OpenAI Revokes macOS Certificate, Adobe Fixes Zero-Day, CPUID Breach and RokRAT via Facebook

THN Daily Updates Webinar ➞ A New Perspective on DDoS Attacks in the Age of AI Explore how attackers leverage artificial intelligence to make DDoS attacks more efficient and effective--and how defenders can counter AI-driven threats with proactive testing, adaptive mitigation, and resilience strategies. Download Now Sponsored LATEST NEWS Apr 13, 2026 Your MTTD Looks Great. Your Post-Alert Gap Doesn't Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmorewarned ... Read More North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friend... Read More What Security Teams Must Know About Claude Mythos Anthropic's most capable AI autonomously hacked, escaped, and covered its tracks. Security teams, read this. Read More OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance ... Read More CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious exec... Read More Session Cookie Theft: You Showed Your ID at the Door. But Someone Else Has Your Room Key Stolen session cookies bypass MFA because tokens remain valid for hours or days, enabling silent account takeovers without triggering security alerts. Read More Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carrie... Read More Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance s... Read More Webinar ➞ A New Perspective on DDoS Attacks in the Age of AI Explore how attackers leverage artificial intelligence to make DDoS attacks more efficient and effective--and how defenders can counter AI-driven threats with proactive testing, adaptive mitigation, and resilience strategies. Download Now Sponsored This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi