TECHZONE™

GopherWhisper: A burrow full of malware https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/ ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from JFrog and Socket. "The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in 'bw1.js,' a file included in the package contents," the application security company said. "The attack appears to have leveraged

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work

[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We call this the Collapsing Exploit Window, and it means your

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them? https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can. Mythos Preview, the model that led to Project Glasswing, found

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. "The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal," Slovakian cybersecurity company ESET said in a report shared with The Hacker

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra set of compromise indicators, alongside a review of requests to the Vercel network and environment

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction. "Notifications marked for deletion could be unexpectedly retained on the device,"

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal," according to

New NGate variant hides in a trojanized NFC payment app https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/ ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation https://thehackernews.com/2026/04/systembc-c2-server-reveals-1570-victims.html Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims. "SystemBC establishes SOCKS5 network tunnels within

22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters https://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 https://thehackernews.com/2026/04/ransomware-negotiator-pleads-guilty-to.html A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms. "Working as a negotiator on behalf of five different

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time https://thehackernews.com/2026/04/5-places-where-mature-socs-keep-mttr.html Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage.  The root cause of slow MTTR is almost never "not enough analysts." It is almost always the same structural problem: threat intelligence that exists

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks https://thehackernews.com/2026/04/no-exploit-needed-how-attackers-walk.html The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs https://thehackernews.com/2026/04/ngate-campaign-targets-brazil.html Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated," ESET security researcher Lukáš Štefanko said in a report

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict