Krebs on Security: Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution. READ MORE...
McGraw-Hill confirms data breach following extortion threat
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. The company assured that the breach did not affect its Salesforce accounts, customer databases, or internal systems, and that the amount of exposed data is limited and non-sensitive. McGraw-Hill further states that its investigation revealed that the exposed information does not contain PII from its educational platforms. READ MORE...
Crypto-exchange Kraken extorted by hackers after insider breach
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. The company's Chief Security Officer, Nick Percoco, stated that the incident did not put client funds at risk and involved an insider threat, with two instances of improper access to limited customer data by support employees. READ MORE...
Black Basta's playbook lives on as former affiliates launch fast-scale intrusion campaign
A small group of former Black Basta affiliates have targeted more than 100 employees across dozens of organizations to intrude network systems for potential data theft, ransomware deployment and extortion, according to ReliaQuest. The social engineering campaign, which involves mass email bombing and Microsoft Teams help desk impersonation, surged last month and dates back to at least May 2025, ReliaQuest said in a report Tuesday. READ MORE...
Brute-force cyberattacks originating in Middle East surge in Q1
A surge of brute force authentication attacks targeted network devices during the first quarter of 2026, with the vast majority of threat activity coming from the Middle East, according to a report released Tuesday by Barracuda. Almost 90% of the brute-force attacks originated from various Middle East locations, and the leading targets were SonicWall and Fortinet FortiGate devices, according to Barracuda researchers. READ MORE...
Fortinet Patches Critical FortiSandbox Vulnerabilities
Fortinet on Tuesday released 26 advisories detailing 27 vulnerabilities across its products, including two critical-severity flaws in FortiSandbox. Tracked as CVE-2026-39813, the first of the critical bugs impacts the FortiSandbox JRPC API and could allow attackers to bypass authentication. The second one, tracked as CVE-2026-39808, is an OS command injection issue that can be exploited for arbitrary code or command execution. READ MORE...
Adobe Patches 55 Vulnerabilities Across 11 Products
Adobe's latest Patch Tuesday updates fix 55 vulnerabilities across 11 of the company's products. Nearly all of the 11 new advisories have a priority rating of 3, which indicates that the software giant does not expect them to be exploited in attacks. However, an advisory describing five critical ColdFusion vulnerabilities has a priority rating of 1, indicating that companies should prioritize patching because the product has historically been targeted by threat actors. READ MORE...
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
We've uncovered multiple campaigns distributing an infostealer we track as NWHStealer, using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn't just the malware, but how widely and convincingly it's being spread. Once installed, it can collect browser data, saved passwords, and cryptocurrency wallet information, which attackers may use to access accounts, steal funds, or carry out further attacks. READ MORE...
War Game Exercise Demonstrates How Social Media Manipulation Works
The 1983 film "WarGames" demonstrated how a teenage hacker could bring the world to the brink of nuclear war by thinking he was playing a game while actually manipulating military systems in real time. These days, however, manipulation of world events via malicious activity is often a game of technology-driven online influence rather than actual physical weapons, though the stakes can be equally as high. READ MORE...
Testing reveals Claude Mythos's offensive capabilities and limits
Could Claude Mythos Preview, Anthropic's latest large language model, be leveraged for fully automated cyber attacks? The UK government's AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that while its cybersecurity capabilities exceed those of previously available models, it can't reliably execute autonomous attacks on hardened networks. READ MORE...
Ancient Excel bug comes out of retirement for active attacks
While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit. CISA confirmed shortly after Microsoft rolled out 165 patches on April 14 that CVE-2009-0238 (9.3), first published on February 24, 2009, was being abused in active attacks. It added the bug to its Known Exploited Vulnerability (KEV) catalog and set a two-week deadline for federal agencies to patch. READ MORE...
Agents hooked into GitHub can steal creds - but Anthropic, Google, and Microsoft haven't warned users
Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn't disclose the problem. The researchers targeted Anthropic's Claude Code Security Review, Google's Gemini CLI Action, and Microsoft's GitHub Copilot, then disclosed the flaws and received bug bounties from all three. READ MORE...
- ...in 1452, Italian painter, sculptor, and architect Leonardo da Vinci is born in Florence.
- ...in 1865, at 7:22 a.m., Abraham Lincoln, the 16th president of the United States, dies from a bullet wound inflicted the night before by John Wilkes Booth.
- ...in 1912, the British ocean liner Titanic sinks into the North Atlantic Ocean about 400 miles south of Newfoundland, Canada.
- ...in 1947, Jackie Robinson, age 28, becomes the first African American player in Major League Baseball.
