Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-06 13:00 PDT
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
BleepingComputer • 2026-04-06 12:19 • www.bleepingcomputer.com
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. […]
https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/ - Microsoft fixes Classic Outlook bug causing email delivery issues
BleepingComputer • 2026-04-06 12:19 • www.bleepingcomputer.com
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/ - New Mexico’s Meta Ruling and Encryption
Schneier on Security • 2026-04-06 12:09 • www.schneier.comMike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general:
If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it leads in practice.
One of the key pieces of evidence the New Mexico attorney general us…
https://www.schneier.com/blog/archives/2026/04/new-mexicos-meta-ruling-and-encryption.html - Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
The Hacker News • 2026-04-06 11:37 • thehackernews.com
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East.
The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point.
“The campaign is primarily
https://thehackernews.com/2026/04/iran-linked-password-spraying-campaign.html - Microsoft removes Support and Recovery Assistant from Windows
BleepingComputer • 2026-04-06 10:45 • www.bleepingcomputer.com
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/ - Microsoft links Medusa ransomware affiliate to zero-day attacks
BleepingComputer • 2026-04-06 09:56 • www.bleepingcomputer.com
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. […]
https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/ - Drift $280M crypto theft linked to 6-month in-person operation
BleepingComputer • 2026-04-06 09:35 • www.bleepingcomputer.com
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building “a functioning operational presence inside the Drift ecosystem.” […]
https://www.bleepingcomputer.com/news/security/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/ - DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
The Hacker News • 2026-04-06 09:24 • thehackernews.com
Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea.
The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF
https://thehackernews.com/2026/04/dprk-linked-hackers-use-github-as-c2-in.html - CISA orders feds to patch exploited Fortinet EMS flaw by Friday
BleepingComputer • 2026-04-06 09:02 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. […]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/ - Why Simple Breach Monitoring is No Longer Enough
BleepingComputer • 2026-04-06 07:02 • www.bleepingcomputer.com
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can’t keep up with modern credential-based attacks. […]
https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
