The Hacker News

Ukraine’s CERT-UA reports attacks on hospitals and government using AGINGFLY to steal browser and WhatsApp data. Phishing triggers LNK → HTA via mshta.exe, deploying RAVENSHELL for remote control, credential theft, and lateral movement. 🔗 Full attack chain and tools used → https://thehackernews.com/2026/04/uac-0247-targets-ukrainian-clinics-and.html

⚠️ Attackers are abusing automation tools as delivery infrastructure. Cisco Talos found #n8n webhooks used for phishing, malware, and tracking, leveraging trusted *.n8n.cloud domains to bypass filters. email link → CAPTCHA → silent download → RMM-based persistence. 🔗 Read → https://thehackernews.com/2026/04/n8n-webhooks-abused-since-october-2025.html

🤖 AI is now embedded across security teams. 100% of CISOs report active use. Agentic testing adds variability, so results change between runs and break repeatability. Hybrid models keep tests consistent while using AI to adapt. 🔗 Learn why hybrid AI models are replacing agentic security testing → https://thehackernews.com/2026/04/deterministic-agentic-ai-architecture.html

🚨 A critical nginx-ui flaw is now exploited in the wild. CVE-2026-33032 (9.8) allows auth bypass via the /mcp_message endpoint, letting attackers take full control of Nginx with two HTTP requests due to an “allow-all” default. 🔗 Details here → https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html

🛑 April Patch Tuesday spans SAP, Adobe, Microsoft, Fortinet—and core vendors like Apple, Google, Cisco, VMware, Palo Alto, AWS, and Linux. SAP (CVSS 9.9) enables SQL execution. Adobe Reader and SharePoint flaws are already exploited. 🔗 Read → https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html

⚡ Microsoft patched 169 vulnerabilities, including an actively exploited SharePoint zero-day. It lets attackers spoof trusted content. 93 flaws are privilege escalation, and a critical IKEv2 bug (CVSS 9.8) enables remote code execution with no user action. 🔗 Full Patch Tuesday risks and fixes → https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html

🔥 OpenAI launched GPT-5.4-Cyber, a model built for security teams to find and fix bugs faster. 3,000+ vulnerabilities already fixed using its Codex Security tools, with access expanding to thousands of defenders. But the same AI can be misused to find exploits. 🔗 Read → https://thehackernews.com/2026/04/openai-launches-gpt-54-cyber-with.html

⚠️ ALERT - Composer disclosed two command injection flaws (CVE-2026-40176 and CVE-2026-40261) with up to CVSS 8.8 severity. Malicious composer.json or crafted source refs can execute arbitrary commands—even without Perforce installed. Affects multiple 2.x versions; patches released and metadata disabled as a precaution. 🔗 Read → https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html

A new ad fraud campaign used AI-written news to enter Google Discover and trick users. Pushpaganda drove 240M ad requests in a week by forcing notification opt-ins, then pushing scam alerts and redirecting to ad sites. 🔗 Read → https://thehackernews.com/2026/04/ai-driven-pushpaganda-scam-exploits.html

⚡ U.K. moves to jail tech execs over failure to remove non-consensual intimate images. New bill amendments also criminalize incest porn and adults roleplaying as children, expanding platform liability. 🔗 What the law changes for platforms and execs → https://thehackernews.com/2026/04/weekly-recap-fiber-optic-spying-windows.html#:~:text=U.K.%20Government%20Threatens%20Tech%20Execs%20with%20Jail%20Time

2026 Gartner® Magic Quadrant™ for Third-Party Risk Management Tools for Assurance Leaders As organizations grow increasingly reliant on third parties and their technologies, the range of associated risks expands as well. Third-party risk is a slippery slope, which is why it’s even more important to have a trusted solution that best supports your team. ✨ Optro has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Third-Party Risk Management for Assurance Leaders! Download your complimentary copy for unbiased recommendations and in-depth analyses of TPRM software: https://thn.news/2026-tprm-magic-quadrant

🔥 Google put Rust in Pixel 10’s modem DNS parser, cutting off a major class of memory bugs. DNS powers core cellular functions, and unsafe parsing has enabled exploits like buffer overflows. This move reduces attack surface at one of the most exposed layers. 🔗 Read → https://thehackernews.com/2026/04/google-adds-rust-based-dns-parser-into.html