Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-01 13:00 PDT
- New EvilTokens service fuels Microsoft device code phishing attacks
BleepingComputer • 2026-04-01 12:42 • www.bleepingcomputer.com
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. […]
https://www.bleepingcomputer.com/news/security/new-eviltokens-service-fuels-microsoft-device-code-phishing-attacks/ - 'NoVoice' Android malware on Google Play infected 2.3 million devices
BleepingComputer • 2026-04-01 11:07 • www.bleepingcomputer.com
A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. […]
https://www.bleepingcomputer.com/news/security/novoice-android-malware-on-google-play-infected-23-million-devices/ - Is “Hackback” Official US Cybersecurity Strategy?
Schneier on Security • 2026-04-01 09:57 • www.schneier.comThe 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone.
But one sentence stood out: “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” This sounds like a call for hackback: giving private companies permission to conduct offensive cyber operations….
https://www.schneier.com/blog/archives/2026/04/is-hackback-official-us-cybersecurity-strategy.html - CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
The Hacker News • 2026-04-01 09:10 • thehackernews.com
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE.
As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA to distribute a password-protected ZIP archive
https://thehackernews.com/2026/04/cert-ua-impersonation-campaign-spread.html - Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
The Hacker News • 2026-04-01 07:10 • thehackernews.com
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.
The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to trick users into
https://thehackernews.com/2026/04/microsoft-warns-of-whatsapp-delivered.html - Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
BleepingComputer • 2026-04-01 07:05 • www.bleepingcomputer.com
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber’s upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. […]
https://www.bleepingcomputer.com/news/security/routine-access-is-powering-modern-intrusions-a-new-threat-report-finds/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
