Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-13 08:00 PDT
- The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
BleepingComputer • 2026-04-13 07:05 • www.bleepingcomputer.com
New “Storm” infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. […]
https://www.bleepingcomputer.com/news/security/the-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side/ - Scans for EncystPHP Webshell, (Mon, Apr 13th)
SANS ISC Diary (full) • 2026-04-13 06:02 • isc.sans.eduLast week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the “EncystPHP” web shell. Fortinet wrote about this webshell back in January. It appears to be a favorite among attackers compromising vulnerable FreePBX systems.
- ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
The Hacker News • 2026-04-13 06:01 • thehackernews.com
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically
https://thehackernews.com/2026/04/weekly-recap-fiber-optic-spying-windows.html - Your MTTD Looks Great. Your Post-Alert Gap Doesn't
The Hacker News • 2026-04-13 04:41 • thehackernews.com
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026
https://thehackernews.com/2026/04/your-mttd-looks-great-your-post-alert.html - AI Chatbots and Trust
Schneier on Security • 2026-04-13 03:10 • www.schneier.comAll the leading AI chatbots are sycophantic, and that’s a problem:
Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically they couldn’t tell the difference between sycophantic and objective responses. Both felt equally “neutral” to them.
One example from the study: when a user asked…
https://www.schneier.com/blog/archives/2026/04/ai-chatbots-and-trust.html - North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
The Hacker News • 2026-04-13 02:15 • thehackernews.com
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT.
“The threat actor used two Facebook
https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html - JanelaRAT: a financial threat targeting users in Latin America
Securelist • 2026-04-13 02:00 • securelist.com
Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates.
https://securelist.com/janelarat-financial-threat-in-latin-america/119332/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
