Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-07 13:00 PDT
- Snowflake customers hit in data theft attacks after SaaS integrator breach
BleepingComputer • 2026-04-07 12:39 • www.bleepingcomputer.com
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. […]
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/ - A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
SANS ISC Diary (full) • 2026-04-07 11:28 • isc.sans.eduWebshells remain a popular method for attackers to maintain persistence on a compromised web server. Many “arbitrary file write” and “remote code execution” vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these files keep changing and are often chosen to “fit in” with other files. Webshells themselves are also often used by parasitic attacks to compromise a server. Sadly (?), attackers are not always selecting good passwords either. In some cases, webshells come with pre-set backdoor credentials, which may be overlooke…
https://isc.sans.edu/diary/rss/32874 - US warns of Iranian hackers targeting critical infrastructure
BleepingComputer • 2026-04-07 11:02 • www.bleepingcomputer.com
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. […]
https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-targeting-critical-infrastructure/ - Cybersecurity in the Age of Instant Software
Schneier on Security • 2026-04-07 10:07 • www.schneier.comAI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.
AI is changing cybersecurity as well. I…
https://www.schneier.com/blog/archives/2026/04/cybersecurity-in-the-age-of-instant-software.html - Russia Hacked Routers to Steal Microsoft Office Tokens
KrebsOnSecurity • 2026-04-07 10:02 • krebsonsecurity.com
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/ - Max severity Flowise RCE vulnerability now exploited in attacks
BleepingComputer • 2026-04-07 10:02 • www.bleepingcomputer.com
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. […]
https://www.bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/ - Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
The Hacker News • 2026-04-07 09:48 • thehackernews.com
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025.
The large-scale exploitation campaign has been codenamed
https://thehackernews.com/2026/04/russian-state-linked-apt28-exploits.html - [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
The Hacker News • 2026-04-07 09:29 • thehackernews.com
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing.
According to new research from the Ponemon Institute, hundreds of applications within the typical enterprise remain disconnected from centralized identity systems. These “dark
https://thehackernews.com/2026/04/webinar-how-to-close-identity-gaps-in.html - Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
BleepingComputer • 2026-04-07 08:51 • www.bleepingcomputer.com
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. […]
https://www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/ - Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
The Hacker News • 2026-04-07 08:15 • thehackernews.com
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances.
The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024.
“
https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.html - Why Your Automated Pentesting Tool Just Hit a Wall
BleepingComputer • 2026-04-07 07:01 • www.bleepingcomputer.com
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the “PoC cliff” leaves major attack surfaces untested and creates a dangerous validation gap. […]
https://www.bleepingcomputer.com/news/security/why-your-automated-pentesting-tool-just-hit-a-wall/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
