Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-08 13:00 PDT
- New macOS stealer campaign uses Script Editor in ClickFix attack
BleepingComputer • 2026-04-08 11:55 • www.bleepingcomputer.com
A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. […]
https://www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/ - CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
BleepingComputer • 2026-04-08 11:15 • www.bleepingcomputer.com
CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. […]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday/ - New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
The Hacker News • 2026-04-08 10:51 • thehackernews.com
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat’scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet’s targeting infrastructure.
“Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices,” Darktrace said in a new report.
https://thehackernews.com/2026/04/new-chaos-variant-targets-misconfigured.html - 13-year-old bug in ActiveMQ lets hackers remotely execute commands
BleepingComputer • 2026-04-08 10:26 • www.bleepingcomputer.com
Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. […]
https://www.bleepingcomputer.com/news/security/13-year-old-bug-in-activemq-lets-hackers-remotely-execute-commands/ - TeamPCP Supply Chain Campaign: Update 007 – Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
SANS ISC Diary (full) • 2026-04-08 10:15 • isc.sans.eduThis is the seventh update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 006Â&#&…
https://isc.sans.edu/diary/rss/32880 - Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
The Hacker News • 2026-04-08 09:30 • thehackernews.com
Cybersecurity researchers have lifted the curtain on a stealthy botnet that’s designed for distributed denial-of-service (DDoS) attacks.
Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It’s capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures.
“Built for
https://thehackernews.com/2026/04/masjesu-botnet-emerges-as-ddos-for-hire.html - More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
SANS ISC Diary (full) • 2026-04-08 07:23 • isc.sans.eduOne question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes!
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
