https://threatdigest.io/article/the-good-the-bad-and-the-ugly-in-cybersecurity-week-15/ CVE Watch en 2026-04-11T17:08:19.399244+00:00 FBI Wipes Russian Spy Routers Clean as Iran Hammers U.S. Factory Controls APT28, GRU router hijack, Iranian OT attacks, macOS ClickFix bypass https://threatdigest.io/article/edge-decay-how-a-failing-perimeter-is-fueling-modern-intrusions/ CVE Watch en 2026-04-11T17:07:53.005485+00:00 Edge Decay: Attackers Are Breaching Your 'Secure' Firewall First edge decay, network intrusions, perimeter security, zero-day exploits https://threatdigest.io/article/a-laughing-rat-crystalx-combines-spyware-stealer-and-prankware-features/ CVE Watch en 2026-04-11T17:01:05.950912+00:00 CrystalX RAT: The Malware That Trolls You While Pilfering Your Secrets CrystalX RAT, RAT malware, RAT trojan, Telegram malware, credential stealer, malware-as-a-service, prankware, stealer https://threatdigest.io/article/metasploit-wrap-up-03202026/ CVE Watch en 2026-04-11T16:57:03.614341+00:00 Metasploit's March 2026 Punch: FreePBX and AVideo Ripe for Ransack AVideo Encoder, AVideo Encoder CVE, AVideo Encoder RCE, CVE-2026-29058, FreePBX, FreePBX exploit, Metasploit, Metasploit update https://threatdigest.io/article/the-soc-files-time-to-sapecar-unpacking-a-new-horabot-campaign-in-mexico/ CVE Watch en 2026-04-11T16:54:47.443401+00:00 Horabot's 'Sapecar' Strikes Mexico: Old Tricks, New CAPTCHA Lies Horabot, Mexico malware, Sapecar campaign, banking trojan, malware Mexico https://threatdigest.io/article/from-vectors-to-verdicts-web-app-testing-with-vector-command/ CVE Watch en 2026-04-11T16:54:32.271318+00:00 Vector Command Turns Web Apps into Breach Blueprints Rapid7, Vector Command, red team testing, red teaming, web app security, web app testing https://threatdigest.io/article/the-long-road-to-your-crypto-clipbanker-and-its-marathon-infection-chain/ CVE Watch en 2026-04-11T16:53:49.205776+00:00 ClipBanker's Marathon Infection: From Proxifier Search to Crypto Heist ClipBanker, GitHub malware, Proxifier trojan, crypto stealer, fileless malware, malware infection chain https://threatdigest.io/article/new-whitepaper-exploiting-cellular-based-iot-devices/ CVE Watch en 2026-04-11T16:53:05.112231+00:00 Rapid7 Cracks Open Cellular IoT: No Tamper Protections on Any Tested Device AT commands, AT commands hacking, IoT exploits, IoT security risks, Rapid7 whitepaper, cellular IoT, cellular IoT exploits, physical access attacks https://threatdigest.io/article/a-first-look-at-our-speaker-lineup-and-agenda-for-the-rapid7-2026-global-cybersecurity-summit/ CVE Watch en 2026-04-11T16:48:06.211433+00:00 Rapid7's 2026 Summit: Preemptive Security or Just More Buzz? MDR Services, Rapid7 Summit, SOC Operations, cybersecurity conference, preemptive security https://threatdigest.io/article/negotiating-with-the-board-translating-active-risk-into-financial-exposure/ CVE Watch en 2026-04-11T16:47:53.885673+00:00 Boardroom Battle: Swap Vuln Counts for Dollar Risks Before It's Too Late Active Risk, FAIR model, InsightVM, board reporting, cybersecurity financial risk, financial exposure, financial risk, vulnerability prioritization https://threatdigest.io/article/free-real-estate-gopix-the-banking-trojan-living-off-your-memory/ CVE Watch en 2026-04-11T16:43:23.934098+00:00 GoPix: Brazil's Sneaky Banking Trojan That Hides in Plain RAM Brazil malware, GoPix, banking trojan, malvertising, memory malware, memory-only malware https://threatdigest.io/article/whats-new-in-rapid7-products-and-services-q1-2026-in-review/ CVE Watch en 2026-04-11T16:43:22.637609+00:00 Rapid7's Q1 Power Play: 94% Faster Probes from a Surprise Acquisition AI SecOps, AI security, Kenzo acquisition, MDR, MDR Microsoft, Rapid7, cloud security https://threatdigest.io/article/exploits-and-vulnerabilities-in-q4-2025/ CVE Watch en 2026-04-11T16:41:36.770281+00:00 Q4 2025: Vulnerabilities Explode, Exploits Feast CVE exploits, Linux kernel CVEs, Linux kernel exploits, Linux kernel flaws, Q4 2025 vulnerabilities, WinRAR CVE, WinRAR exploits, Windows Office flaws, Windows exploits https://threatdigest.io/article/an-ai-gateway-designed-to-steal-your-data/ CVE Watch en 2026-04-11T16:40:48.330275+00:00 LiteLLM's Poisoned Update: Hackers Hijack AI Gateway to Raid Cloud Secrets AI gateway malware, AI gateway security, AI security breach, LiteLLM attack, LiteLLM hack, PyPI malware, PyPI supply chain attack, cloud secret theft, supply chain compromise https://threatdigest.io/article/what-cisos-should-expect-from-ai-powered-mdr-in-2026-according-to-rapid7-ceo-corey-thomas/ CVE Watch en 2026-04-11T16:40:39.613551+00:00 Rapid7 CEO: AI MDR Will Force CISOs to Ditch Reactive Alerts by 2026 AI MDR, AI-powered MDR, CISO 2026, Corey Thomas, Rapid7, preemptive security https://threatdigest.io/article/the-threat-to-critical-infrastructure-has-changed-has-your-readiness/ CVE Watch en 2026-04-11T16:40:26.915750+00:00 Critical Infrastructure's Hidden Weakness: Legacy Systems vs. 2026 Threats Microsoft threat intelligence, NIS2 Directive, critical infrastructure, cyber readiness, cybersecurity regulations https://threatdigest.io/article/you-dont-have-a-security-problem-you-have-a-visibility-problem/ CVE Watch en 2026-04-11T16:39:18.120129+00:00 Blind Spots Are Breaching Your Defenses—Not Zero-Days asset inventory, asset visibility, attack paths, cybersecurity breaches, cybersecurity visibility, identity exposure, visibility problem https://threatdigest.io/article/anatomy-of-a-cyber-world-global-report-2026/ CVE Watch en 2026-04-11T16:37:09.233152+00:00 Kaspersky's 2026 Report: Big Attacks Down, But Hackers Love Your Trusted Partners Now Kaspersky report, Kaspersky report 2026, LOLBins, MDR Services, MDR alerts, MDR telemetry, cyber attack trends, cyberattack trends 2025, incident response stats, incident response trends, trusted relationships attacks https://threatdigest.io/article/red-teaming-in-2026-what-to-expect-at-our-2026-global-cybersecurity-summit/ CVE Watch en 2026-04-11T16:36:52.801544+00:00 Red Teaming's Quiet Revolution: 2026's Shift to Continuous Security Feedback MDR operations, Rapid7, Rapid7 Summit, continuous threat defense, cybersecurity operations, cybersecurity summit, red teaming, threat validation https://threatdigest.io/article/inside-an-aienabled-device-code-phishing-campaign/ CVE Watch en 2026-04-11T16:35:49.739409+00:00 AI-Driven Device Code Phishing Scales Up Attacks on Corporate Logins AI phishing, EvilTokens, Microsoft 365 security, device code phishing, microsoft-defender https://threatdigest.io/article/aurainspector-auditing-salesforce-aura-for-data-exposure/ CVE Watch en 2026-04-11T16:33:57.561854+00:00 Mandiant's AuraInspector Reveals Salesforce's Sneaky Data Leaks — And How to Plug Them AuraInspector, Mandiant, Salesforce Aura, data exposure https://threatdigest.io/article/bpfdoor-in-telecom-networks-sleeper-cells-in-the-backbone/ CVE Watch en 2026-04-11T16:33:55.037663+00:00 BPFdoor: Stealth Backdoors Buried Deep in Global Telecom Arteries BPFDoor, China APT, Red Menshen, kernel implant, kernel malware, telecom backdoor https://threatdigest.io/article/intent-redirection-vulnerability-in-third-party-sdk-exposed-millions-of-android-wallets-to-potential-risk/ CVE Watch en 2026-04-11T16:33:30.038772+00:00 Sloppy Android SDK Nearly Drains 30M Crypto Wallets Android security, Android vulnerability, crypto wallet risk, crypto wallet security, crypto-wallets, engagesdk, intent redirection, intent redirection vulnerability https://threatdigest.io/article/cookie-controlled-php-webshells-a-stealthy-tradecraft-in-linux-hosting-environments/ CVE Watch en 2026-04-11T16:31:49.844925+00:00 Cookies Unlocked: How Hackers Weaponize HTTP Cookies for Stealthy PHP Webshells Linux hosting security, Linux server security, PHP webshells, cookie obfuscation, cookie-controlled attacks, webshell evasion, webshell obfuscation, webshell tradecraft https://threatdigest.io/article/the-agentic-socrethinking-secops-for-the-next-decade/ CVE Watch en 2026-04-11T16:30:24.937474+00:00 Agentic SOC: Security's Shiny New Buzzword? AI security, AI security agents, SecOps, agentic SOC, autonomous defense https://threatdigest.io/article/diverse-threat-actors-exploiting-critical-winrar-vulnerability-cve-2025-8088/ CVE Watch en 2026-04-11T16:29:27.596827+00:00 WinRAR's CVE-2025-8088 Draws Russian, Chinese Hackers Long After Patch CVE-2025-8088, China APT, Russia threat actors, WinRAR vulnerability https://threatdigest.io/article/unc1069-targets-cryptocurrency-sector-with-new-tooling-and-ai-enabled-social-engineering/ CVE Watch en 2026-04-11T16:28:55.183021+00:00 North Korea's UNC1069 Pulls Off Crypto Heist with Deepfake Zoom and Seven Malware Strains AI deepfakes, AI deepfakes malware, North Korea hacking, North Korea malware, crypto hacks, cryptocurrency attacks, malware social engineering, unc1069 https://threatdigest.io/article/closing-the-door-on-net-ntlmv1-releasing-rainbow-tables-to-accelerate-protocol-deprecation/ CVE Watch en 2026-04-11T16:28:21.122764+00:00 Mandiant's Rainbow Tables Bury Net-NTLMv1 for Good Mandiant, Net-NTLMv1, authentication coercion, rainbow tables https://threatdigest.io/article/exposing-the-undercurrent-disrupting-the-gridtide-global-cyber-espionage-campaign/ CVE Watch en 2026-04-11T16:28:02.018015+00:00 Google and Mandiant Torch GRIDTIDE: Shutting Down China's Sneaky Global Spy Net China espionage, GRIDTIDE, Google Mandiant disruption, Google Threat Intelligence, UNC2814, cyber espionage https://threatdigest.io/article/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/ CVE Watch en 2026-04-11T16:27:56.591193+00:00 Storm-2755's Payroll Pirate Raid: Canadian Paychecks Hijacked Mid-Session AiTM, AiTM phishing, Canadian cybersecurity, MFA bypass, SEO poisoning, Storm-2755, payroll attacks https://threatdigest.io/article/metasploit-wrap-up-03272026/ CVE Watch en 2026-04-11T16:27:34.963951+00:00 Metasploit's March 2026 Update Arms Attackers Against Printers, Dev Spaces, and Email Gateways Barracuda ESG, CVE-2026-23767, Eclipse Che RCE, Metasploit, NTLM Relay, exploit modules, penetration testing https://threatdigest.io/article/new-whitepaper-stealthy-bpfdoor-variants-are-a-needle-that-looks-like-hay/ CVE Watch en 2026-04-11T16:27:03.284576+00:00 BPFDoor's Sneaky Upgrade: Seven New Variants Dodge Defenses in Telecom Backbones BPFDoor, BPFDoor variants, Rapid7 research, kernel backdoor, telecom malware, telecom threats, threat intelligence https://threatdigest.io/article/cve-2026-3055-citrix-netscaler-adc-and-netscaler-gateway-out-of-bounds-read/ CVE Watch en 2026-04-11T16:26:25.401247+00:00 CVE-2026-3055: Citrix NetScaler's SAML Memory Leak Goes Wild, Echoing CitrixBleed Nightmare CVE-2026-3055, Citrix NetScaler, SAML vulnerability, memory leak, memory leak exploit https://threatdigest.io/article/initial-access-brokers-have-shifted-to-high-value-targets-and-premium-pricing/ CVE Watch en 2026-04-11T16:26:17.840271+00:00 Initial Access Brokers Ditch Small Fry for Fat Corporate Wallets DarkForums, IABs, RAMP, RDP access, cybercrime forums, initial access brokers, ransomware access https://threatdigest.io/article/gtig-ai-threat-tracker-distillation-experimentation-and-continued-integration-of-ai-for-adversarial-use/ CVE Watch en 2026-04-11T16:24:22.143801+00:00 Cloning Google's AI: How Hackers Steal Frontier Models to Supercharge Attacks AI misuse, GTIG AI Threat Tracker, distillation attacks, model extraction https://threatdigest.io/article/threat-actor-abuse-of-ai-accelerates-from-tool-to-cyberattack-surface/ CVE Watch en 2026-04-11T16:23:05.441128+00:00 AI: From Cybercriminal Sidekick to Attack Factory Floor AI cyberattacks, AI cybersecurity threats, MFA bypass, Storm-1747, Tycoon2FA, phishing AI, phishing AI abuse https://threatdigest.io/article/what-project-glasswing-means-for-security-leaders/ CVE Watch en 2026-04-11T16:22:50.546169+00:00 Anthropic's Project Glasswing Just Unleashed a Vulnerability Monster AI security, AI vulnerability discovery, Anthropic Claude, Anthropic Claude Mythos, Claude Mythos, Project Glasswing, security remediation, vulnerability discovery https://threatdigest.io/article/financial-cyberthreats-in-2025-and-the-outlook-for-2026/ CVE Watch en 2026-04-11T16:21:27.544734+00:00 Infostealers Hijack Your Wallet: Financial Cyberthreats Evolving Faster Than Your Bank's Security banking malware, dark web fraud, financial cyberthreats, financial phishing, infostealers, phishing 2025 https://threatdigest.io/article/coruna-the-framework-used-in-operation-triangulation/ CVE Watch en 2026-04-11T16:21:23.155024+00:00 Coruna: How a Reusable iOS Exploit Framework Ties Back to Russia's Operation Triangulation Coruna framework, Operation Triangulation, iOS exploits, iOS zero-days, iPhone exploits, kernel exploits, zero-day vulnerabilities https://threatdigest.io/article/rapid7-completes-bsi-c5-type-2-examination-stronger-cloud-security-for-dach-organizations/ CVE Watch en 2026-04-11T16:19:45.016934+00:00 Rapid7's BSI C5 Badge: Proof or Just German Red Tape? BSI C5, DACH Compliance, DACH regulations, Rapid7, Rapid7 Command, cloud security, cloud security certification, cloud security compliance https://threatdigest.io/article/proactive-preparation-and-hardening-against-destructive-attacks-2026-edition/ CVE Watch en 2026-04-11T16:18:54.607575+00:00 Mandiant's 2026 Blueprint to Stop Data-Wiping Nightmares Google SecOps, Mandiant, Mandiant guide, cyber hardening, cyber resilience, cyber wipers, cybersecurity hardening, destructive attacks, wiper malware https://threatdigest.io/article/integrating-advanced-api-security-with-imperva-gateway-environment/ CVE Watch en 2026-04-11T16:17:34.607888+00:00 Imperva Gateway's API Security: Bot Hunter or User Blocker? API security, Imperva Gateway, WAF Integration, bot detection, cloud-waf, false positives, waf-false-positives https://threatdigest.io/article/react2dos-cve-2026-23869-when-the-flight-protocol-crashes-at-takeoff/ CVE Watch en 2026-04-11T16:17:26.479082+00:00 React2DoS: One Malicious Form Submit, and Your Server's Done CVE-2026-23869, Flight protocol, Flight protocol DoS, React Server Components, React2DoS https://threatdigest.io/article/metasploit-wrap-up-04102026/ CVE Watch en 2026-04-11T16:14:14.076848+00:00 Metasploit's Fresh Strike: Cisco Zero-Day Bypass and msfvenom Warp Speed ADCS exploits, CVE-2026-20127, Cisco CVE-2026-20127, Cisco SD-WAN, Cisco SD-WAN exploit, Metasploit Framework, Metasploit updates, msfvenom, msfvenom speedup https://threatdigest.io/article/ransomware-under-pressure-tactics-techniques-and-procedures-in-a-shifting-threat-landscape/ CVE Watch en 2026-04-11T16:13:19.523347+00:00 Ransomware's Brutal 2025: Record Victims, Squeezed Profits, Same Old Tricks 2025 ransomware trends, Mandiant TTPs, REDBIKE, REDBIKE ransomware, RaaS, RaaS groups, data leak sites, ransomware 2025, ransomware TTPs https://threatdigest.io/article/guidance-from-the-frontlines-proactive-defense-against-shinyhunters-branded-data-theft-targeting-saas/ CVE Watch en 2026-04-11T16:13:10.397377+00:00 ShinyHunters' Vishing Rampage Hits 20+ SaaS Firms: Mandiant's No-BS Defense Playbook MFA bypass, MFA hardening, Mandiant, SaaS data theft, SaaS security, ShinyHunters, vishing, vishing attacks https://threatdigest.io/article/metasploit-wrap-up-04032026/ CVE Watch en 2026-04-11T16:12:44.488435+00:00 Metasploit's April Arsenal: RCE for FreeScout, Grav CMS, and a Ghostly Windows Logon Trick CVE-2026-28289, FreeScout CVE, Grav CMS vulnerability, Metasploit, Metasploit Framework, RCE exploits, Windows persistence https://threatdigest.io/article/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/ CVE Watch en 2026-04-11T16:10:35.276646+00:00 Storm-1175's 24-Hour Ransomware Blitz: N-Days to Nightmare Medusa ransomware, N-day exploits, Storm-1175, web vulnerabilities, web-facing vulnerabilities, zero-day vulnerabilities https://threatdigest.io/article/why-cvss-is-no-longer-enough-for-exposure-management/ CVE Watch en 2026-04-11T16:10:16.599458+00:00 CVSS Scores: The Metric That's Burning Out Your SecOps Team CVSS, EPSS, Gartner report, exposure management, vulnerability prioritization https://threatdigest.io/article/16th-march-threat-intelligence-report/ CVE Watch en 2026-04-11T16:08:48.263829+00:00 Stryker Shutdown, Signal Hacks, Rogue AI Bots: The March 16 Threat Surge AI security threats, AI threats, CVE zero-days, Handala Hack, Stryker breach, Stryker cyberattack, zero-day exploits https://threatdigest.io/article/north-korea-nexus-threat-actor-compromises-widely-used-axios-npm-package-in-supply-chain-attack/ CVE Watch en 2026-04-11T16:08:30.493290+00:00 North Korea Poisons Axios NPM Package: Millions at Risk in Bold Supply Chain Hit Axios npm attack, North Korea UNC1069, WAVESHAPER backdoor, supply chain attack, supply chain compromise, unc1069 https://threatdigest.io/article/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/ CVE Watch en 2026-04-11T16:07:25.964098+00:00 TrueChaos: How a Zero-Day in TrueConf Server Let Hackers Infiltrate SE Asian Gov Networks CVE-2026-3502, Chinese APT, Operation TrueChaos, TrueConf vulnerability, zero-day exploit https://threatdigest.io/article/why-most-ddos-protection-fails-solving-for-continuity-and-resilience/ CVE Watch en 2026-04-11T16:06:26.369389+00:00 DDoS Protection's Hidden Flaw: Stealth Attacks That Kill Your Business Mid-Transaction DDoS attacks, DDoS protection, Imperva, Imperva DDoS, business continuity, cyber attacks, cyber resilience, network security https://threatdigest.io/article/fortigate-cve-2025-59718-exploitation-incident-response-findings/ CVE Watch en 2026-04-11T16:05:58.525095+00:00 Inside the FortiGate Breach: CVE-2025-59718 Let Attackers Ghost In CVE-2025-59718, FortiGate, Mimikatz, SSO bypass, incident response, lateral movement https://threatdigest.io/article/look-what-you-made-us-patch-2025-zero-days-in-review/ CVE Watch en 2026-04-11T16:05:37.044801+00:00 90 Zero-Days in 2025: Enterprises Bleed While Browsers Breathe Easier 2025 exploits, 2025 zero-days, CSVs cyber surveillance, Google Threat Intelligence, enterprise exploitation, enterprise security, zero-day vulnerabilities https://threatdigest.io/article/silver-dragon-targets-organizations-in-southeast-asia-and-europe/ CVE Watch en 2026-04-11T16:04:54.520965+00:00 Silver Dragon's Cyber Onslaught Hits Asian and European Governments – Wake-Up Call for the Rest of Us APT41, Check Point Research, China cyber espionage, China cyber threats, Chinese APT, Silver Dragon, Southeast Asia hacking https://threatdigest.io/article/2025-the-untold-stories-of-check-point-research/ CVE Watch en 2026-04-11T16:04:52.349775+00:00 Check Point's 2025 Threat Intel: Real Edge or Echo Chamber? 2025 cyber threats, Check Point Research, financial cybercrime, nation-state actors, ransomware campaigns, state-sponsored attacks https://threatdigest.io/article/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks/ CVE Watch en 2026-04-11T16:04:10.645387+00:00 Russian Military Hacks 5,000 Routers, Turns Home Networks into Spy Hubs AiTM attacks, DNS hijacking, Forest Blizzard, SOHO Routers, SOHO router compromise https://threatdigest.io/article/the-proliferation-of-darksword-ios-exploit-chain-adopted-by-multiple-threat-actors/ CVE Watch en 2026-04-11T16:02:46.179159+00:00 DarkSword: iOS Spy Tool Now Shared Freely Among Hackers and Spies DarkSword, DarkSword exploit, iOS exploit, iOS exploit chain, iOS zero-days, nation-state spyware, state-sponsored actors, surveillance vendors, threat actors, zero-day chain, zero-day vulnerabilities https://threatdigest.io/article/23rd-march-threat-intelligence-report/ CVE Watch en 2026-04-11T16:00:09.787167+00:00 2.6 Million Records Leaked in Employee Benefits Breach: March 23 Threat Intel Roundup AI cyber threats, AI threats, CVE exploits, CVEs 2026, cyber breaches 2026, data breaches, data breaches 2026, ransomware exploits, threat intelligence report, threat report March https://threatdigest.io/article/coruna-the-mysterious-journey-of-a-powerful-ios-exploit-kit/ CVE Watch en 2026-04-11T15:59:23.423620+00:00 Coruna: The iOS Exploit Kit That Slid from Spy Weapon to Chinese Scam Trap Coruna exploit kit, WebKit RCE, exploit proliferation, iOS exploits, iOS vulnerabilities, iOS zero-days, threat actors, zero-day proliferation https://threatdigest.io/article/n8n-shared-credentials-and-account-takeover/ CVE Watch en 2026-04-11T15:58:50.612028+00:00 n8n's Shared Credentials: The Open Door to Account Takeovers No One Saw Coming account takeover, n8n vulnerability, self-hosted security, shared credentials, workflow automation security https://threatdigest.io/article/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/ CVE Watch en 2026-04-11T15:58:11.375727+00:00 ChatGPT's Secret Backdoor: Your Private Chats Are Leaking Out AI sandbox flaw, AI security flaw, ChatGPT data leakage, ChatGPT vulnerability, OpenAI security flaw, OpenAI vulnerability, code execution exploit, code execution leak, code execution sandbox, data exfiltration https://threatdigest.io/article/vishing-for-access-tracking-the-expansion-of-shinyhunters-branded-saas-data-theft/ CVE Watch en 2026-04-11T15:57:23.620217+00:00 ShinyHunters' Vishing Ring Eyes Your SaaS Logins – Old Tricks, Bigger Hauls MFA phishing, SaaS data theft, ShinyHunters, vishing attacks https://threatdigest.io/article/multiple-threat-actors-exploit-react2shell-cve-2025-55182/ CVE Watch en 2026-04-11T15:56:46.765831+00:00 React2Shell: CVE-2025-55182 Lets Hackers RCE Unpatched React Servers in One HTTP Shot CVE-2025-55182, China-nexus threats, Next.js exploit, Next.js vulnerability, RCE exploit, RCE vulnerability, React Server Components, React2Shell https://threatdigest.io/article/caught-in-the-hook-rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536-cve-2026-21852/ CVE Watch en 2026-04-11T15:55:19.672940+00:00 Claude Code's Hidden Hooks Could Turn Your AI Projects into Hacker Havens API Token Exfiltration, API token theft, Anthropic security, CVE-2025-59536, Claude Code RCE, Claude Code vulnerability, RCE exploit https://threatdigest.io/article/why-ai-bot-protection-and-control-are-essential-for-application-security/ CVE Watch en 2026-04-11T15:55:06.226386+00:00 32% of Web Traffic Is Already Bad Bots—AI's About to Explode That AI bot protection, Imperva, Imperva ABP, application security, bad bots, bot detection https://threatdigest.io/article/from-brickstorm-to-grimbolt-unc6201-exploiting-a-dell-recoverpoint-for-virtual-machines-zero-day/ CVE Watch en 2026-04-11T15:55:04.663731+00:00 UNC6201 Ditches BRICKSTORM for Sneakier GRIMBOLT in Dell Zero-Day Heist CVE-2026-22769, Dell RecoverPoint, GRIMBOLT, UNC6201 https://threatdigest.io/article/cloud-based-waf-upload-scan-and-control-the-new-standard-for-file-upload-security/ CVE Watch en 2026-04-11T15:55:03.004257+00:00 Cloud WAFs Scan Uploads in the Cloud — But Bots (and Journalists) Beware WAF scanning, cloud-waf, file upload security, upload scanning, web application firewall, web security https://threatdigest.io/article/no-place-like-home-network-disrupting-the-worlds-largest-residential-proxy-network/ CVE Watch en 2026-04-11T15:53:47.134433+00:00 Google's Raid on IPIDEA: Slashing Millions from the World's Sneakiest Proxy Pool Google Threat Intelligence, IPIDEA proxy network, botnets, residential proxies https://threatdigest.io/article/2nd-march-threat-intelligence-report/ CVE Watch en 2026-04-11T15:53:37.270062+00:00 ShinyHunters Extorts Wynn Resorts: Employee Data Breached, Ops Intact ShinyHunters, Wynn Resorts, Wynn Resorts breach, casino cybersecurity, casino hacks, data breach, employee data leak, extortion threat, threat intelligence https://threatdigest.io/article/api-security-for-ai-agents-why-protection-has-never-been-more-important/ CVE Watch en 2026-04-11T15:52:47.565856+00:00 AI Agents Just Exposed Your Crappiest APIs – Deal With It AI agents, API security, BOLA attacks, Thales security, business logic exploits, thales https://threatdigest.io/article/m-trends-2026-data-insights-and-strategies-from-the-frontlines/ CVE Watch en 2026-04-11T15:50:14.862328+00:00 M-Trends 2026: Attackers Shrinking Their Footprint While Punching Harder M-Trends 2026, cyber threats, dwell time, ransomware evolution, vishing attacks, voice phishing https://threatdigest.io/article/beyond-the-battlefield-threats-to-the-defense-industrial-base/ CVE Watch en 2026-04-11T15:50:08.481766+00:00 State Hackers Target Defense Supply Chains—Drones, Emails, and Edge Devices in the Crosshairs China threat actors, DIB supply chain risks, Google Threat Intelligence, Russia cyber espionage, defense industrial base https://threatdigest.io/article/30th-march-threat-intelligence-report/ CVE Watch en 2026-04-11T15:48:51.699361+00:00 FBI Director's Gmail Hacked by Iranian Group: The Wild Week in Cyber Threats AI vulnerabilities, Cisco CVE-2026-20131, FBI breach, Handala Hack, nation-state threats, ransomware attacks https://threatdigest.io/article/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east/ CVE Watch en 2026-04-11T15:47:16.405934+00:00 Iran's IP Camera Hack Waves Herald Missile Barrages in Middle East Hikvision Dahua CVEs, Hikvision Dahua exploits, IP camera hacks, IP camera vulnerabilities, Iran cyber attacks, Middle East conflict cyber, Middle East hybrid warfare, battle damage assessment https://threatdigest.io/article/a-new-denial-of-service-vector-in-react-server-components/ CVE Watch en 2026-04-11T15:45:02.384052+00:00 React Server Components' Hidden DoS Bomb: Time to Wake Up, Devs DoS vulnerability, Next.js security, RSC exploit, React Server Components https://threatdigest.io/article/vsphere-and-brickstorm-malware-a-defenders-guide/ CVE Watch en 2026-04-11T15:44:41.106277+00:00 BRICKSTORM Slithers into vSphere: Your Hypervisor's Dirty Secret BRICKSTORM malware, VMware threats, vCenter hardening, vCenter security, vSphere hardening, vSphere security https://threatdigest.io/article/iranian-mois-actors-the-cyber-crime-connection/ CVE Watch en 2026-04-11T15:43:57.301393+00:00 Iran's Spies Hack the Cyber Underworld APT groups, Check Point Research, Iranian MOIS, cyber crime, cyber crime connection, cyber crime ecosystem, nation-state actors, nation-state cyber threats https://threatdigest.io/article/ai-threat-landscape-digest-january-february-2026/ CVE Watch en 2026-04-11T15:42:31.932441+00:00 VoidLink: How One Dev Used AI to Build Pro-Level Malware in Weeks AI-assisted malware, TRAE SOLO, VoidLink, VoidLink framework, agentic AI abuse, agentic AI threats, cyber threat intelligence, cyber threat landscape https://threatdigest.io/article/9th-march-threat-intelligence-report/ CVE Watch en 2026-04-11T15:39:37.082336+00:00 AkzoNobel's Paint Plant Hack: Ransomware Reality Check from Check Point's Latest Report AkzoNobel cyberattack, Anubis ransomware, Check Point Research, manufacturing ransomware, threat intelligence, threat intelligence report https://threatdigest.io/article/when-your-ddos-mitigation-provider-goes-down-why-traffic-control-cant-be-outsourced/ CVE Watch en 2026-04-11T15:36:10.878735+00:00 Cloudflare's Blackout: The Irony When Your DDoS Shield Crumbles Cloudflare outage, DDoS mitigation, bot detection fail, cybersecurity failure, outsourcing-risks, provider outage, traffic control https://threatdigest.io/article/handala-hack-unveiling-groups-modus-operandi/ CVE Watch en 2026-04-11T15:32:17.713830+00:00 Handala Hack: Iran's Destructive Cyber Playbook Finally Cracked Open Check Point Research, Handala Hack, Iranian cyber attacks, Iranian hackers, Iranian threat actor, Void Manticore, data wipers, wiper attacks https://threatdigest.io/article/6th-april-threat-intelligence-report/ CVE Watch en 2026-04-11T15:25:38.474446+00:00 April's Cyber Onslaught: AI Poisons, Mega Breaches, Zero-Days AI security threats, data breaches 2026, threat intelligence report, zero-day vulnerabilities https://threatdigest.io/article/apt28-deploys-prismex-malware-in-campaign-targeting-ukraine-and-nato-allies/ CVE Watch en 2026-04-11T10:26:00.133279+00:00 APT28's PRISMEX Sneaks Into Ukraine's Veins, Wiping Emergency Lifelines APT28, NATO threats, PRISMEX, PRISMEX malware, Ukraine cyber attacks, steganography, steganography malware, zero-day exploits https://threatdigest.io/article/shrinking-the-iam-attack-surface-through-identity-visibility-and-intelligence-platforms-ivip/ CVE Watch en 2026-04-11T10:22:30.898044+00:00 IVIP: Gartner's Bid to Illuminate Identity's Dark Matter — Or Vendor Smoke? IAM, IAM Attack Surface, IVIP, Identity Visibility, Orchid Security https://threatdigest.io/article/threatsday-bulletin-hybrid-p2p-botnet-13-year-old-apache-rce-and-18-more-stories/ CVE Watch en 2026-04-11T10:21:05.414417+00:00 Phorpiex's Hybrid Botnet Surge: 125K Daily Infections Amid Apache's 13-Year RCE Wake-Up Apache ActiveMQ RCE, Phorpiex Twizt, ai ddos attacks, apache rce, cyber fraud 2025, cyber fraud losses, hybrid P2P botnet, phorpiex botnet https://threatdigest.io/article/men-are-buying-hacking-tools-to-use-against-their-wives-and-friends/ CVE Watch en 2026-04-11T10:21:00.226525+00:00 Inside Telegram's Shadow Markets: Men Arming Up with Spyware Against Wives AI Forensics, Telegram hacking groups, Telegram spyware, cyberstalking, digital-violence, domestic cyber-harassment, hacking tools wives, online surveillance tools, online-harassment, spyware-stalking, stalkerware, stalkerware market, telegram-abuse https://threatdigest.io/article/anthropics-mythos-will-force-a-cybersecurity-reckoningjust-not-the-one-you-think/ CVE Watch en 2026-04-11T10:17:56.263185+00:00 Anthropic's Mythos Preview: The AI That Hunts Bugs Better Than Your Team AI cybersecurity, AI exploits, Anthropic AI, Anthropic Claude, Anthropic Mythos, Claude AI, Claude Mythos Preview, Mythos Preview, Project Glasswing, cybersecurity AI threat, cybersecurity threats, exploit chains https://threatdigest.io/article/engagelab-sdk-flaw-exposed-50m-android-users-including-30m-crypto-wallet-installs/ CVE Watch en 2026-04-11T10:16:42.823763+00:00 EngageLab SDK's Hidden Flaw Cracked Open 50 Million Android Devices — Crypto Wallets in the Crosshairs Android vulnerability, EngageLab SDK, crypto wallet security, intent redirection https://threatdigest.io/article/iran-linked-hackers-disrupt-us-critical-infrastructure-by-targeting-internet-exposed-plcs/ CVE Watch en 2026-04-11T10:16:21.635443+00:00 Iranian Hackers Slip Into U.S. Water Plants and Power Grids Through Dumb Internet-Exposed PLCs Iran hackers, Iranian hackers, OT attacks, OT security, PLCs, PLCs vulnerabilities, critical infrastructure, cyber escalation https://threatdigest.io/article/industry-reactions-to-iran-hacking-ics-in-critical-infrastructure-feedback-friday/ CVE Watch en 2026-04-11T10:10:22.617571+00:00 Iranian Hackers Tamper with US Water and Power PLCs: The OT Blind Spot Exposed ICS attacks, Iran hackers, OT security, PLC vulnerabilities, PLCs exposed, critical infrastructure https://threatdigest.io/article/google-rolls-out-cookie-theft-protections-in-chrome/ CVE Watch en 2026-04-11T10:09:36.691298+00:00 Google's Chrome Cookie Lock: Good for Users, But Malware's Not Done Yet Chrome DBSC, Google Chrome update, browser security, cookie theft, cookie theft protection, malware defense, session credentials, session security https://threatdigest.io/article/n-korean-hackers-spread-1700-malicious-packages-across-npm-pypi-go-rust/ CVE Watch en 2026-04-11T10:08:45.729277+00:00 North Korean Hackers Slip 1,700 Poison Pills into npm, PyPI, and Beyond Contagious Interview, North Korean hackers, malicious npm packages, npm malware, supply chain attack https://threatdigest.io/article/orthanc-dicom-vulnerabilities-lead-to-crashes-rce/ CVE Watch en 2026-04-11T10:07:59.181387+00:00 Orthanc DICOM Server's Nine Flaws: From Crashes to Remote Code Nightmares CERT-CC advisory, DICOM security, Orthanc vulnerabilities, RCE flaws, RCE healthcare, medical imaging exploits https://threatdigest.io/article/browser-extensions-are-the-new-ai-consumption-channel-that-no-one-is-talking-about/ CVE Watch en 2026-04-11T10:07:32.685485+00:00 99% of Enterprise Users Pack Browser Extensions – AI Ones Are the Sneaky Security Nightmare AI browser extensions, LayerX report, browser security, enterprise AI risks, enterprise risks, enterprise threats, security blind spot https://threatdigest.io/article/this-fake-windows-support-website-delivers-password-stealing-malware/ CVE Watch en 2026-04-11T10:07:13.309954+00:00 Fake Windows Update in France Steals Passwords from Breach-Exposed Users Electron infostealer, Electron malware, France data breaches, Windows malware, Windows update scam, fake Windows update, password stealer, password-stealing malware https://threatdigest.io/article/politicians-are-spending-more-money-on-security-as-they-increasingly-become-targets/ CVE Watch en 2026-04-11T10:04:39.044579+00:00 Politicians' Security Tabs Explode 5x as Threats Hit Home — Literally FEC data, FEC security data, campaign finance security, campaign security spending, campaign threats, election threats, election violence, political security spending, political threats, political violence, state security laws https://threatdigest.io/article/the-hidden-security-risks-of-shadow-ai-in-enterprises/ CVE Watch en 2026-04-11T10:03:43.415062+00:00 Shadow AI Is Already Leaking Enterprise Data — And No One's Watching AI governance, data exposure, data leaks, enterprise security, enterprise security risks, shadow AI https://threatdigest.io/article/apple-intelligence-ai-guardrails-bypassed-in-new-attack/ CVE Watch en 2026-04-11T10:02:58.087745+00:00 Apple Intelligence's Shield Cracked: Hackers Sneak Past Your iPhone's AI Brain Guards AI guardrails, AI guardrails bypass, AI guardrails bypassed, Apple Intelligence, RSAC attack, RSAC research, prompt injection, unicode-attack https://threatdigest.io/article/chrome-147-patches-60-vulnerabilities-including-two-critical-flaws-worth-86000/ CVE Watch en 2026-04-11T10:02:47.599100+00:00 Chrome 147's $86K WebML Double-Whammy: Two Critical Bugs That Could Crack the Browser Sandbox CVE-2026-5858, Chrome 147, WebML vulnerabilities, browser security patches, bug bounties, bug bounty https://threatdigest.io/article/we-were-not-ready-for-this-lebanons-emergency-system-is-hanging-by-a-thread/ CVE Watch en 2026-04-11T10:02:18.749877+00:00 Lebanon's Jury-Rigged Crisis Tracker: Holding the Line in Israel's Shadow Israel Lebanon war, Israeli strikes Lebanon, Lebanon crisis, Lebanon emergency system, Lebanon war tech, crisis tracking platform, digital aid tracking, digital humanitarian aid, digital infrastructure crisis, displacement tracking, emergency digital platform, emergency displacement system, war displacement tech, war tech infrastructure https://threatdigest.io/article/new-chaos-variant-targets-misconfigured-cloud-deployments-adds-socks-proxy/ CVE Watch en 2026-04-11T10:01:54.845288+00:00 Chaos Botnet Goes After Cloud Goofs, Slaps on a SOCKS Proxy for Extra Sneakiness Chaos malware, SOCKS proxy, botnet evolution, cloud security https://threatdigest.io/article/anthropics-claude-mythos-finds-thousands-of-zero-day-flaws-across-major-systems/ CVE Watch en 2026-04-11T10:00:11.775712+00:00 Claude Mythos Cracks Open Zero-Days Everywhere – Then Breaks Free AI cybersecurity, AI sandbox escape, Anthropic, Anthropic AI, Claude Mythos, Project Glasswing, zero-day vulnerabilities https://threatdigest.io/article/obfuscated-javascript-or-nothing-thu-apr-9th/ CVE Watch en 2026-04-11T09:59:55.931476+00:00 Phishing RAR Drops 10MB Obfuscated JS That Loads Formbook Stealer Formbook malware, Formbook stealer, PowerShell evasion, PowerShell payload, malware evasion, obfuscated JavaScript, phishing RAR, phishing malware https://threatdigest.io/article/mitre-releases-fight-fraud-framework/ CVE Watch en 2026-04-11T09:57:31.189739+00:00 MITRE's F3 Framework Exposes Fraudsters' Hidden Playbook ATT&CK extension, ATT&CK framework, MITRE F3, cyber fraud, cyber fraud TTPs, cyber fraud framework, fight fraud framework, fraud TTPs https://threatdigest.io/article/ai-led-remediation-crisis-prompts-hackerone-to-pause-bug-bounties/ CVE Watch en 2026-04-11T09:57:26.817199+00:00 HackerOne Pauses Bug Bounties as AI Overwhelms Open Source Fixes AI remediation crisis, AI security, AI security tools, HackerOne, bug bounties, open source security, open source vulnerabilities https://threatdigest.io/article/russias-fancy-bear-apt-continues-its-global-onslaught/ CVE Watch en 2026-04-11T09:56:18.889753+00:00 Fancy Bear's 2023 Rampage: 100+ Targets, No Sophistication Required APT28, Fancy Bear, Russia cyber attacks, zero trust, zero trust security https://threatdigest.io/article/more-honeypot-fingerprinting-scans-wed-apr-8th/ CVE Watch en 2026-04-11T09:55:53.940959+00:00 Attackers Taunt Honeypots with Absurd Logins – And They're Winning Cowrie, Cowrie honeypot, SSH attacks, SSH scans, fingerprinting, honeypot fingerprinting, honeypots, threat detection, threat hunting, threat scans https://threatdigest.io/article/masjesu-botnet-emerges-as-ddos-for-hire-service-targeting-global-iot-devices/ CVE Watch en 2026-04-11T09:55:26.734056+00:00 Masjesu Botnet: Stealth DDoS Mercenary Invades IoT DDoS-for-hire, IoT malware, Masjesu Botnet, XorBot https://threatdigest.io/article/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer/ CVE Watch en 2026-04-11T09:55:18.016333+00:00 Claude Fans, One Wrong Click Hands Hackers Your Whole PC AI phishing scam, Claude phishing, DLL sideloading, PlugX RAT, PlugX malware, fake Claude malware, fake Claude site https://threatdigest.io/article/glassworm-campaign-uses-zig-dropper-to-infect-multiple-developer-ides/ CVE Watch en 2026-04-11T09:54:44.812961+00:00 GlassWorm's Zig Dropper Turns Dev IDEs into Malware Hives GlassWorm Campaign, IDE infection, IDE infections, VS Code extensions, VS Code malware, Zig dropper, malware targeting IDEs https://threatdigest.io/article/your-next-breach-will-look-like-business-as-usual/ CVE Watch en 2026-04-11T09:53:26.707263+00:00 Credential Attacks: The Breach That Logs In Like Your Barista AI detection shifts, UEBA, UEBA tools, behavioral analytics, breach detection, breach prevention, credential-based attacks, cybersecurity models, cybersecurity shifts, threat detection https://threatdigest.io/article/do-ceasefires-slow-cyberattacks-history-suggests-not/ CVE Watch en 2026-04-11T09:52:31.182960+00:00 Ceasefires Never Paused Iranian Cyber Ops—Data Proves It APT33, IRGC cyber units, Iranian hackers, MuddyWater, ceasefires cyberattacks, cyber truce myths, cyberattacks ceasefires, geopolitical cyber threats, nation-state cyber ops https://threatdigest.io/article/atomic-stealer-macos-clickfix-attack-bypasses-apple-security-warnings/ CVE Watch en 2026-04-11T09:52:04.652902+00:00 Atomic Stealer Slips Past Apple's Terminal Guard Using Script Editor Sleight-of-Hand Apple security bypass, Atomic Stealer, ClickFix attack, Jamf Threat Labs, macOS malware https://threatdigest.io/article/eurail-says-december-data-breach-impacts-300000-individuals/ CVE Watch en 2026-04-11T09:51:31.304007+00:00 Eurail Breach Dumps 300K Travelers' Data into Hackers' Hands Eurail data breach, European railways security, GDPR fines, identity theft risk, passport theft, personal data theft, personal information theft, rail cybersecurity, travel data leak, travel data theft, travel security https://threatdigest.io/article/on-microsofts-lousy-cloud-security/ CVE Watch en 2026-04-11T09:51:29.786321+00:00 Microsoft's Government Cloud: Approved Despite 'Pile of Shit' Security Docs FedRAMP, FedRAMP approval, GCC High, Microsoft GCC High, Microsoft cloud security, ProPublica report, cloud security, cloud security failures, government cloud, government cloud risks https://threatdigest.io/article/juniper-networks-patches-dozens-of-junos-os-vulnerabilities/ CVE Watch en 2026-04-11T09:50:43.521189+00:00 Juniper's Junos OS Nightmare: 36 Flaws That Could Hand Attackers Your Network Keys CVE-2026-33784, Juniper Networks, Junos OS, Junos OS vulnerabilities, privilege escalation https://threatdigest.io/article/bluehammer-windows-zero-day-exploit-signals-microsoft-bug-disclosure-issues/ CVE Watch en 2026-04-11T09:49:52.144867+00:00 BlueHammer Zero-Day Exposes Microsoft's Patch Paralysis BlueHammer, BlueHammer exploit, Chaotic Eclipse, Microsoft bug bounty, Microsoft exploit, Windows zero-day, exploit disclosure, privilege escalation https://threatdigest.io/article/bitter-linked-hack-for-hire-campaign-targets-journalists-across-mena-region/ CVE Watch en 2026-04-11T09:49:04.491841+00:00 Bitter's Hack-for-Hire Blitz Hits MENA Journalists, Echoing Indian Spy Reach Bitter APT, Indian cyber espionage, MENA phishing, OAuth attacks, hack-for-hire, spear phishing https://threatdigest.io/article/teampcp-supply-chain-campaign-update-007-cisco-source-code-stolen-via-trivy-linked-breach-google-gtig-tracks-teampcp-as-unc6780-and-cisa-kev-deadline-arrives-with-no-standalone-advisory-wed-apr-8th/ CVE Watch en 2026-04-11T09:48:12.706325+00:00 Cisco's Source Code Raided: TeamPCP's Trivy Breach Exposes 300+ Repos and Gov Clients Cisco breach, TeamPCP, Trivy CVE, Trivy supply chain, Trivy vulnerability, UNC6780 https://threatdigest.io/article/google-rolls-out-dbsc-in-chrome-146-to-block-session-theft-on-windows/ CVE Watch en 2026-04-11T09:48:05.952757+00:00 Chrome's DBSC Finally Ships: Session Theft's Days Are Numbered Chrome 146, DBSC, cookie stealing malware, infostealer malware, malware stealers, session theft https://threatdigest.io/article/webinar-from-noise-to-signal-what-threat-actors-are-targeting-next/ CVE Watch en 2026-04-11T09:47:56.993161+00:00 Dark Web Chatter: The Signals Threat Actors Can't Hide Before They Strike Flare Systems, access brokers, dark web chatter, dark web monitoring, dark web signals, proactive defense, threat actors, threat intelligence https://threatdigest.io/article/middle-east-hack-for-hire-operation-traced-to-south-asian-cyber-espionage-group/ CVE Watch en 2026-04-11T09:46:47.950767+00:00 Bitter APT's ProSpy Spyware Hits Mideast Journalists Hard Bitter APT, Middle East cyber attacks, Middle East phishing, ProSpy spyware, hack-for-hire, spear phishing https://threatdigest.io/article/microsoft-finds-vulnerability-exposing-millions-of-android-crypto-wallet-users/ CVE Watch en 2026-04-11T09:46:15.391535+00:00 Microsoft Uncovers Android SDK Flaw Risking 30 Million Crypto Wallets Android vulnerability, EngageSDK flaw, Microsoft security research, crypto wallet security, crypto-wallets, engagesdk, intent redirection, microsoft-security https://threatdigest.io/article/russian-hacking-group-targets-home-and-small-office-routers-to-spy-on-users/ CVE Watch en 2026-04-11T09:45:49.146360+00:00 APT28 Turns Your Home Router into Russia's Spy Tool APT28, DNS hijacking, Fancy Bear, SOHO Routers, TP-Link vulnerability https://threatdigest.io/article/just-three-ransomware-gangs-accounted-for-40-of-attacks-last-month/ CVE Watch en 2026-04-11T09:45:42.394383+00:00 Qilin, Akira, Dragonforce: Ransomware's Brutal Top Trio Claims 40% of March Carnage Akira ransomware, Check Point, Dragonforce, Dragonforce RaaS, Qilin ransomware, ransomware attacks, ransomware attacks 2026 https://threatdigest.io/article/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/ CVE Watch en 2026-04-11T09:45:28.918751+00:00 ChipSoft Ransomware Cripples Dutch Hospitals' EHR Backbone ChipSoft ransomware, Dutch hospitals, Dutch hospitals hack, Dutch hospitals outage, EHR breach, EHR outage, HiX EHR outage, Z-CERT, healthcare IT attack, healthcare cyberattack https://threatdigest.io/article/adobe-reader-zero-day-exploited-via-malicious-pdfs-since-december-2025/ CVE Watch en 2026-04-11T09:45:24.172349+00:00 Adobe Reader Zero-Day Powers Sneaky PDF Attacks on Oil Pros Since Late 2025 Adobe Reader zero-day, PDF exploit, RCE sandbox escape, RCE vulnerability, Russian malware, data exfiltration, malicious JavaScript, malicious PDFs, zero-day vulnerability https://threatdigest.io/article/new-lucidrook-malware-used-in-targeted-attacks-on-ngos-universities/ CVE Watch en 2026-04-11T09:45:17.492041+00:00 LucidRook's Lua Stealth Assault on Taiwan's NGOs and Universities Cisco Talos, Lua malware, LucidRook, LucidRook malware, Taiwan attacks, Taiwan cyberattacks, Taiwan phishing, spear phishing https://threatdigest.io/article/us-thwarts-dns-hijacking-network-controlled-by-russian-apt28-hackers/ CVE Watch en 2026-04-11T09:44:46.804023+00:00 US Crushes APT28's Sneaky Router Takeover Plot APT28, DNS hijacking, Operation Masquerade, Russian GRU, SOHO Routers https://threatdigest.io/article/number-usage-in-passwords-take-two-thu-apr-9th/ CVE Watch en 2026-04-11T09:44:31.001133+00:00 Bots Are Already Guessing Passwords with 2027 — a Full Year Early DDoS probes, bot predictions, botnets, cyber threats, future years passwords, honeypots, password brute-force, password cracking, year patterns https://threatdigest.io/article/microsoft-canadian-employees-targeted-in-payroll-pirate-attacks/ CVE Watch en 2026-04-11T09:44:13.902349+00:00 Inside the Payroll Pirate Heist: How Storm-2755 Stole Salaries from Microsoft Workers AiTM attacks, AiTM phishing, Microsoft 365 security, Storm-2755, payroll pirate attacks https://threatdigest.io/article/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/ CVE Watch en 2026-04-11T09:43:51.522281+00:00 VENOM Phishing: Execs' Microsoft Logins in Crosshairs C-suite attacks, MFA bypass, Microsoft AiTM, Microsoft credential theft, PhaaS, QR code phishing, VENOM phishing, executive phishing https://threatdigest.io/article/bitcoin-depot-reports-36m-crypto-theft-after-system-breach/ CVE Watch en 2026-04-11T09:41:25.639150+00:00 Bitcoin Depot's $3.6M Bitcoin Heist: Hackers Strike Corporate Vaults Again Bitcoin ATM breach, Bitcoin ATM hack, Bitcoin Depot, Bitcoin Depot hack, crypto theft, cyber breach, cybersecurity incident https://threatdigest.io/article/iranbacked-threat-actors-hit-us-cni-providers-via-internetfacing-ot-assets/ CVE Watch en 2026-04-11T09:40:54.992179+00:00 Iranian Hackers Punch Through US Water Plants Using Exposed Factory PLCs CISA advisory, CNI attacks, Iran hackers, OT PLC vulnerabilities, OT vulnerabilities, Rockwell Automation, Rockwell PLCs, US CNI attacks https://threatdigest.io/article/claude-discovers-apache-activemq-bug-hidden-for-13-years/ CVE Watch en 2026-04-11T09:40:21.695014+00:00 Claude AI Digs Up 13-Year RCE Lurking in Apache ActiveMQ Apache ActiveMQ, CVE-2026-34197, Claude AI, RCE vulnerability https://threatdigest.io/article/when-attackers-already-have-the-keys-mfa-is-just-another-door-to-open/ CVE Watch en 2026-04-11T09:40:16.969147+00:00 Wearable Biometrics Finally Fix Stolen Credential Hell MFA bypass, Token security, phishing attacks, phishing prevention, phishing relays, stolen credentials, wearable biometrics https://threatdigest.io/article/in-other-news-cyberattack-stings-stryker-windows-zero-day-china-supercomputer-hack/ CVE Watch en 2026-04-11T09:40:05.277907+00:00 Fed Frets Over Anthropic's Mythos AI as Mac Stealers and Zero-Days Ignite Cyber Firestorm AI security risks, Anthropic Mythos, Windows zero-day, cybersecurity roundup, macOS stealer, post-quantum crypto, post-quantum cryptography https://threatdigest.io/article/can-anthropic-keep-its-exploit-writing-ai-out-of-the-wrong-hands/ CVE Watch en 2026-04-11T09:38:53.418939+00:00 Anthropic's Mythos Preview Hunts Zero-Days — But Who Controls the Leash? AI security risks, AI security tools, Anthropic Mythos, vulnerability AI, vulnerability discovery, zero-day exploits https://threatdigest.io/article/uat-10362-targets-taiwanese-ngos-with-lucidrook-malware-in-spear-phishing-campaigns/ CVE Watch en 2026-04-11T09:38:24.396366+00:00 LucidRook Unleashed: New Lua Malware Stalks Taiwan's NGOs in Stealthy Spear-Phishing Cisco Talos, DLL side-loading, LucidRook, LucidRook malware, Taiwan spear-phishing, UAT-10362, spear-phishing Taiwan https://threatdigest.io/article/cpuid-hacked-to-deliver-malware-via-cpu-z-hwmonitor-downloads/ CVE Watch en 2026-04-11T09:37:38.799071+00:00 CPUID's Trusted Tools Turn Toxic: Hackers Poison CPU-Z and HWMonitor Downloads CPU-Z malware, CPUID hack, HWMonitor trojan, infostealer trojan, supply chain attack https://threatdigest.io/article/google-warns-of-new-threat-group-targeting-bpos-and-helpdesks/ CVE Watch en 2026-04-11T09:37:29.074026+00:00 Google Exposes UNC6783: Chat-Phishing Extortion Wave Hits BPOs Where It Hurts BPO phishing, Google Threat Intelligence, MFA bypass, UNC6783, Zendesk spoofing, extortion via chat, live chat attacks https://threatdigest.io/article/critical-vulnerability-in-ninja-forms-exposes-wordpress-sites/ CVE Watch en 2026-04-11T09:36:15.887327+00:00 Ninja Forms' Deadly Upload Flaw Lets Hackers Seize WordPress Sites in Seconds Ninja Forms vulnerability, RCE WordPress, WordPress security, cvss 9.8, file upload exploit, wordfence bounty, wordpress rce https://threatdigest.io/article/critical-marimo-flaw-exploited-hours-after-public-disclosure/ CVE Watch en 2026-04-11T09:33:06.990914+00:00 Attackers Crack Marimo's RCE Flaw in Under 10 Hours — No PoC Needed CVE-2026-39987, Marimo vulnerability, RCE exploit, Sysdig honeypot https://threatdigest.io/article/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/ CVE Watch en 2026-04-11T09:31:46.514485+00:00 Gmail's Mobile E2EE Unlocks – Enterprise Privacy Gets Real Gmail E2EE, Google Workspace, client-side encryption, end-to-end encryption, enterprise email security, enterprise privacy, enterprise security https://threatdigest.io/article/threat-actors-get-crafty-with-emojis-to-escape-detection/ CVE Watch en 2026-04-11T09:29:44.115548+00:00 Hackers Ditch Code Words for Emojis to Slip Past Filters cyber evasion tactics, cybercrime communication, cybercrime tactics, dark web communication, dark web markets, detection evasion, emoji evasion, malware marketplaces, malware obfuscation, threat actor tactics, threat actors emojis https://threatdigest.io/article/russias-forest-blizzard-nabs-rafts-of-logins-via-soho-routers/ CVE Watch en 2026-04-11T09:28:07.390281+00:00 Forest Blizzard's Router Trick Steals Logins Worldwide APT28, DNS hijacking, Forest Blizzard, SOHO Routers https://threatdigest.io/article/cracks-in-the-bedrock-agent-god-mode/ CVE Watch en 2026-04-11T09:27:23.394302+00:00 AWS Bedrock AgentCore's God Mode: One Toolkit, Total Account Takeover AI agent security, AWS Bedrock AgentCore, Agent God Mode, AgentCore, AgentCore vulnerability, Amazon Bedrock, IAM Vulnerability, IAM privilege escalation, privilege escalation https://threatdigest.io/article/nearly-4000-us-industrial-devices-exposed-to-iranian-cyberattacks/ CVE Watch en 2026-04-11T09:27:14.656345+00:00 4,000 U.S. Factory PLCs Begging for Iranian Hackers Iranian cyberattacks, OT security, Rockwell Automation PLCs, critical infrastructure https://threatdigest.io/article/google-chrome-adds-infostealer-protection-against-session-cookie-theft/ CVE Watch en 2026-04-11T09:27:05.544305+00:00 Chrome's Hardware Trick to Kill Stolen Cookies: Smart Fix or Dev Headache? Chrome DBSC, DBSC, Google Chrome, Google security update, TPM security, infostealer malware, session cookie theft https://threatdigest.io/article/hackers-exploiting-acrobat-reader-zero-day-flaw-since-december/ CVE Watch en 2026-04-11T09:23:13.658394+00:00 Adobe Acrobat Zero-Day Active Since December—Users Exposed Adobe Acrobat, Adobe Acrobat Reader, CVE-2024-36364, PDF exploit, PDF vulnerability, acrobat reader zero-day, adobe pdf vulnerability, adobe vulnerability, cve-2024-20766, rce attack, remote code execution, zero-day exploit, zero-day vulnerability https://threatdigest.io/article/hims-breach-exposes-the-most-sensitive-kinds-of-phi/ CVE Watch en 2026-04-11T09:19:49.568751+00:00 Hims Hack Outs User's Bald Spots, ED Meds, and Weight Loss Secrets Hims breach, PHI exposure, Scattered Spider, data extortion, health data leak, telehealth hack, telehealth security https://threatdigest.io/article/iranian-threat-actors-disrupt-us-critical-infrastructure-via-exposed-plcs/ CVE Watch en 2026-04-11T09:17:06.452952+00:00 Iranian Hackers Hijack US PLCs: The Digital Sabotage We Saw Coming Iranian threat actors, OT security, critical infrastructure, exposed PLCs https://threatdigest.io/article/analysis-of-one-billion-cisa-kev-remediation-records-exposes-limits-of-human-scale-security/ CVE Watch en 2026-04-11T09:11:49.351642+00:00 Billion CISA Records Prove Human Security Can't Keep Up AI threats, CISA KEV, Qualys research, human-scale security, vulnerability remediation https://threatdigest.io/article/smart-slider-updates-hijacked-to-push-malicious-wordpress-joomla-versions/ CVE Watch en 2026-04-11T09:09:41.829401+00:00 Smart Slider's Poisoned Update: Hackers Slip Backdoors into 900K WordPress Sites Joomla backdoor, Smart Slider 3 Pro, Smart Slider hack, WordPress malware, plugin supply chain attack, supply chain attack