Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-01 17:00 PDT
- Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished
Graham Cluley • 2026-04-01 16:26 • grahamcluley.com
A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 – and now sits on a fortune worth $400 million. There’s just one small problem: the access codes were tucked inside his fishing rod case, which has mysteriously vanished. Or has it? Because this week, one of his frozen wallets suddenly woke up and moved $35 million – and someone had to identify themselves to do it.Meanwhile, Ajax Football Club scores a spectacular cyber own-goal, as a data breach that the club claimed affected “a few hundred” fans turns out to may have exposed the pe…
https://grahamcluley.com/smashing-security-podcast-461/ - New CrystalRAT malware adds RAT, stealer and prankware features
BleepingComputer • 2026-04-01 16:17 • www.bleepingcomputer.com
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. […]
https://www.bleepingcomputer.com/news/security/new-crystalrat-malware-adds-rat-stealer-and-prankware-features/ - Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
BleepingComputer • 2026-04-01 14:50 • www.bleepingcomputer.com
Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. […]
https://www.bleepingcomputer.com/news/security/apple-expands-ios-18-updates-to-more-iphones-to-block-darksword-attacks/ - Hackers exploit TrueConf zero-day to push malicious software updates
BleepingComputer • 2026-04-01 14:35 • www.bleepingcomputer.com
Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. […]
https://www.bleepingcomputer.com/news/security/hackers-exploit-trueconf-zero-day-to-push-malicious-software-updates/ - Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
SANS ISC Diary (full) • 2026-04-01 13:09 • isc.sans.eduToday, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. They can use the registry as an alternative storage location.
- New EvilTokens service fuels Microsoft device code phishing attacks
BleepingComputer • 2026-04-01 12:42 • www.bleepingcomputer.com
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. […]
https://www.bleepingcomputer.com/news/security/new-eviltokens-service-fuels-microsoft-device-code-phishing-attacks/ - 'NoVoice' Android malware on Google Play infected 2.3 million devices
BleepingComputer • 2026-04-01 11:07 • www.bleepingcomputer.com
A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. […]
https://www.bleepingcomputer.com/news/security/novoice-android-malware-on-google-play-infected-23-million-devices/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
