# Archive
Browse past daily curated stories
Thursday, April 02, 2026
-
1The Record threat-intelWhatsApp warns users of fake app used to distribute spyware
WhatsApp warns that Italy's SIO spyware manufacturer created a fake iPhone app to distribute surveillance malware, with most targeted users located in Italy. The attack demonstrates how nation-state surveillance vendors are leveraging trusted messaging platforms to deliver spyware to mobile devices.
-
2BleepingComputer generalNew CrystalRAT malware adds RAT, stealer and prankware features
CrystalRAT malware-as-a-service is being promoted on Telegram, offering remote access trojans, data theft capabilities, keylogging, and clipboard hijacking features. The service represents the continued commoditization of advanced malware capabilities through messaging platforms accessible to lower-skilled threat actors.
-
3BleepingComputer generalApple expands iOS 18 updates to more iPhones to block DarkSword attacks
Apple expanded iOS 18 security updates to protect more iPhones against the actively exploited DarkSword exploit kit. The move addresses ongoing zero-day attacks targeting iOS devices and demonstrates Apple's response to persistent threat actor exploitation of mobile vulnerabilities.
-
4BleepingComputer generalHackers exploit TrueConf zero-day to push malicious software updates
Hackers exploited a zero-day vulnerability in TrueConf conference servers to execute arbitrary files on all connected endpoints through malicious software updates. The attack highlights supply chain risks in enterprise video conferencing infrastructure where server compromise can lead to widespread endpoint infection.
-
5The Record threat-intelCrypto platform Drift suspends services after millions stolen in security incident
Cryptocurrency platform Drift suspended operations after a cyberattack that security experts believe resulted in hundreds of millions of dollars in stolen digital assets. The incident represents one of the largest DeFi platform breaches, highlighting persistent security vulnerabilities in decentralized finance infrastructure.
-
6BleepingComputer generalNew EvilTokens service fuels Microsoft device code phishing attacks
EvilTokens, a new malicious kit, integrates device code phishing to hijack Microsoft accounts and enables advanced business email compromise attacks. The service automates OAuth device code abuse, allowing attackers to bypass traditional authentication controls and gain persistent access to corporate Microsoft environments.
-
7The Record threat-intelMercor confirms security incident tied to LiteLLM supply chain attack
Mercor confirmed a security incident linked to the LiteLLM supply chain attack, with Lapsus$ claiming to have obtained hundreds of gigabytes of company data. The breach demonstrates how supply chain compromises in AI/ML tooling can cascade to affect downstream enterprise customers and their sensitive data.
-
8The Record threat-intelNorth Dakota water treatment plant reports March ransomware attack
A water treatment plant in Minot, North Dakota was hit with ransomware in March 2026, though city officials report the facility continues operating normally. The attack on critical infrastructure highlights ongoing threats to municipal water systems and the potential for operational disruption in essential services.
-
9BleepingComputer general'NoVoice' Android malware on Google Play infected 2.3 million devices
NoVoice Android malware infected 2.3 million devices through 50+ malicious apps distributed on Google Play Store. The campaign demonstrates the continued effectiveness of trojanized applications in bypassing Google's security controls and achieving massive device compromise at scale.
-
10Schneier on Security threat-intelIs “Hackback” Official US Cybersecurity Strategy?
The 2026 US Cyber Strategy document includes language about "unleashing the private sector by creating incentives to identify and disrupt adversary networks," potentially signaling official support for private sector hackback operations. This represents a significant policy shift that could authorize companies to conduct offensive cyber operations against threat actors.