Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-10 03:00 PDT
- Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
The Hacker News • 2026-04-10 00:58 • thehackernews.com
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta.
The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release.
“This project represents a significant
https://thehackernews.com/2026/04/google-rolls-out-dbsc-in-chrome-146-to.html - Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
SANS ISC Diary (full) • 2026-04-09 23:40 • isc.sans.eduI spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS†(SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV's on VirusTotal[1].
- Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
The Hacker News • 2026-04-09 23:28 • thehackernews.com
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor.
The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro
https://thehackernews.com/2026/04/backdoored-smart-slider-3-pro-update.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
