Hijack: When Social Engineering Goes Factory-Scale axios-attack, npm security, social engineering, supply chain attack, supply chain attacks https://threatdigest.io/article/authorities-disrupt-router-dns-hijacks-used-to-steal-microsoft-365-logins/ theAIcatchup en 2026-04-07T19:39:32.420764+00:00 FrostArmada's Fall: How Cops Crushed Russia's Router Spy Network Targeting Microsoft Logins APT28, DNS hijacking, FrostArmada, Microsoft 365 security, MikroTik routers, router compromise https://threatdigest.io/article/cisa-orders-feds-to-patch-exploited-fortinet-ems-flaw-by-friday/ theAIcatchup en 2026-04-07T19:38:22.048326+00:00 CISA's Fortinet EMS Patch Deadline: A Wake-Up Call for Exposed Management Servers CISA KEV, CVE-2026-35616, Fortinet EMS, zero-day exploit https://threatdigest.io/article/a-week-in-security-march-30-8211-april-5/ theAIcatchup en 2026-04-07T19:37:53.030202+00:00 Security's Wild Week: Fake Jobs, AI Chaos, and Supply Chain Scares AI bots, AI security risks, Apple patches, DarkSword malware, phishing scams, supply chain attacks, weekly security news https://threatdigest.io/article/weekly-recap-axios-hack-chrome-0-day-fortinet-exploits-paragon-spyware-and-more/ theAIcatchup en 2026-04-07T19:37:13.055381+00:00 North Korean Hackers Turn Axios NPM into Malware Machine: Supply Chain's New Frontline Axios npm hack, Chrome zero-day, Fortinet exploits, North Korea UNC1069, north-korea-cyber, supply chain attack https://threatdigest.io/article/why-your-automated-pentesting-tool-just-hit-a-wall/ theAIcatchup en 2026-04-07T19:36:04.537804+00:00 The PoC Cliff: When Your Automated Pentesting Tool Runs Dry BAS vs Pentesting, Breach and Attack Simulation, PoC Cliff, automated pentesting https://threatdigest.io/article/gpu-rowhammer-attack-enables-privilege-escalation-and-full-system-compromise/ theAIcatchup en 2026-04-07T19:35:23.021981+00:00 GPUBreach: Rowhammer's Sneaky GPU Path to Your Root Shell GPU Rowhammer, GPU vulnerability, GPUBreach, NVIDIA vulnerability, Rowhammer, Rowhammer attack, privilege escalation https://threatdigest.io/article/webinar-how-to-close-identity-gaps-in-2026-before-ai-exploits-enterprise-risk/ theAIcatchup en 2026-04-07T19:34:52.108718+00:00 AI Agents Are Turning Your Identity Gaps into Enterprise Nightmares AI security risks, IAM Zero Trust, Ponemon research, enterprise IAM, identity gaps https://threatdigest.io/article/us-warns-of-iranian-hackers-targeting-critical-infrastructure/ theAIcatchup en 2026-04-07T19:32:51.246470+00:00 Iranian Hackers Are Back, Prodding U.S. PLCs in Water Plants and Power Grids CISA advisory, Iranian hackers, PLCs, critical infrastructure https://threatdigest.io/article/new-mexicos-meta-ruling-and-encryption/ theAIcatchup en 2026-04-07T19:32:20.013270+00:00 New Mexico's Meta Ruling Could Kill Encryption Dead New Mexico Meta ruling, Section 230, design liability, end-to-end encryption, platform safety, privacy liability, tech privacy https://threatdigest.io/article/why-simple-breach-monitoring-is-no-longer-enough/ theAIcatchup en 2026-04-07T19:31:55.529566+00:00 Infostealers Nabbed 2.3 Billion Creds Last Year—Your Breach Alerts Missed Most breach monitoring, credential theft, infostealers, session cookies, session hijacking https://threatdigest.io/article/human-vs-ai-debates-shape-rsac-2026-cybersecurity-trends/ theAIcatchup en 2026-04-07T19:31:46.293827+00:00 RSAC 2026: AI Agents Clash with Human CISOs CISO debates, RSAC 2026, human vs AI https://threatdigest.io/article/lies-damned-lies-and-cybersecurity-metrics/ theAIcatchup en 2026-04-07T19:30:23.365030+00:00 C-Suite Execs Spill: Cybersecurity Metrics Are Mostly Smoke AI in cybersecurity, C-suite cyber, C-suite panel, CISO insights, KPI flaws, breach measurement, breach prevention, cybersecurity metrics, lagging indicators, security KPIs, security measurement flaws https://threatdigest.io/article/severe-strongbox-vulnerability-patched-in-android/ theAIcatchup en 2026-04-07T19:28:35.345642+00:00 Android's StrongBox Patch Fixes a Hidden Threat to Your Phone's Deepest Secrets Android StrongBox, Android security, Android security update, CVE-2025-48651, StrongBox vulnerability, hardware keystore, keystore patch, security patch https://threatdigest.io/article/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/ theAIcatchup en 2026-04-07T19:28:10.786461+00:00 GPUBreach: Rowhammer's GPU Assault Grabs Root in Seconds GPU Rowhammer, GPUBreach, IOMMU bypass, NVIDIA vulnerability, privilege escalation, system takeover https://threatdigest.io/article/shadow-ai-in-healthcare-is-here-to-stay/ theAIcatchup en 2026-04-07T19:26:17.216367+00:00 Shadow AI Sneaks Into Hospitals: Docs Ditch Rules, Execs Scramble AI risks, AI security, HIPAA risks, healthcare security, hospital breaches, rogue AI tools, shadow AI https://threatdigest.io/article/how-often-are-redirects-used-in-phishing-in-2026x3f-mon-apr-6th/ theAIcatchup en 2026-04-07T19:25:42.930898+00:00 Redirects Power 21% of Phishing Emails in Early 2026 – Why We're Still Sleeping on It Google redirect abuse, Google redirects, cyber threats 2026, email security, open redirects, phishing 2026, phishing campaigns, redirect phishing, threat actors https://threatdigest.io/article/grafanaghost-exploit-bypasses-ai-guardrails-for-silent-data-exfiltration/ theAIcatchup en 2026-04-07T19:25:01.418713+00:00 GrafanaGhost: The Zero-Click Data Heist No One Saw Coming AI guardrails, Grafana vulnerability, GrafanaGhost, data exfiltration https://threatdigest.io/article/the-new-rules-of-engagement-matching-agentic-attack-speed/ theAIcatchup en 2026-04-07T19:24:59.018479+00:00 Machine-Speed Hackers Are Here: Your Network's Nightmare Just Got Autonomous AI cyberattacks, AI cyberwarfare, AI-enabled cyberattacks, Chinese hackers, agentic AI attacks, agentic attacks, agentic cyberattacks, hive mind defense, nation-state actors, nation-state threats https://threatdigest.io/article/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/ theAIcatchup en 2026-04-07T19:24:36.865953+00:00 Flowise's Perfect-10 RCE Flaw Goes Live: 15,000 Exposed Servers in the Crosshairs AI security, AI vulnerability, CVE-2025-59528, Flowise RCE, Flowise vulnerability, RCE exploit, code execution https://threatdigest.io/article/russia-hacked-routers-to-steal-microsoft-office-tokens/ theAIcatchup en 2026-04-07T19:23:02.732432+00:00 GRU's Simple Router Trick Nabbed Microsoft Tokens from 18,000 Networks APT28, DNS hijacking, Forest Blizzard, GRU hackers, Russian GRU, Russian GRU hackers https://threatdigest.io/article/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/ theAIcatchup en 2026-04-07T19:21:42.254952+00:00 North Koreans Schmoozed Their Way to $280M Drift Heist Drift Protocol hack, Lazarus Group, North Korean hackers, Solana security breach, crypto conference infiltration, crypto theft https://threatdigest.io/article/focusing-on-the-people-in-cybersecurity-at-rsac-2026-conference/ theAIcatchup en 2026-04-07T19:21:05.081320+00:00 RSAC 2026: AI's Big Show, Humans' Quiet Win AI in cybersecurity, RSAC 2026, cybersecurity conference, human defenders, human element, human element security, human-centric security https://threatdigest.io/article/owasp-genai-security-project-gets-update-new-tools-matrix/ theAIcatchup en 2026-04-07T19:20:03.807443+00:00 OWASP's GenAI Security Overhaul: 21 Risks, Tools Matrix, and the Cash Grab Behind It AI security risks, OWASP GenAI, tools matrix https://threatdigest.io/article/german-authorities-identify-revil-and-gandcrab-ransomware-bosses/ theAIcatchup en 2026-04-07T19:09:38.305750+00:00 Germany Unmasks REvil and GandCrab Bosses: Russians Linked to $40M Ransoms BKA Germany, BKA arrest, BKA arrests, GandCrab, REvil ransomware, Russian cybercriminals, cybercrime Russia, cybercrime leaders, ransomware affiliates, ransomware leaders https://threatdigest.io/article/shinyhunters-anodot-heist-dozens-of-snowflake-customers-drained-of-data/ theAIcatchup en 2026-04-07T19:09:34.869988+00:00 ShinyHunters' Anodot Heist: Dozens of Snowflake Customers Drained of Data Anodot hack, ShinyHunters, Snowflake breach, token theft https://threatdigest.io/article/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/ theAIcatchup en 2026-04-07T19:06:43.801110+00:00 BlueHammer Drops: Rogue Researcher Dumps Windows Zero-Day Code After Microsoft Snub BlueHammer, BlueHammer exploit, MSRC disclosure, Microsoft MSRC, Windows zero-day, privilege escalation