ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
Ravie LakshmananApr 16, 2026Hacking News / Cybersecurity News
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers...
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
Ravie LakshmananApr 14, 2026Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence...
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user...
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
Ravie LakshmananApr 09, 2026Hacking News / Cybersecurity News
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't.
This one's got some range — old vulnerabilities getting new...
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
Ravie LakshmananApr 09, 2026Hacking News / Cybersecurity News
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't.
This one's got some range — old vulnerabilities getting new...
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
Ravie LakshmananApr 07, 2026Vulnerability / Threat Intelligence
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to...
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Ravie LakshmananApr 06, 2026Cybercrime / Financial Crime
Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with...
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Ravie LakshmananApr 06, 2026Ransomware / Endpoint Security
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised...
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East.
The activity, assessed to be ongoing,...
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
Ravie LakshmananApr 02, 2026Cybersecurity / Hacking News
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just...
