Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-01 08:00 PDT
- Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
The Hacker News • 2026-04-01 07:10 • thehackernews.com
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.
The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to trick users into
https://thehackernews.com/2026/04/microsoft-warns-of-whatsapp-delivered.html - Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
BleepingComputer • 2026-04-01 07:05 • www.bleepingcomputer.com
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber’s upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. […]
https://www.bleepingcomputer.com/news/security/routine-access-is-powering-modern-intrusions-a-new-threat-report-finds/ - TeamPCP Supply Chain Campaign: Update 005 – First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
SANS ISC Diary (full) • 2026-04-01 06:08 • isc.sans.eduThis is the fifth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and AstraZeneca data release. This update consolidates two days of intelligence through April 1, 2026.
- Block the Prompt, Not the Work: The End of "Doctor No"
The Hacker News • 2026-04-01 05:46 • thehackernews.com
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.”
No to ChatGPT.
No to DeepSeek.
No to the file-sharing tool the product team swears by.
For years, this looked like security. But in 2026, “Doctor No” is no longer just a management headache &
https://thehackernews.com/2026/04/block-prompt-not-work-end-of-doctor-no.html - Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
The Hacker News • 2026-04-01 05:36 • thehackernews.com
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot.
The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in
https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.html - New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
The Hacker News • 2026-04-01 04:42 • thehackernews.com
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.
The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.
“Use-after-free in Dawn in Google Chrome prior
https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html - FBI warns against using Chinese mobile apps due to privacy risks
BleepingComputer • 2026-04-01 04:39 • www.bleepingcomputer.com
The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers. […]
https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-chinese-mobile-apps-over-to-data-security-risks/ - 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
The Hacker News • 2026-04-01 03:58 • thehackernews.com
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next.
Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms. Most
https://thehackernews.com/2026/04/3-reasons-attackers-are-using-your.html - Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
SANS ISC Diary (full) • 2026-04-01 03:44 • isc.sans.eduToday, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. They can use the registry as an alternative storage location.
- Google fixes fourth Chrome zero-day exploited in attacks in 2026
BleepingComputer • 2026-04-01 03:25 • www.bleepingcomputer.com
Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. […]
https://www.bleepingcomputer.com/news/security/google-fixes-fourth-chrome-zero-day-exploited-in-attacks-in-2026/ - A Taxonomy of Cognitive Security
Schneier on Security • 2026-04-01 02:59 • www.schneier.comLast week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but—even better—Menton has a long essay laying out the basic concepts and ideas.
The whole thing is important and well worth reading, and I hesitate to excerpt. Here’s a taste:
- Alleged RedLine malware developer extradited to United States
Graham Cluley • 2026-04-01 02:00 • www.bitdefender.com
A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/redline-malware-developer-extradited
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
