IT Security News Daily Summary 2026-04-09

181 posts were published in the last hour

• 21:32 : Is Your Liquibase Community Project Ready for the AI Era?
• 21:14 : Applying Oracle 19c Release Update (RU): A Practical Guide from My DBA Experience
• 21:13 : Eurail data breach impacted 308,777 people
• 20:33 : New Chaos Malware Variant Expands to Cloud Targets, Introduces Proxy Capability
• 20:5 : Next-generation firewall buyer’s guide for CISOs
• 20:5 : Malicious PDF reveals active Adobe Reader zero-day in the wild
• 20:5 : The agentic SOC—Rethinking SecOps for the next decade
• 20:5 : EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
• 19:32 : Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet
• 19:32 : Contact center monitoring best practices for CX leaders
• 19:32 : Mythos: Just One Piece of the Cybersecurity Puzzle
• 19:32 : [un]prompted 2026 – Zeal Of The Convert: Taming Shai-Hulud With AI
• 19:5 : $3.6 Million Crypto Heist Targets Bitcoin Depot
• 19:5 : IT Security News Hourly Summary 2026-04-09 21h : 7 posts
• 18:36 : Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)
• 18:36 : Protecting Cookies with Device Bound Session Credentials
• 18:36 : Crypto? Huh. Good gawd y’all, what is it good for? $45M in this case
• 18:11 : The threat hunter’s gambit
• 18:11 : Hacker stole £700,000 from UK energy company by redirecting payment
• 18:11 : CyberASAP Secures £10m Boost as UK’s Next Wave of Cyber Innovators Take Centre Stage
• 18:11 : Black Duck Names Dom Glavach as CISO to Bolster Supply Chain and AI Security Push
• 17:32 : Critical Fortinet FortiClient EMS Flaw Now Actively Exploited in Cyberattacks
• 17:32 : Infiniti Stealer Targets Mac Users with ClickFix Social Engineering Attack
• 17:32 : How Duck.ai Offer Better Privacy Compared to Commercial Chatbots
• 17:32 : Apple Reinforces Digital Privacy for Users Without Restricting Law Enforcement Oversight
• 17:16 : Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs
• 17:16 : ‘Several dozen’ high-value corporations hit by new extortion crew in helpdesk phishing spree
• 17:15 : UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
• 16:34 : New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts
• 16:34 : Aembit IAM for Agentic AI Is Now Generally Available
• 16:34 : The Web Is Full of Traps — and AI Agents Walk Right into Them
• 16:34 : OpenAI Readies Rollout of New Cyber Model as Industry Shifts to Defense
• 16:34 : Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
• 16:11 : GPL Odorizers GPL750
• 16:11 : Contemporary Controls BASC 20T
• 16:11 : React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff
• 16:11 : Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
• 16:11 : STX RAT Targets Finance Sector With Advanced Stealth Tactics
• 16:5 : IT Security News Hourly Summary 2026-04-09 18h : 16 posts
• 15:37 : Trenchant Exec Says He Had Depression, Money Troubles When He Decided to Sell Zero Days to Russian Buyer; Also, New Info Reveals Nature of His Work for Australian Intelligence Agency
• 15:37 : Tracking Dependencies Beyond the Build Stage
• 15:36 : Massive Data Breach Exposes 337K LAPD-Linked Records
• 15:36 : Adobe Acrobat Reader Zero Day Exploited in Active PDF Attacks
• 15:36 : Hacker stole £700,000 from U.K. energy company by redirecting payment
• 15:36 : New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection
• 15:36 : Hackers Use ClickFix and Malicious DMG Files to Deliver notnullOSX on macOS
• 15:36 : New ClickFix Campaign Uses macOS Script Editor to Deliver Atomic Stealer
• 15:36 : Chevin pulls the handbrake on FleetWave software after security scare
• 15:7 : Masjesu botnet targets IoT devices while evading high-profile networks
• 15:7 : Months-old Adobe Reader zero-day uses PDFs to size up targets
• 15:7 : The Most Important Cybersecurity Trends in 2026 So Far
• 15:7 : Trump’s Proposed $707 Million CISA Budget Cut a ‘Gift to Nation-State Actors’
• 15:7 : [un]prompted 2026 – Al Go Beep Boop!
• 15:7 : Claude Managed Agents bring execution and control to AI agent workflows
• 15:7 : NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat
• 14:32 : Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
• 14:32 : 113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
• 14:32 : Cyber Briefing: 2026.04.09
• 14:13 : How Microsegmentation Helps Governments Meet CJIS Compliance
• 14:13 : Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
• 14:13 : ClickFix, Malicious DMGs Push notnullOSX to macOS Users
• 14:13 : Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
• 14:12 : Apple Intelligence AI Guardrails Bypassed in New Attack
• 13:33 : Attackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload Abuse
• 13:33 : GrafanaGhost Flaw Allows Silent Data Exfiltration
• 13:33 : Scammers pose as Amazon support to steal your account
• 13:33 : Can we Trust AI? No – But Eventually We Must
• 13:33 : The EU AI Act Data Requirements Explained | Kovrr
• 13:33 : Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
• 13:33 : ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
• 13:6 : March 2026 Cyber Threat Landscape Shows No Relief as Ransomware Rebounds and GenAI Risks Intensify
• 13:6 : Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
• 13:5 : Turning Email Authentication into a Revenue Engine: Why Australian MSPs Can’t Afford to Ignore DMARC-as-a-Service
• 13:5 : Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
• 13:5 : Mallory brings contextual threat intelligence to security operations
• 13:5 : IT Security News Hourly Summary 2026-04-09 15h : 21 posts
• 12:33 : New Phishing Campaign Exploits Google Storage to Deliver Remcos RAT
• 12:32 : Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation Attacks
• 12:32 : GitLab Patches Multiple Vulnerabilities That Enables DoS and Code Injection Attacks
• 12:32 : CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks
• 12:32 : Hackers Impersonate Linux Foundation Leader in Slack to Target Open Source Developers
• 12:32 : Hackers Use Fake Security Software to Deliver LucidRook Malware in Taiwan Attacks
• 12:32 : Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
• 12:32 : Securing the AI Supply Chain: What are the Risks and Where to Start?
• 12:32 : Ransomware attack on ChipSoft
• 12:32 : Minnesota Activates Guard After Cyberattack
• 12:32 : OpenAI Plans Phased Model Rollout
• 12:32 : Iran-Linked Hackers Likely To Continue
• 12:32 : Microsoft Suspends Open-Source Accounts
• 12:12 : New macOS Malware notnullOSX Targets Crypto Wallets Over $10K
• 12:12 : Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
• 12:12 : The Identity Gap Blocking Agentic AI at Scale
• 12:12 : Acrobat Reader zero-day exploited in the wild for many months
• 12:11 : OPSWAT adds predictive AI engine to MetaDefender for pre-execution threat detection
• 12:11 : Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
• 12:11 : Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
• 12:11 : The Hidden Security Risks of Shadow AI in Enterprises
• 11:37 : STX RAT Hides Remote Desktop, Steals Data to Dodge Detection
• 11:37 : Technical Details Released for Critical Cisco SSM Command Execution Vulnerability
• 11:37 : ClickFix Campaign Abuses macOS Script Editor to Deploy Atomic Stealer
• 11:37 : Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
• 11:37 : NSFW app leak exposes 70,000 prompts linked to individual users
• 11:36 : Intruder expands cloud security with agentless container image scanning
• 11:36 : Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group
• 11:36 : Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
• 11:3 : On Microsoft’s Lousy Cloud Security
• 11:2 : The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
• 11:2 : CMMC Non-Compliance: Violations of FCA
• 11:2 : They’re Here! Is Your Mainframe Ready for Cyberthreats From Outer Space?
• 10:36 : Politicians Are Spending More Money on Security as They Increasingly Become Targets
• 10:36 : 30,000 private Facebook images allegedly downloaded by Meta employee
• 10:36 : Human Risk in Geopolitical Conflict: Iran War Lessons
• 10:36 : Advenica’s File Scanner Kiosk scans USB media for malware
• 10:36 : Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
• 10:13 : From the field to the report and back again: How incident responders can use the Year in Review
• 10:13 : Microsoft Details How Defender Protects High-Value Assets in Real-World Attacks
• 10:13 : The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
• 10:13 : Certes launches v7 platform with quantum-safe encryption across hybrid cloud and edge environments
• 10:13 : Hackers Claim to Have Stolen 10 Petabytes of Data from China’s Tianjin Supercomputer Center
• 10:13 : This fake Windows support website delivers password-stealing malware
• 10:13 : Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
• 10:5 : IT Security News Hourly Summary 2026-04-09 12h : 11 posts
• 9:34 : Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks
• 9:34 : The long road to your crypto: ClipBanker and its marathon infection chain
• 9:34 : Keeper Security Expands PAM Browser Isolation to Support Advanced Web Browsing Workflows
• 9:34 : Quantum-Safe Email: S/MIME and Post-Quantum Email Security
• 9:34 : WhatsApp brings long-awaited privacy feature to filter who can reach you
• 9:34 : Google Warns of New Threat Group Targeting BPOs and Helpdesks
• 9:7 : China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
• 9:7 : Security Awareness: Why employees are essential for IT security
• 9:7 : MIWIC26: Funke Omolere, Senior Technology Compliance Product Owner at Adobe
• 9:7 : Adobe Reader Zero-Day Exploited for Months: Researcher
• 9:7 : Meta’s Muse Spark takes AI a step closer to personal superintelligence
• 8:34 : CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
• 8:34 : New Silver Fox Campaign Hides ValleyRAT Inside Fake Telegram Chinese Language Pack Installer
• 8:34 : Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code
• 8:34 : New RoningLoader Campaign Uses DLL Side-Loading and Code Injection to Evade Detection
• 8:34 : Microsoft Suspends Developer Accounts of High-Profile Open-Source Projects
• 8:34 : 300,000 People Impacted by Eurail Data Breach
• 8:34 : Your MCP Server Is a Resource Server Now. Act Like It.
• 8:5 : Sticky-note security turned gym into hall of ’80s horrors
• 8:5 : Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
• 7:32 : Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
• 7:32 : ChipSoft popped, APT28 updates, CIA cyber espionage elevation
• 7:7 : Highland Cows Moved After Viral TikTok Posts
• 7:7 : Critical Chrome Flaws Let Attackers Execute Arbitrary Code
• 7:7 : RoningLoader Campaign Uses DLL Side-Loading, Code Injection to Slip Past Defenses
• 7:7 : Cryptographers place $5,000 bet whether quantum will matter
• 7:7 : Hackers Abuse Legitimate Meta Business Manager Notifications to Deliver Phishing Emails
• 7:7 : $3.6 Million Stolen in Bitcoin Depot Hack
• 7:5 : IT Security News Hourly Summary 2026-04-09 09h : 3 posts
• 6:5 : Palo Alto Cortex XSOAR Flaw in Microsoft Teams Integration Lets Attackers Access Data
• 6:5 : Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks
• 6:5 : Silver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language Pack
• 5:32 : GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection
• 5:32 : AI agent intent is a starting point, not a security strategy
• 5:3 : Microsoft Confirms Windows 11 Update Breaks Start Menu Search
• 5:2 : Meta Business Alerts Abused for Phishing Campaigns
• 5:2 : Asqav: Open-source SDK for AI agent governance
• 5:2 : Fortinet EMS Zero-Day, Anthropic’s AI Finds Thousands of Bugs, Iranian Hackers Target US ICS
• 4:34 : Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure
• 4:11 : Prompt injection tags along as GenAI enters daily government use
• 4:5 : IT Security News Hourly Summary 2026-04-09 06h : 2 posts
• 3:9 : Critical Vulnerability in Ninja Forms Exposes WordPress Sites
• 3:9 : Google API Keys Quietly Gain Access to Gemini on Android Devices
• 2:9 : ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
• 1:34 : Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
• 1:7 : Number Usage in Passwords: Take Two, (Thu, Apr 9th)
• 1:5 : IT Security News Hourly Summary 2026-04-09 03h : 3 posts
• 0:34 : Stateless Hash-Based Signatures for AI Model Weight Integrity
• 0:11 : Enterprise Java Applications: A Practical Guide to Securing Enterprise Applications with a Risk-Driven Architecture
• 0:11 : GDPR Compliance and Data Deletion in Software Systems
• 22:36 : The 2026 Digital Omnibus
• 22:12 : Cracks in the Bedrock: Agent God Mode
• 22:12 : WireGuard VPN developer can’t ship software updates after Microsoft locks account
• 22:12 : U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
• 22:12 : How do Agentic AIs deliver value to enterprises
• 22:12 : What security innovations do NHIs herald
• 22:11 : How certain can we be of NHI reliability
• 22:5 : IT Security News Hourly Summary 2026-04-09 00h : 5 posts
• 21:55 : IT Security News Daily Summary 2026-04-08