Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-22 08:00 PDT
- Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
BleepingComputer • 2026-04-22 07:01 • www.bleepingcomputer.com
Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage “Caller-as-a-Service” operations like a professional sales team. […]
https://www.bleepingcomputer.com/news/security/inside-caller-as-a-service-fraud-the-scam-economy-has-a-hiring-process/ - New npm supply-chain attack self-spreads to steal auth tokens
BleepingComputer • 2026-04-22 05:57 • www.bleepingcomputer.com
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. […]
https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/ - Microsoft Teams to get efficiency mode on PCs with limited resources
BleepingComputer • 2026-04-22 05:24 • www.bleepingcomputer.com
Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-gets-efficiency-mode-for-hardware-constrained-devices/ - ICE Uses Graphite Spyware
Schneier on Security • 2026-04-22 04:02 • www.schneier.comICE has admitted that it uses spyware from the Israeli company Graphite.
https://www.schneier.com/blog/archives/2026/04/ice-uses-graphite-spyware.html
- Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
The Hacker News • 2026-04-22 03:55 • thehackernews.com
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.
Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.
“Two batch scripts are responsible for initiating the
https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html - Toxic Combinations: When Cross-App Permissions Stack into Risk
The Hacker News • 2026-04-22 03:41 • thehackernews.com
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.
The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents,
https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html - Microsoft traces Universal Print issues to Graph API code change
BleepingComputer • 2026-04-22 03:15 • www.bleepingcomputer.com
Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-graph-api-code-change-causes-universal-print-share-issues/ - New GoGra malware for Linux uses Microsoft Graph API for comms
BleepingComputer • 2026-04-22 03:00 • www.bleepingcomputer.com
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. […]
https://www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/ - Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
The Hacker News • 2026-04-22 02:29 • thehackernews.com
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.
The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw.
“Improper verification of cryptographic
https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
