Threat Intel

Wed, 15 Apr 2026 20:06:34 -0400

Trusted access for the next era of cyber defense | OpenAI

OpenAI is expanding its Trusted Access for Cyber (TAC) program to provide thousands of verified defenders and hundreds of teams with access to advanced AI models, including the new GPT-5.4-Cyber, specifically fine-tuned for defensive cybersecurity use cases. This initiative emphasizes democratized access, iterative deployment, and ecosystem resilience to accelerate cyber defense efforts while implementing robust safeguards and verification processes to prevent misuse.

Wed, 15 Apr 2026 20:03:16 -0400

Microsoft Raises Prices for All Surface PCs, Making Them More Expensive Than Equivalent Macs - MacRumors

Microsoft has raised prices for all its Surface PCs, citing increased memory and component costs due to global memory shortages. These price hikes now make most Surface models, including the Surface Pro and Surface Laptop, more expensive than their equivalent Mac counterparts.

Tue, 14 Apr 2026 16:44:00 -0400

Apple Removes Fake Crypto Wallet App That Stole $9.5 Million From Mac Users - MacRumors

A fake crypto wallet app disguised as Ledger Live was available on the Mac App Store, successfully scamming Mac users out of $9.5 million in cryptocurrency before being removed by Apple. The fraudulent app, which operated for about two weeks, tricked users into revealing their seed phrases, a tactic not used by legitimate crypto wallets.

Tue, 14 Apr 2026 15:43:30 -0400

Backblaze has quietly stopped backing up your data | Robert Reese’s Website

Article claims : Backblaze has quietly stopped backing up user data from cloud storage folders like OneDrive and Dropbox, and also .git folders, despite previously promising to back up all data. This change, implemented without direct user notification, means Backblaze is no longer fulfilling its core function of comprehensive data backup, eroding user trust.

Mon, 13 Apr 2026 13:21:03 -0400

Iran-Linked CyberAv3ngers Sets Sights on Water Utilities and Industrial Controllers - Cyber Security News

The Iran-linked CyberAv3ngers group, formally connected to the IRGC-CEC, has evolved into a significant threat targeting U.S. critical infrastructure, including water and wastewater systems and energy facilities. They have exploited vulnerabilities in programmable logic controllers (PLCs) and deployed custom malware like IOCONTROL, causing operational disruption and financial losses.

Mon, 13 Apr 2026 13:20:02 -0400

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

The new Storm infostealer operates by hijacking browser sessions and decrypting data server-side, a shift from traditional methods that evaded endpoint security. For a monthly fee, it harvests credentials, session cookies, and crypto wallets, enabling attackers to gain authenticated access to SaaS platforms and cloud environments without triggering alerts.

Mon, 13 Apr 2026 13:19:02 -0400

Hackers claim breach of Rockstar Games via cloud analytics platform | The Record from Recorded Future News

The cybercrime group ShinyHunters claims to have breached Rockstar Games systems through a cloud analytics platform, threatening to release stolen data if a ransom is not paid. Rockstar Games confirmed a limited data breach but stated it has no impact on the company or its players.

Mon, 13 Apr 2026 13:18:02 -0400

Apache Tomcat Vulnerabilities Enables Bypass of EncryptInterceptor

Multiple Apache Tomcat vulnerabilities have been disclosed, including a critical EncryptInterceptor bypass (CVE-2026-34486) resulting from a flawed security patch, and issues related to padding oracle attacks and certificate authentication (CVE-2026-34500). Administrators are urged to update to the latest secure releases to mitigate these risks.

Mon, 13 Apr 2026 13:16:42 -0400

Marimo RCE Vulnerability Exploited in the Within 10 Hours of Disclosure

A critical pre-authentication RCE vulnerability (CVE-2026-39987) in the Marimo Python notebook platform was exploited within 10 hours of its disclosure, allowing attackers to steal cloud credentials. The flaw affects the /terminal/ws endpoint, and users are advised to update to version 0.23.0 or later immediately.

Mon, 13 Apr 2026 13:15:15 -0400

APT41 Delivers ‘Undetectable’ Backdoor to Steal Cloud Credentials

The China-backed threat group APT41 is utilizing a ‘zero-detection’ backdoor to target cloud environments like AWS, Google, Azure, and Alibaba, aiming to harvest credentials. This sophisticated malware, written in ELF format, employs typosquatting and uses SMTP port 25 for covert command-and-control (C2), making its activity exceptionally difficult to detect.

Mon, 13 Apr 2026 13:14:00 -0400

BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware

The BITTER APT group is using Signal, Google, and Zoom lures in spearphishing attacks to spread ProSpy and ToSpy spyware, targeting journalists and activists in the Middle East. These attacks trick victims into downloading malware that can steal photos, messages, and files by impersonating legitimate login pages and using malicious QR codes.

Mon, 13 Apr 2026 13:12:54 -0400

Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw

Adobe has released an emergency fix for a zero-day vulnerability (CVE-2026-34621) in Acrobat and Reader that allowed malicious PDFs to bypass sandbox restrictions and execute arbitrary code. The flaw, exploited since December, enabled attackers to read and steal local files, and was discovered by Haifei Li after a suspicious PDF sample was submitted for analysis.

Mon, 13 Apr 2026 13:11:43 -0400

Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels

Cybercriminals are exploiting GitHub and Jira notification systems to deliver phishing emails, bypassing traditional security measures by using the platforms' own verified infrastructure. This tactic, termed Platform-as-a-Proxy (PaaP), leverages automated notifications for fake invoices or alerts to harvest user credentials.

Mon, 13 Apr 2026 13:10:07 -0400

FBI, Indonesia take down W3LL phishing tool | The Record from Recorded Future News

The FBI and Indonesian law enforcement have dismantled the W3LL phishing tool, a platform that enabled hackers to create fake login portals for $500, leading to the arrest of its alleged developer and seizure of critical domains. This sophisticated cybercrime service facilitated the theft of over 25,000 compromised accounts and was used in attacks targeting more than 56,000 corporate Microsoft 365 accounts globally.

Mon, 13 Apr 2026 13:09:32 -0400

Claude AI Reportedly Down for Hundreds of Users With Intermittent 500 Errors - Cyber Security News

Hundreds of users reported Claude AI experiencing intermittent 500 errors on April 13, 2026, affecting its website, API, and Claude Code, despite the official status page indicating all systems are operational. This incident adds to a pattern of recurring disruptions for Anthropic’s AI services throughout March and April.

Mon, 13 Apr 2026 13:08:23 -0400

PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage

A recent PwC survey reveals that cybersecurity is a top three risk for 60% of American corporations, yet only 6% feel capable of addressing it. Despite increased investments in technology and AI, companies often operate defensively, with attackers leveraging AI to exploit vulnerabilities at an unprecedented speed and scale.

Mon, 13 Apr 2026 13:06:21 -0400

Rockstar confirms it was hacked as attackers threaten to leak data | KitGuru

Rockstar Games has confirmed it was the victim of a recent cyber-attack, where a hacking group called ShinyHunters gained access to a limited amount of non-material company information from cloud-based servers. The attackers are threatening to leak the stolen data, which includes financial information and player habit studies, after their ransom demand went unpaid.

Mon, 13 Apr 2026 13:05:10 -0400

Booking.com warns customers of hack that exposed their data | Hacking | The Guardian

Booking.com has alerted customers to a data breach where unauthorised parties accessed booking details, including names, emails, addresses, and phone numbers, but not financial information. This incident is the latest in a series of cybercrime attempts targeting the platform.

Sat, 11 Apr 2026 18:25:07 -0400

FBI Recovers Deleted Signal Messages Through iPhone Notifications

The FBI has discovered a method to recover deleted Signal messages from iPhones by accessing notification data, even after the app is deleted. This loophole, which affects other messaging apps like WhatsApp and Telegram as well, can be mitigated by disabling message previews in both iPhone and app notification settings.

Sat, 11 Apr 2026 18:23:57 -0400

GlassWorm evolves with Zig dropper to infect multiple developer tools

The GlassWorm campaign has evolved to use a Zig-compiled dropper hidden within a fake IDE extension to infect multiple developer tools, including VS Code, Cursor, and VSCodium. This sophisticated attack chain allows threat actors to stealthily compromise developer environments at scale by installing a second-stage dropper that steals data and deploys a persistent RAT.

Sat, 11 Apr 2026 18:22:34 -0400

OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately

OpenAI is warning macOS users to update ChatGPT and other applications immediately due to a software supply chain attack that compromised a third-party library, potentially exposing code-signing certificates. While no user data or systems were compromised, updating is crucial as older versions will become non-functional after May 8, 2026.

Sat, 11 Apr 2026 18:21:37 -0400

Over 20,000 crypto fraud victims identified in international crackdown

An international law enforcement operation named Operation Atlantic has identified over 20,000 victims of cryptocurrency fraud across Canada, the UK, and the US, freezing over $12 million in criminal proceeds and identifying over $45 million in stolen crypto. This operation highlights the success of public-private partnerships in combating fraud, a model that will be central to the UK’s new Fraud Strategy.

Sat, 11 Apr 2026 18:20:21 -0400

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

Censys has identified 5,219 internet-exposed Rockwell Automation PLCs, with the majority located in the U.S., that are vulnerable to attacks by Iranian APTs. These devices are being targeted to disrupt critical infrastructure sectors, prompting urgent calls for defenders to secure or disconnect them.

Fri, 10 Apr 2026 08:54:53 -0400

The Art of the Gray Man: How to Travel Smart, Stay Safe, and Experience More of the World | Edward Kiledjian

A practical guide to the “gray man” approach to travel—how to blend in, stay aware, and reduce risk without paranoia. Learn how behaviour, mindset, and digital hygiene can make you less of a target and more in control wherever you go.

Fri, 10 Apr 2026 08:51:24 -0400

Critical Marimo Flaw Exploited Hours After Public Disclosure - SecurityWeek

A critical remote code execution (RCE) vulnerability in the Marimo notebook, CVE-2026-39987, was exploited by a threat actor just nine hours after its public disclosure. The unauthenticated flaw allows arbitrary system command execution, and the attacker successfully used it to steal credentials and exfiltrate files.