Cybersecurity Newsfeed - 10/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 10/04/26
🛡️ Vulnerabilities
BlueHammer Windows Privilege Escalation: Researchers have identified the “BlueHammer” exploit, which targets a critical Windows vulnerability in system call management. It allows attackers with low-level access to gain full administrative control. More info
SQL Injection Risks in Claude AI Tools: The Claude Code and Claude.md tools may act as vectors for SQL injection if AI-generated code snippets are deployed without proper input sanitization. More info
NotNullOSX Crypto Malware: A new macOS variant is targeting cryptocurrency wallets via deceptive installers to exfiltrate private keys and seed phrases. More info
Atomic Stealer “ClickFix” Campaign: macOS users are being targeted by fake browser update prompts that deliver the Atomic Stealer malware to harvest passwords and crypto data. More info
- Apple iOS 26.4.1 Update: Apple has released enhanced Stolen Device Protection features to mitigate the risk of unauthorized access via stolen passcodes. More info
🎯 Adversaries
LucidRook Malware Targets NGOs and Universities: A sophisticated modular backdoor linked to Chinese state-sponsored actors is targeting academic and humanitarian sectors for intelligence gathering and document exfiltration. More info
Venom Campaign Targets Senior Executives: Attackers are using Adversary-in-the-Middle (AiTM) techniques to bypass MFA and steal Microsoft 365 credentials from high-value corporate targets using financial and legal lures. More info
Iranian Actors Target Global Critical Infrastructure: Intelligence reports indicate Iranian threat actors are exploiting internet-exposed OT and SCADA systems in the government, energy, and water sectors. More info
Fancy Bear (APT28) Global Onslaught: The Russia-linked group continues to target NATO-aligned entities and European governments using zero-day exploits and customized malware frameworks. More info
STX RAT Hits Financial Sector: A new Remote Access Trojan is being distributed via phishing to facilitate system surveillance, keystroke logging, and credential theft within financial institutions. More info
Storm-2755 “Payroll Pirate” Attacks: Microsoft is tracking a group targeting Canadian employees by compromising payroll systems to redirect direct deposits via social engineering. More info
Forest Blizzard Targets SOHO Routers: Russian threat actors are exploiting SOHO routers to gain initial access and mask their movements when targeting larger government and corporate networks. More info
Bitter Group Linked to Hack-for-Hire: The Bitter threat group is reportedly operating a mercenary campaign targeting South Asian government and energy sectors. More info
📈 Trends
Google Chrome “Application Bound Encryption”: Chrome has introduced new protections to tie encryption keys to specific application identities, aiming to prevent infostealers from hijacking session cookies. More info
MFA Vulnerabilities Against Credential Theft: Security researchers warn that traditional MFA is increasingly bypassed by AiTM tactics and session cookie theft, necessitating a move toward phishing-resistant hardware keys. More info
Mallory Launches AI-Native Threat Intel Platform: A new platform aims to use machine learning to prioritize global threat telemetry and predict emerging attack patterns. More info
“Pixel Large SVG” Trick: Hackers are hiding credit card stealers within Scalable Vector Graphics (SVG) files to bypass security scanners on e-commerce sites. More info
Masjesu Botnet Evasion: The Masjesu botnet is expanding its reach by targeting IoT devices in consumer networks while intentionally avoiding high-profile IP ranges to stay under the radar. More info
💥 Breaches & Leaks
ChipSoft Healthcare Ransomware Attack: Dutch healthcare IT provider ChipSoft was hit by ransomware, forcing hospitals to manual processes and risking sensitive patient data. More info
Eurail Data Breach: Eurail confirmed a breach from December impacting 300,000 individuals, exposing names, contact details, and travel information. More info
Bitcoin Depot $36M Theft: Crypto ATM giant Bitcoin Depot reported a security breach where $36 million was stolen from corporate wallets, though customer funds remained safe. More info
Smart Slider Infrastructure Hijack: Attackers compromised the update mechanism for the Smart Slider plugin to push malicious versions of WordPress and Joomla. More info
📚 Others
BTS World Tour Phishing Scams: Kaspersky warns of fraudulent websites exploiting BTS fans to steal financial information through fake ticket and merchandise sales. More info
Microsoft Suspends Open-Source Dev Accounts: High-profile accounts were suspended over security concerns as Microsoft moves to protect the software supply chain from malicious injections. More info