Security News Feed Aggregated from trusted cybersecurity sources

1091

Total Articles

Security News

Latest cybersecurity news from CISA, Krebs on Security, and other trusted sources

1091

CVE Mentions

4

Sources

Filter by source: All Sources darkreading hackernews krebs sans

hackernews Apr 09, 2026 at 12:57

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in

hackernews Apr 09, 2026 at 11:31

The Hidden Security Risks of Shadow AI in Enterprises

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creating new blind spots in what is known as shadow AI. While similar to the phenomenon of

hackernews Apr 09, 2026 at 11:15

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact ("Invoice540.pdf") first appeared on the VirusTotal platform on November 28, 2025. A second 

hackernews Apr 09, 2026 at 10:40

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists and government critics, Mostafa

sans Apr 09, 2026 at 02:00

ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)

darkreading Apr 09, 2026 at 01:00

Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers

Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.

sans Apr 09, 2026 at 00:58

Number Usage in Passwords: Take Two, (Thu, Apr 9th)

In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially when password change requirements include frequenty password changes. Some examples we might see today:

darkreading Apr 08, 2026 at 20:21

Threat Actors Get Crafty With Emojis to Escape Detection

When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.

darkreading Apr 08, 2026 at 19:47

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.

hackernews Apr 08, 2026 at 17:51

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices," Darktrace said in a new report.

sans Apr 08, 2026 at 17:15

TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;"When the Security Scanner Became the Weapon"&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;(v3.0, March 25, 2026).&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;Update 006&&#x23;x26;&#x23;xc2;&&#x23;x26;&#x23;xa0;covered developments through April 3, including the CERT-EU European Commission breach disclosure, ShinyHunters&&#x23;x26;&#x23;39; confirmation of credential sharing, Sportradar breach details, and Mandiant&&#x23;x26;&#x23;39;s quantification of 1,000+ compromised SaaS environments. This update consolidates five days of intelligence from April 3 through April 8, 2026.

hackernews Apr 08, 2026 at 16:30

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures. "Built for

darkreading Apr 08, 2026 at 15:45

Fraud Rockets Higher in Mobile-First Latin America

Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.

darkreading Apr 08, 2026 at 14:43

Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus

sans Apr 08, 2026 at 14:23

More Honeypot Fingerprinting Scans, (Wed, Apr 8th)

One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes!

darkreading Apr 08, 2026 at 14:22

Niobium Introduces The Fog

darkreading Apr 08, 2026 at 14:08

Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams

hackernews Apr 08, 2026 at 13:50

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro

darkreading Apr 08, 2026 at 13:46

Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs

Attackers compromised Internet-facing OT devices and caused file and display manipulation, operational disruption, and financial losses across sectors.

hackernews Apr 08, 2026 at 11:30

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.  The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and

About Security News

This feed aggregates the latest cybersecurity news from trusted sources to help you stay informed about emerging threats, vulnerabilities, and security trends.

Our Sources

CISA Alerts - Official US Gov
Krebs on Security
BleepingComputer
The Hacker News
Dark Reading
SANS ISC

Security Hub