Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-24 03:00 PDT
- Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
The Hacker News • 2026-04-24 02:29 • thehackernews.com
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.
Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka
https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html - PhantomRPC: A new privilege escalation technique in Windows RPC
Securelist • 2026-04-24 01:00 • securelist.com
Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.
https://securelist.com/phantomrpc-rpc-vulnerability/119428/ - LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
The Hacker News • 2026-04-24 00:24 • thehackernews.com
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.
The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.
“A server-side
https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
