TECHZONE™

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below - CVE-2026-20184 (CVSS score: 9.8) - An improper certificate validation in the integration of single sign-on (SSO)

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks https://thehackernews.com/2026/04/obsidian-plugin-abuse-delivers.html A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu https://thehackernews.com/2026/04/hidden-passenger-how-taboola-routes.html A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical breakdown in the Security Intelligence Brief. Download now → The "First-Hop Bias" Blind Spot Most&

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign https://thehackernews.com/2026/04/uac-0247-targets-ukrainian-clinics-and.html The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which was observed between March and April

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails https://thehackernews.com/2026/04/n8n-webhooks-abused-since-october-2025.html Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database 

Deterministic + Agentic AI: The Architecture Exposure Validation Requires https://thehackernews.com/2026/04/deterministic-agentic-ai-architecture.html Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams https://thehackernews.com/2026/04/openai-launches-gpt-54-cyber-with.html OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below - CVE-2026-40176 (CVSS

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) -  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 https://thehackernews.com/2026/04/janelarat-malware-targets-latin.html Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect system metadata. "One of the

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts https://thehackernews.com/2026/04/fbi-and-indonesian-police-dismantle.html The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims' account credentials and attempt more than $20 million in fraud. In tandem, authorities detained the alleged developer, who has&

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More https://thehackernews.com/2026/04/weekly-recap-fiber-optic-spying-windows.html Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically

Your MTTD Looks Great. Your Post-Alert Gap Doesn't https://thehackernews.com/2026/04/your-mttd-looks-great-your-post-alert.html Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmore warned that similar capabilities are weeks or months from proliferation. CrowdStrike's 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant's M-Trends

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident https://thehackernews.com/2026/04/openai-revokes-macos-app-certificate.html OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found no

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads https://thehackernews.com/2026/04/cpuid-breach-distributes-stx-rat-via.html Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 https://thehackernews.com/2026/04/adobe-patches-actively-exploited.html Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described as