ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories 6:08 PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

A new peer-to-peer botnet using hybrid architecture is targeting systems with sophisticated evasion tactics. It's important to stay informed and secure as cyber threats evolve. #CyberThreats

Smart Slider updates hijacked to push malicious WordPress, Joomla versions Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors.

Smart Slider hijack spreads malicious plugins in WordPress/Joomla through compromised updates, posing a risk to site security. Stay informed about these threats to safeguard your online assets. #Cybersecurity

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) 46% of identity activity sits outside IAM visibility, enabling hidden risk and privilege gaps across enterprise systems.

Explore how reducing your IAM (Identity and Access Management) attack surface can boost cybersecurity. Discover strategies to limit risks by managing identities effectively. #CyberSecuritySimplified

13-year-old bug in ActiveMQ lets hackers remotely execute commands Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands.

A 13-year-old flaw in Apache ActiveMQ lets hackers run commands remotely, posing a security risk. This highlights the importance of regularly updating systems to prevent vulnerabilities. #CyberSecurityRisk

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

Over 1,000 ComfyUI instances are exposed, making them vulnerable to attacks. This can lead to unauthorized control and data theft. Understanding the exposure helps in securing systems effectively. #CyberSecurityAwareness

Max severity Flowise RCE vulnerability now exploited in attacks Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.

A severe vulnerability in Flowise is being exploited in attacks. The flaw allows remote code execution by attackers, raising significant security concerns. Stay informed to protect systems. #CybersecurityAlert

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps ANY.RUN cuts MTTR by 21 minutes per case, reducing escalations and breach exposure in multi-OS attacks.

Discover how multi-OS cyberattacks challenge security teams and how SOCs are evolving to handle them efficiently. Understand key strategies to safeguard diverse systems. #CyberDefense

Microsoft removes Support and Recovery Assistant from Windows Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10.

Microsoft has removed the Support and Recovery Assistant from Windows. This tool was used to fix various issues in Microsoft 365 apps. Its functions will be integrated into newer troubleshooting tools. #MicrosoftUpdates

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply chains.

UNC1069, a threat group, uses social engineering to target Axios, exploiting human trust to breach security. This emphasizes the need for vigilance and robust security measures against such tactics. #CybersecurityAwareness

Hims & Hers warns of data breach after Zendesk support ticket breach Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform.

Hims & Hers experienced a data breach via Zendesk support tickets, risking customer info. They’ve acted to secure data, but stay cautious with affected accounts. Security is crucial as cyber threats persist. #DataBreachAlert

Friday Wrap Up: 3 April 2026 This week in cybersecurity was a masterclass in how fast things can go sideways.

Ransomware in under an hour. AI code leaked. Chrome zero-day patched. Cisco, F5, Fortinet all hit. Another wild week in cyber. 🔐 #FWU #fridaywrapup

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories Cybersecurity roundup: ShareFile RCE, Android rootkit, ImageMagick 0-days, XLoader, phishing, and supply chain threats.

Pre-auth vulnerabilities allow attacks without user input, posing major security risks. Protecting systems requires constant updates and careful security auditing. Stay informed to defend against evolving threats. #CyberSecurityAlert

Residential proxies evaded IP reputation checks in 78% of 4B sessions Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users.

Residential proxies bypassed IP reputation checks in most online sessions. This shows how cybercriminals use legitimate IPs for attacks, highlighting risks and the need for better security. #CybersecurityChallenges

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass WhatsApp VBS campaign began February 2026, abusing AWS and UAC bypass to gain persistent remote access.

Microsoft warns about a phishing scam using WhatsApp to spread dangerous malware. Users should be cautious of suspicious messages, especially those with links or attachments. #CybersecurityAlert

Routine Access Is Powering Modern Intrusions, a New Threat Report Finds Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most...

Routine access to systems is aiding modern intrusions, a new report highlights. Regular access privileges are exploited by attackers, increasing security risks. Enhancing privilege management can lower these threats. #CyberSecurityRisks

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts Unit 42 found excessive P4SA permissions in Vertex AI, enabling credential theft and cloud data exposure, increasing breach risk.

Vertex AI vulnerability left Google system open to unauthorized model access, raising security concerns. This highlights the importance of securing AI models against such risks. Dive deeper into how this impacts security standards. #CybersecurityInsights

Cisco source code stolen in Trivy-linked dev environment breach Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to...

Cisco's source code was stolen by hackers via a Trivy-linked Dev environment breach. This incident showcases the importance of securing development pipelines to prevent unauthorized access. #CyberSecurityIncident

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.

Explore telecom threats, sleeper cell cyber risks, and Large Language Model vulnerabilities in this week's cybersecurity insights. Discover potential impacts and mitigation strategies to stay informed and secure. #CyberSafety2026

Apple adds macOS Terminal warning to block ClickFix attacks Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks.

Apple is enhancing MacOS security by adding terminal warnings to thwart ClickFix attacks. This protective measure alerts users to potential malicious command executions. It's an essential update for safer device use. #MacOSSecurity

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

A bug in Open VSX left VS Code users exposed to malicious extensions, posing significant security risks. Prompt measures are essential to safeguard the ecosystem from future vulnerabilities. #CyberSafety

Fake VS Code alerts on GitHub spread malware to developers A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware.

Recently, fake Visual Studio Code alerts on GitHub have been spreading malware. Developers installing these fake extensions may unknowingly infect their systems. Be cautious when downloading plugins from untrusted sources. #CyberSafety

Friday Wrap Up: 27 March 2026 This week: a pro-Iranian group hacked the FBI Director's personal email.

FBI Director's inbox hacked, North Korean devs in your org, and TeamPCP backdooring PyPI again. Happy Friday — go patch something. 🔐 #FWU #fridaywrapup

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks Validate your security posture with real attacker behavior using continuous, CTI-driven testing to uncover gaps and prove defenses work.

Dive into a practical approach to cybersecurity; move from guessing to verifying threats effectively. Enhance your skills and defend systems with greater confidence. #CyberSecurityTraining

UK sanctions Xinbi marketplace linked to Asian scam centers The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet...

The UK sanctions Xinbi marketplace for ties to Asian scam centers, disrupting global cybercrime. Xinbi enabled scammers, posing threats to various sectors. The move aims to curb cross-border financial fraud. #CyberSecurityNews

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting developers.

Glassworm malware hides in Solana's dead address, exploiting blockchain's transparency for attacks. It raises cybersecurity concerns by targeting crypto wallets. Stay aware of evolving threats in the crypto space. #GlasswormMalware

Citrix urges admins to patch NetScaler flaws as soon as possible Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years.

Citrix has alerted admins about critical vulnerabilities in NetScaler. Immediate patching is urged to prevent potential exploitation that could lead to unauthorized access or data breaches. #NetScalerSecurity

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials 7 malicious npm packages steal crypto wallets by phishing sudo passwords via fake installs, leading to RAT deployment and credential exfiltration.

A "Ghost" campaign used 7 npm packages to target developers, deploying malware for data theft. Awareness of supply chain risks in open-source ecosystems is vital. #CyberSecurityAlert

Firefox now has a free built-in VPN with 50GB monthly data limit Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic.

Mozilla's Firefox now offers a free built-in VPN with a 50GB monthly data cap, enhancing online security by encrypting your data and masking your IP address. This addition makes privacy more accessible for all users. #OnlinePrivacy

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical CVEs to patch.

Discover the latest in cybersecurity: CI/CD pipeline backdoor threats, FBI's biometric data practices, and global hacking trends. Stay informed on risks in our tech-driven world. #CyberAwareness

Trivy supply-chain attack spreads to Docker, GitHub repos The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company's GitHub organization to tamper with dozens of repositories.

A recent supply chain attack affects Docker and GitHub, exploiting Trivy vulnerabilities to spread malicious code. This highlights crucial security risks in popular repositories. Addressing cybersecurity gaps is essential to protect the software supply chain. #CybersecurityAlert