← Latest brief

Security news.

·Morning Brief

Today's threat landscape is dominated by active zero-day exploitation, state-sponsored APT activity targeting government entities, and critical supply chain vulnerabilities. A Microsoft Defender privilege escalation flaw (BlueHammer) is being actively exploited, while China-nexus threat actors are deploying sophisticated proxy networks and custom backdoors across multiple regions.

BLEEPINGZERO-DAY
Apr 23READ

CISA Orders Feds to Patch BlueHammer Zero-Day in Microsoft Defender

The privilege escalation flaw (CVE-2026-33825) allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges; CISA has added it to the Known Exploited Vulnerabilities catalog due to active exploitation.

BLEEPING
Apr 23READ

UK and Partners Warn of China-Nexus Hackers Using Proxy Networks to Evade Detection

The NCSC-UK and international partners issued a joint advisory detailing how Chinese state-backed threat actors are increasingly deploying large-scale proxy networks of hijacked consumer devices to mask malicious activity and bypass traditional defenses.

BLEEPINGNATION-STATE
Apr 23READ

New GopherWhisper APT Group Targets Government with Go-Based Backdoors

A previously undocumented state-backed threat actor is using custom Go-based toolkits and legitimate services (Microsoft 365 Outlook, Slack, Discord) for command-and-control in attacks against government entities, with 12 Mongolian government systems confirmed compromised.

BLEEPINGSUPPLY CHAIN
Apr 22READ

Self-Propagating npm Supply Chain Worm Steals Developer Tokens

A new worm dubbed CanisterSprawl is spreading through compromised npm packages using stolen developer credentials, automatically propagating to new packages and exfiltrating authentication tokens via an ICP canister.

BLEEPINGRCE
Apr 22READ

Mirai Campaign Actively Exploits D-Link Router RCE Flaw

A new Mirai-based botnet campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in end-of-life D-Link DIR-823X routers, to compromise devices at scale.

BLEEPINGRANSOMWARE
Apr 22READ

Kyber Ransomware Gang Deploys Post-Quantum Encryption

A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints with variants implementing Kyber1024 post-quantum encryption, signaling an evolution in ransomware sophistication.

DARK READING
Apr 23READ

Palo Alto's Zealot Demonstrates Autonomous AI Cloud Attacks Outpacing Human Defense

A multi-agent penetration testing proof-of-concept shows AI can autonomously execute reconnaissance, exploitation, and exfiltration against cloud systems faster than human defenders can respond.

THNBREACH
Apr 23READ

Vercel Discovers Additional Compromised Accounts in Context.ai-Linked Breach

Vercel has identified an expanded set of customer accounts compromised in a security incident that enabled unauthorized access to internal systems, following an expanded investigation into compromise indicators.

Generated twice daily from public security RSS feeds. Informational only.