Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-13 13:00 PDT
- Critical flaw in wolfSSL library enables forged certificate use
BleepingComputer • 2026-04-13 12:56 • www.bleepingcomputer.com
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. […]
https://www.bleepingcomputer.com/news/security/critical-flaw-in-wolfssl-library-enables-forged-certificate-use/ - FBI takedown of W3LL phishing service leads to developer arrest
BleepingComputer • 2026-04-13 11:55 • www.bleepingcomputer.com
The FBI Atlanta Field Office and Indonesian authorities have dismantled the “W3LL” global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. […]
https://www.bleepingcomputer.com/news/security/fbi-takedown-of-w3ll-phishing-service-leads-to-developer-arrest/ - OpenAI rotates macOS certs after Axios attack hit code-signing workflow
BleepingComputer • 2026-04-13 10:39 • www.bleepingcomputer.com
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. […]
https://www.bleepingcomputer.com/news/security/openai-rotates-macos-certs-after-axios-attack-hit-code-signing-workflow/ - New Booking.com data breach forces reservation PIN resets
BleepingComputer • 2026-04-13 10:30 • www.bleepingcomputer.com
Booking.com has confirmed via a statement to BleepingComputer that it has detected unauthorized access to its systems that has exposed sensitive reservation and user data. […]
https://www.bleepingcomputer.com/news/security/new-bookingcom-data-breach-forces-reservation-pin-resets/ - JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
The Hacker News • 2026-04-13 10:15 • thehackernews.com
Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT.
A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect system metadata.
“One of the
https://thehackernews.com/2026/04/janelarat-malware-targets-latin.html - On Anthropic’s Mythos Preview and Project Glasswing
Schneier on Security • 2026-04-13 09:52 • www.schneier.comThe cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whole slew of public domain and proprietary software, with the aim of finding and patching all the vulnerabilities before hackers get their hands on the model and exploit them.
- Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
BleepingComputer • 2026-04-13 08:37 • www.bleepingcomputer.com
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. […]
https://www.bleepingcomputer.com/news/security/adobe-rolls-out-emergency-fix-for-acrobat-reader-zero-day-flaw/ - FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
The Hacker News • 2026-04-13 07:46 • thehackernews.com
The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims’ account credentials and attempt more than $20 million in fraud.
In tandem, authorities detained the alleged developer, who has&
https://thehackernews.com/2026/04/fbi-and-indonesian-police-dismantle.html - The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
BleepingComputer • 2026-04-13 07:05 • www.bleepingcomputer.com
New “Storm” infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. […]
https://www.bleepingcomputer.com/news/security/the-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
