Cyber Security News

Hacking Editorial Brief — April 18, 2026

Active exploitation of recently disclosed Windows vulnerabilities is underway following the public leak of zero-day exploits. Threat actors are leveraging three Windows flaws, including the BlueHammer and RedSun privilege escalation vulnerabilities targeting Windows Defender. A frustrated security researcher has now released a second Windows Defender zero-day exploit publicly, with threats to publish additional remote code execution exploits. Separately, a proof-of-concept exploit for CVE-2026-39808 in Fortinet's FortiSandbox has been released, enabling unauthenticated attackers to execute arbitrary OS commands with root privileges.

Law enforcement actions continue against cybercriminals linked to financially motivated hacking campaigns. A British national pleaded guilty in California federal court to conspiracy charges related to hacking at least a dozen companies and stealing over $8 million in virtual assets. The defendant is affiliated with Scattered Spider, a threat group that emerged from "The Com" — a cybercrime community composed primarily of Western adolescent hackers. In a separate case, Nicholas Moore received one year probation for hacking three U.S. government networks including the Supreme Court filing system using stolen credentials. Federal investigators are also warning of increased Gen Z recruitment into cybercrime operations through gaming platforms, which serve as initial contact points for threat actor talent acquisition.

Sources: Bleeping Computer · Cybernews · Cybersecurity News · Justice Department · GovInfoSecurity · TechCrunch · KATU