TECHZONE™

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the

After Mythos: New Playbooks For a Zero-Window Era https://thehackernews.com/2026/04/after-mythos-new-playbooks-for-zero.html When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities and subtle cracks

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks https://thehackernews.com/2026/04/chinese-silk-typhoon-hacker-extradited.html A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent's identity lifecycle operations in a

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining acting as seemingly

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to

The calm before the ransom: What you see is not all there is https://www.welivesecurity.com/en/ransomware/calm-ransom-what-you-see-is-not-all-there-is/ A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.'s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws. "For years, NASA employees

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge with independent authority. They are triggered, invoked, provisioned, or

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets," Kaspersky

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data. "A server-side