1. ShinyHunters compromised Cisco source code and AWS keys by exploiting a supply chain vulnerability in Trivy. The breach resulted in the unauthorized cloning of over 300 repositories (https://www.reddit.com/r/netsec/comments/1sa8nld/cisco_source_code_stolen_by_shinyhunters_via/).
2. Google released a patch for a high severity Chrome zero day vulnerability identified as CVE 2026 5281 which is currently under active exploitation (https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html).
3. Apple expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to protect a wider range of devices against the actively exploited DarkSword exploit kit (https://thehackernews.com/2026/04/apple-expands-ios-1877-update-to-more.html).
4. Over 14000 F5 BIG IP APM instances remain exposed to remote code execution attacks despite ongoing exploitation efforts (https://www.bleepingcomputer.com/news/security/over-14-000-f5-big-ip-apm-instances-still-exposed-to-rce-attacks/).
5. The UAC 0255 threat group is conducting a phishing campaign impersonating CERT UA to distribute the AGEWHEEZE remote administration tool (https://thehackernews.com/2026/04/cert-ua-impersonation-campaign-spread.html).
6. Microsoft identified a campaign using WhatsApp messages to distribute malicious Visual Basic Script files that bypass User Account Control (https://thehackernews.com/2026/04/microsoft-warns-of-whatsapp-delivered.html).
7. A new malware as a service called CrystalRAT is being marketed on Telegram offering remote access, data theft, and clipboard hijacking capabilities (https://www.bleepingcomputer.com/news/security/new-crystalrat-malware-adds-rat-stealer-and-prankware-features/).
8. WhatsApp warned users of a fake application specifically designed for iPhones by the Italian spyware manufacturer SIO to distribute spyware (https://therecord.media/whatsapp-warns-users-of-fake-app-used-for-spyware).
9. The NoVoice Android malware was discovered on Google Play having successfully infected approximately 2.3 million devices (https://www.reddit.com/r/cybersecurity/comments/1s9y5ic/novoice_android_malware_on_google_play_infected/).
10. Hasbro confirmed it was the victim of a cyberattack and stated that recovery efforts may take several weeks (https://www.reddit.com/r/cybersecurity/comments/1s9wb6s/hasbro-says-it-was-hacked-and-may-take-several/).
11. The European Union confirmed a cyberattack occurred following a breach of its cloud storage systems (https://www.reddit.com/r/cybersecurity/comments/1s9l1en/eu_confirms_cyberattack_after_hackers_breach/).
12. A phishing campaign targeting Latin American and European organizations is delivering the Casbaneiro banking trojan via Horabot malware (https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.html).
13. Palo Alto Networks Unit 42 reported on the widespread impact of a supply chain attack targeting Axios (https://unit42.paloaltonetworks.com/axios-supply-chain-attack/).
Be First to Comment