Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-02 08:00 PDT
- Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
SANS ISC Diary (full) • 2026-04-02 07:49 • isc.sans.eduFrom its GitHub repo: “Vite (French word for “quick”, pronounced /vi?t/, like “veet”) is a new breed of frontend build tooling that significantly improves the frontend development experience” [https://github.com/vitejs/vite].
- Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
BleepingComputer • 2026-04-02 07:01 • www.bleepingcomputer.com
Threat actors are exploiting vacant homes as “drop addresses” to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. […]
https://www.bleepingcomputer.com/news/security/adversaries-exploit-vacant-homes-to-intercept-mail-in-hybrid-cybercrime/ - New Progress ShareFile flaws can be chained in pre-auth RCE attacks
BleepingComputer • 2026-04-02 06:33 • www.bleepingcomputer.com
Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. […]
https://www.bleepingcomputer.com/news/security/new-progress-sharefile-flaws-can-be-chained-in-pre-auth-rce-attacks/ - Medtech giant Stryker fully operational after data-wiping attack
BleepingComputer • 2026-04-02 06:28 • www.bleepingcomputer.com
Stryker Corporation, one of the world’s leading medical technology companies, says it’s fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. […]
https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-fully-operational-after-data-wiping-attack/ - ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
The Hacker News • 2026-04-02 05:45 • thehackernews.com
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week.
Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws
https://thehackernews.com/2026/04/threatsday-bulletin-pre-auth-chains.html - Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
The Hacker News • 2026-04-02 04:42 • thehackernews.com
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
“Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,” Elastic
https://thehackernews.com/2026/04/researchers-uncover-mining-operation.html - The State of Trusted Open Source Report
The Hacker News • 2026-04-02 04:30 • thehackernews.com
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside the vulnerabilities and
https://thehackernews.com/2026/04/the-state-of-trusted-open-source-report.html - Critical Cisco IMC auth bypass gives attackers Admin access
BleepingComputer • 2026-04-02 04:01 • www.bleepingcomputer.com
Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. […]
https://www.bleepingcomputer.com/news/security/critical-cisco-imc-auth-bypass-gives-attackers-admin-access/ - Possible US Government iPhone Hacking Tool Leaked
Schneier on Security • 2026-04-02 03:05 • www.schneier.comWired writes (alternate source):
Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it v…
https://www.schneier.com/blog/archives/2026/04/possible-us-government-iphone-hacking-tool-leaked.html - WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
The Hacker News • 2026-04-02 02:51 • thehackernews.com
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware.
According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in Italy. It’s assessed that the threat actors behind the activity used social engineering
https://thehackernews.com/2026/04/whatsapp-alerts-200-users-after-fake.html - Microsoft links Classic Outlook issue to email delivery problems
BleepingComputer • 2026-04-02 02:12 • www.bleepingcomputer.com
Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-links-classic-outlook-bug-to-email-delivery-issues/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
