Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-24 08:00 PDT
- DORA and operational resilience: Credential management as a financial risk control
BleepingComputer • 2026-04-24 07:10 • www.bleepingcomputer.com
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach looks like when those controls are missing. […]
https://www.bleepingcomputer.com/news/security/dora-and-operational-resilience-credential-management-as-a-financial-risk-control/ - Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
BleepingComputer • 2026-04-24 06:35 • www.bleepingcomputer.com
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. […]
https://www.bleepingcomputer.com/news/security/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable/ - Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
The Hacker News • 2026-04-24 04:49 • thehackernews.com
The AI Agent Authority Gap – From Ungoverned to Delegation
As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly.
The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge with independent authority. They are triggered, invoked, provisioned, or
https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html - 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
The Hacker News • 2026-04-24 04:48 • thehackernews.com
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025.
“Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets,” Kaspersky
https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html - Microsoft now lets admins uninstall Copilot on enterprise devices
BleepingComputer • 2026-04-24 04:38 • www.bleepingcomputer.com
Microsoft says IT administrators can now uninstall the AI-powered Copilot digital assistant from enterprise devices using a new policy setting, which has become broadly available after the April 2026 Patch Tuesday. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-admins-uninstall-copilot-on-enterprise-devices/ - Hiding Bluetooth Trackers in Mail
Schneier on Security • 2026-04-24 04:01 • www.schneier.comIt was used to track a Dutch naval ship:
Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to track the ship for about a day, watching it sail from Heraklion, Crete, bef…
https://www.schneier.com/blog/archives/2026/04/hiding-bluetooth-trackers-in-mail.html - Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
The Hacker News • 2026-04-24 02:29 • thehackernews.com
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.
Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka
https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
