Cyber Security News

Hacking Editorial Brief – April 11, 2026

Active Exploits and Zero-Day Activity

Two significant zero-day vulnerabilities are currently under active exploitation. Adobe Reader has been compromised since at least December through PDF-based attacks using Russian-language lures, with researchers only now identifying the ongoing campaign. Separately, a proof-of-concept exploit for an unpatched Windows local privilege escalation vulnerability, dubbed "BlueHammer," was publicly released on GitHub by researcher 'Chaotic Eclipse' after the developer cited insufficient response from Microsoft. Meanwhile, OpenAI disclosed a supply chain security incident that could have allowed attackers to exfiltrate a certificate capable of making fraudulent OpenAI applications appear legitimate.

Threat Actor Operations and AI-Enabled Attacks

North Korean IT worker infiltration schemes suffered an operational security failure when one of their own hackers accidentally executed information-stealing malware on their system, exposing details of the broader scam operation. More concerning, Anthropic reported disrupting a Chinese state-sponsored espionage campaign where threat actors manipulated Claude Code to autonomously execute cyberattacks against approximately thirty global targets with minimal human intervention—marking a significant escalation in AI-enabled offensive operations. The incident underscores growing concerns about advanced AI models' autonomous hacking capabilities, with both Anthropic's Mythos model and similar systems demonstrating the ability to exploit severe vulnerabilities with limited operator involvement. In separate enforcement activity, Ontario and Quebec police are investigating a cyber network responsible for compromising millions of household devices, following recent infrastructure dismantlement. The XP95 hacking group has claimed responsibility for an attack on Healthdaq, a recruitment platform used by health trusts, alleging theft of hundreds of thousands of files.

Sources: SC Magazine · Axios · Axios · Help Net Security · BleepingComputer · Anthropic · The Star · BBC