Today, 153 things to read .

affectedOAuth at scale Widespread OAuth interconnectedness isn't just an AI app problemsocialX 0% · Reddit 0% · GitHub 100%

Learning from the Vercel breach: Shadow AI & OAuth sprawl

Most organizations are rightly nervous about employees adopting unapproved AI tools.

affectedGitHub fixes RCE flaw that gave access to millions of private repossocialX 77% · Reddit 0% · GitHub 23%

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability ( CVE-2026-3854 ) that could have allowed attackers to access millions of private repositories.

affectedzero-day attackssocialX 91% · Reddit 0% · GitHub 9%

CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.

affectedMicrosoft says backend change broke Teams Free chat and callssocialX 0% · Reddit 0% · GitHub 100%

Microsoft says backend change broke Teams Free chat and calls

Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others.

affectedBroken VECT 2.0 ransomware acts as a data wiper for large filessocialX 64% · Reddit 0% · GitHub 36%

Broken VECT 2.0 ransomware acts as a data wiper for large files

Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them.

affectedHackers are exploiting a critical LiteLLM pre-auth SQLi flawsocialX 93% · Reddit 0% · GitHub 7%

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208.

affectedVimeo user and customer datasocialX 0% · Reddit 0% · GitHub 100%

Video service Vimeo confirms Anodot breach exposed user data

Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company.

affectedThe Mythos MomentsocialX 17% · Reddit 0% · GitHub 83%

The Mythos Moment: Enterprises Must Fight Agents with Agents

Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era.

affectedFinland earlier this month faces federal charges in the UsocialX 64% · Reddit 0% · GitHub 36%

US reportedly charges Scattered Spider hacker arrested in Finland

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective.

affectedWebinar TodaysocialX 1% · Reddit 0% · GitHub 99%

Webinar Today: A Step-by-Step Approach to AI Governance

Join the webinar to explore a practical, multi-layered roadmap to transition from fragmented AI usage to a governed, scalable ecosystem.

affectedindividuals will be notified immediatelysocialX 83% · Reddit 0% · GitHub 17%

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository.

mediumemailexploited in the wild

Robinhood Vulnerability Exploited for Phishing Attacks

Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites.

affectedits account creation process to send out legitimate-looking phishing emailssocialX 31% · Reddit 0% · GitHub 69%

affectedVECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXisocialX 80% · Reddit 0% · GitHub 20%

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedAlleged Chinese State Hacker Extradited to USsocialX 4% · Reddit 0% · GitHub 96%

Alleged Chinese State Hacker Extradited to US

A member of Silk Typhoon, Xu Zewei is accused of launching cyberattacks against universities in the US.

affectedExchange Online starting in July 2026socialX 0% · Reddit 0% · GitHub 100%

Microsoft to deprecate legacy TLS in Exchange Online starting July

Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026.

affectedInside an OPSEC PlaybooksocialX 58% · Reddit 0% · GitHub 42%

Inside an OPSEC Playbook: How Threat Actors Evade Detection

When cybercrime operations are disrupted, the cause is typically not due to sophisticated detection, but rather basic operational mistakes such as identity reuse, weak infrastructure separation, or overlooked metadata.

affectedDozens of Open VSX Extension Clones Linked to GlassWorm MalwaresocialX 0% · Reddit 0% · GitHub 100%

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 cloned Open VSX extensions are likely sleeper extensions designed to distribute malware.

affectedsmaller than optimum security teamssocialX 75% · Reddit 0% · GitHub 25%

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable

Agentic AI can be expensive to use, causing further and unpredictable pressure on tight budgets.

affectedNSA GRASSMARLINsocialX 19% · Reddit 0% · GitHub 81%

NSA GRASSMARLIN

Apr 23, 2026 ICS Advisory | ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW)

affectedCISA Adds Two Known Exploited Vulnerabilities to CatalogsocialX 19% · Reddit 0% · GitHub 81%

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

affectedWhy Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks AboutsocialX 0% · Reddit 0% · GitHub 100%

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedElectric Motorcycles and Scooters Face Hacking Risks to Security and Rider SafetysocialX 7% · Reddit 0% · GitHub 93%

Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety

Vulnerabilities in Zero Motorcycles electric motorcycles and Yadea electric scooters can pose physical security and safety risks.

affectedservice to elevate privileges to SystemsocialX 50% · Reddit 0% · GitHub 50%

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System.

affectedCritical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCEsocialX 3% · Reddit 0% · GitHub 97%

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedFebruary 2022socialX 26% · Reddit 0% · GitHub 74%

Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials

Federal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts.

affectedAfter MythossocialX 60% · Reddit 0% · GitHub 40%

After Mythos: New Playbooks For a Zero-Window Era

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedMicrosoftsocialX 0% · Reddit 0% · GitHub 100%

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files.

affectedusers were also being signed out of their accounts and seeing "too many requests' errorssocialX 2% · Reddit 0% · GitHub 98%

Microsoft asks iPhone users to reauthenticate after Outlook outage

After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via t

affectedaccelerating its engineering and go-to-market effortssocialX 1% · Reddit 0% · GitHub 99%

Spectrum Security Emerges From Stealth Mode With $19 Million

The threat detection startup will invest in accelerating its engineering and go-to-market efforts. Threat detection startup Spectrum Security has emerged from stealth mode with $19 million in seed funding.

affectedChinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research CyberattackssocialX 28% · Reddit 0% · GitHub 72%

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedMicrosoft Patches Entra ID Role Flaw That Enabled Service Principal TakeoversocialX 7% · Reddit 0% · GitHub 93%

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedby the incidentsocialX 50% · Reddit 0% · GitHub 50%

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

The ShinyHunters cybercrime group claimed to have stolen 9 million records containing personal information from Medtronic.

affectedMicrosoftsocialX 91% · Reddit 0% · GitHub 9%CVE-2026-32202

mediumexploitation

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedRobinhood account creation flaw abused to send phishing emailssocialX 33% · Reddit 0% · GitHub 67%

Robinhood account creation flaw abused to send phishing emails

Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity.

affectedGlassWorm malware attacks return via 73 OpenVSX "sleeper" extensionssocialX 7% · Reddit 0% · GitHub 93%

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update.

affectedbe within rangesocialX 19% · Reddit 0% · GitHub 81%

Canada arrests three for operating “SMS blaster” device in Toronto

Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts to nearby phones.

affectedAlleged Silk Typhoon hacker extradited to US for cyberespionagesocial464 · flat

Alleged Silk Typhoon hacker extradited to US for cyberespionage

A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges.

affectedFTCsocial413 · up

FTC: Americans lost over $2.1 billion to social media scams in 2025

The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in 2025.

affectedPyPI package with 1.1M monthly downloads hacked to push infostealersocial446 · up

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.

affectedHome security giant ADT data breach affects 5.5 million peoplesocial464 · up

Home security giant ADT data breach affects 5.5 million people

The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have

affectedCheckmarxsocial382 · up

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affected“certain corporate IT systemssocial439 · up

Medtronic confirms breach after hackers claim 9 million records theft

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT systems.

affected⚡ Weekly Recapsocial335 · up

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedattacks against Ukraine and EU countriessocial242 · flat

Incomplete Windows Patch Opens Door to Zero-Click Attacks

The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries.

affectedprison for laundering funds stolen in a massive $230 million cryptocurrency heistsocial195 · flat

mediumexploitation

Money launderer linked to $230M crypto heist gets 70 months in prison

22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist.

affectedorganization’social208 · up

Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know

By Brian Long, CEO and Co-founder, Adaptive Security In March 2025, a finance director at a multinational firm in Singapore joined what appeared to be a routine Zoom call with her senior leadership t

affectedcertificate principals to be interpreted as list separatorssocial367 · up

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators.

affectedMalicious AI Prompt Injection Attacks Increasing, but Sophistication Still Lowsocial432 · flat

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified.

affectedusers reporting login problems and connection issuessocial365 · up

Microsoft says Outlook.com outage is causing sign‑in failures

Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing their mailboxes.

affectedMythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Sidesocial304 · flat

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedPhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networkssocial468 · up

mediumexploitation

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedResearchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malwaresocial362 · flat

mediumconsumer-security

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affected100 countriessocial390 · up

Energy and Water Management Firm Itron Hacked

Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13.

affected– for persistent accesssocial391 · up

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.

affectedinclude Ubuntu Desktop 18social431 · up

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages.

affectedUS Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senatorsocial247 · up

US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator

US conducts sweeping crackdown on Southeast Asian cyberscam operations as part of what officials say is a “new theater of war”. U.S.

affectedPrivate Browsing modesocial388 · flat

Firefox Vulnerability Allows Tor User Fingerprinting

The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10.

affectedFake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraudsocial351 · flat

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

Apr 264d ago

affectedAmerican utility firm Itron discloses breach of internal IT networksocial410 · up

American utility firm Itron discloses breach of internal IT network

Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack.

affectedMicrosoft rolls out revamped Windows Insider Programsocial320 · up

Microsoft rolls out revamped Windows Insider Program

Microsoft says it's rolling out a revamped Windows Insider Program experience as part of the broader plans to address reliability concerns in Windows 11.

affectedThreat actor uses Microsoft Teams to deploy new “Snow” malwaresocial303 · flat

Threat actor uses Microsoft Teams to deploy new “Snow” malware

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler, and a backdoor.

affectedResearchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Softwaresocial421 · up

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

mediumcloudexploited in the wild

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadlinesocial327 · flat

affectedADTsocial333 · up

ADT confirms data breach after ShinyHunters leak threat

Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid.

affectedFirestarter malware survives Cisco firewall updates, security patchessocial617 · flat

Firestarter malware survives Cisco firewall updates, security patches

Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower

affectedWindows Updatesocial704 · up

Windows Update gets new controls to reduce forced restarts

Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent or poorly timed restarts.

affectedNew BlackFile extortion group linked to surge of vishing attackssocial437 · flat

New BlackFile extortion group linked to surge of vishing attacks

A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026.

affectedMicrosoft to roll out Entra passkeys on Windows in late Aprilsocial353 · down

Microsoft to roll out Entra passkeys on Windows in late April

Microsoft will roll out passkey support for phishing-resistant passwordless authentication to Microsoft Entra‑protected resources from Windows devices starting late April.

affectedNew ‘Pack2TheRoot’ flaw gives hackers root Linux accesssocial714 · up

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions.

affectedDORA and operational resiliencesocial332 · flat

DORA and operational resilience: Credential management as a financial risk control

Author: Eirik Salmi, System Analyst at Passwork When a threat actor walks into your network using a legitimate username and password, which control stops them?

affectedUkrainian government entities starting in Januarysocial728 · up

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver.

affectedCISA Adds Four Known Exploited Vulnerabilities to Catalogsocial487 · up

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

affectedMicrosoft now lets admins uninstall Copilot on enterprise devicessocial220 · flat

Microsoft now lets admins uninstall Copilot on enterprise devices

Microsoft says IT administrators can now uninstall the AI-powered Copilot digital assistant from enterprise devices using a new policy setting, which has become broadly available after the April 2026 Patch Tuesday.

affectedHackers exploit file upload bug in Breeze Cache WordPress pluginsocial690 · up

Hackers exploit file upload bug in Breeze Cache WordPress plugin

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication.

affectedBitwarden CLI npm package compromised to steal developer credentialssocial306 · flat

Bitwarden CLI npm package compromised to steal developer credentials

Updated with further information from Bitwarden. The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of s

affectedTrigona ransomware attacks use custom exfiltration tool to steal datasocial373 · up

Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently.

affectedNew Checkmarx supply-chain breach affects KICS analysis toolsocial346 · up

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments.

affectedCosmetics giant Rituals discloses data breach affecting customerssocial313 · up

Cosmetics giant Rituals discloses data breach affecting customers

Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database.

affecteddaily lossessocial558 · up

Regular Password Resets Aren’t as Safe as You Think

Research from Forrester estimates that every password reset costs around $70. As one of the most common helpdesk requests, many organizations have introduced self-service password reset (SSPR) tools to reduce the load.

affectedusers that restarting the Teams client might help them work around itsocial333 · down

Microsoft: Some Teams users can’t join meetings after Edge update

Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining Teams meetings.

affectedUK warns of Chinese hackers using proxy networks to evade detectionsocial354 · flat

UK warns of Chinese hackers using proxy networks to evade detection

The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer devices to evade det

affectedNew GopherWhisper APT group abuses Outlook, Slack, Discord for commssocial270 · up

New GopherWhisper APT group abuses Outlook, Slack, Discord for comms

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government ent

affectedDefending Against China-Nexus Covert Networks of Compromised Devicessocial253 · flat

Defending Against China-Nexus Covert Networks of Compromised Devices

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

affectedCarlson Software VASCO-B GNSS Receiversocial215 · up

Carlson Software VASCO-B GNSS Receiver

Apr 23, 2026 ICS Advisory | ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW)

affectedHangzhou Xiongmai Technology Co., Ltd XM530 IP Camerasocial286 · flat

Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

Apr 23, 2026 ICS Advisory | ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW)

affectedCISA Adds One Known Exploited Vulnerability to Catalogsocial483 · up

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

affectedthis report is relevant for both Cisco Firepower and Secure Firewall devicessocial257 · up

FIRESTARTER Backdoor

The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained from a forensic investigation.

affectedYadea T5 Electric Bicyclesocial236 · flat

Yadea T5 Electric Bicycle

Apr 23, 2026 ICS Advisory | ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW)

affectedMilesight Camerassocial195 · flat

Milesight Cameras

Apr 23, 2026 ICS Advisory | ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW)

affectedIntrado 911 Emergency Gateway (EGW)social333 · down

Intrado 911 Emergency Gateway (EGW)

Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

affectedSpiceJet Online Booking Systemsocial299 · flat

SpiceJet Online Booking System

Apr 23, 2026 ICS Advisory | ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW)

affectedzero-day attackssocial566 · flat

CISA orders feds to patch BlueHammer flaw exploited as zero-day

CISA has given U.S. government agencies two weeks to secure their Windows systems against a Microsoft Defender privilege escalation vulnerability that has been exploited in zero-day attacks.

affectedstored on the devicesocial568 · up

Apple fixes bug that let the FBI recover deleted Signal messages

Article updated with statement from Signal thanking Apple for addressing the vulnerability .

affectedNew Mirai campaign exploits RCE flaw in EoL D-Link routerssocial462 · up

New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet.

affectedKyber ransomware gang toys with post-quantum encryption on Windowssocial381 · up

Kyber ransomware gang toys with post-quantum encryption on Windows

A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption.

affecteddismantles major $4social360 · up

Spain dismantles major $4.7M manga piracy platform, arrests four

The Spanish police have dismantled what they claim is the largest Spanish-language manga piracy platform, operating since 2014 and serving millions of monthly users worldwide.

affectedInside Caller-as-a-Service Fraudsocial406 · up

Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process

Fraudulent phone calls have become a daily reality for millions of people worldwide.

affectedNew npm supply-chain attack self-spreads to steal auth tokenssocial308 · up

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

affectedMicrosoft Teams to get efficiency mode on PCs with limited resourcessocial206 · flat

Microsoft Teams to get efficiency mode on PCs with limited resources

Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness.

affectedCISA Adds One Known Exploited Vulnerability to Catalogsocial483 · up

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

affectedMicrosoft traces Universal Print issues to Graph API code changesocial316 · flat

mediumcloud

Microsoft traces Universal Print issues to Graph API code change

Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change.

affectedNew GoGra malware for Linux uses Microsoft Graph API for commssocial384 · flat

New GoGra malware for Linux uses Microsoft Graph API for comms

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery.

affecteddevices by forging authentication cookiessocial510 · up

Microsoft releases emergency patches for critical ASP.NET flaw

Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.

affectedOver 1,300 Microsoft SharePoint servers vulnerable to spoofing attackssocial573 · flat

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks

Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks.

affectedFrench govt agencysocial414 · up

French govt agency confirms breach as hacker offers to sell data

France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data.

affectedattacks against energy and utilities organizations in Venezuelasocial369 · flat

New Lotus data wiper used against Venezuelan energy, utility firms

A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela.

affected‘Scattered Spider’ Member ‘Tylerb’ Pleads Guiltysocial304 · flat

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft.

affectedat exactly the sessions that warrant itsocial332 · down

Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction

Fraud prevention and user experience have long been treated as opposing forces: tighten security, and you risk alienating legitimate customers; loosen it, and you open the door to account takeovers, synt

affectedUK probes Telegram, teen chat sites over CSAM sharing concernssocial366 · up

UK probes Telegram, teen chat sites over CSAM sharing concerns

Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used to share child sexual abuse material (CSAM).

affectedCISA flags new SD-WAN flaw as actively exploited in attackssocial574 · up

CISA flags new SD-WAN flaw as actively exploited in attacks

CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks.

affectedSiemens SCALANCEsocial331 · down

Siemens SCALANCE

Apr 21, 2026 ICS Advisory | ICSA-26-111-04 Siemens Analytics Toolkit

affectedSenseLive X3050social306 · flat

SenseLive X3050

Apr 21, 2026 ICS Advisory | ICSA-26-111-04 Siemens Analytics Toolkit

affectedSiemens Analytics Toolkitsocial300 · flat

Siemens Analytics Toolkit

Apr 21, 2026 ICS Advisory | ICSA-26-111-05 Hardy Barth Salia EV Charge Controller

affectedSilex Technology SD-330AC and AMC Managersocial356 · flat

Silex Technology SD-330AC and AMC Manager

Apr 21, 2026 ICS Advisory | ICSA-26-111-04 Siemens Analytics Toolkit

affectedSiemens RUGGEDCOM CROSSBOW Secure Access Manager Primarysocial351 · up

Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary

Apr 21, 2026 ICS Advisory | ICSA-26-111-05 Hardy Barth Salia EV Charge Controller

affectedSiemens TPM 2.0social305 · flat

Siemens TPM 2.0

Apr 21, 2026 ICS Advisory | ICSA-26-111-05 Hardy Barth Salia EV Charge Controller

affectedHardy Barth Salia EV Charge Controllersocial246 · flat

Hardy Barth Salia EV Charge Controller

Apr 21, 2026 ICS Advisory | ICSA-26-111-04 Siemens Analytics Toolkit

affectedSiemens SINEC NMSsocial268 · down

Siemens SINEC NMS

Apr 21, 2026 ICS Advisory | ICSA-26-111-05 Hardy Barth Salia EV Charge Controller

affectedZero Motorcycles Firmwaresocial334 · flat

Zero Motorcycles Firmware

Apr 21, 2026 ICS Advisory | ICSA-26-111-04 Siemens Analytics Toolkit

affectedSiemens Industrial Edge Managementsocial319 · flat

Siemens Industrial Edge Management

Apr 21, 2026 ICS Advisory | ICSA-26-111-04 Siemens Analytics Toolkit

affectedActively exploited Apache ActiveMQ flaw impacts 6,400 serverssocial594 · up

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.

affectedBlackCat (ALPHV) ransomware attacks in 2023social465 · up

Former ransomware negotiator pleads guilty to BlackCat attacks

41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.

affectedNGate Android malware uses HandyPay NFC app to steal card datasocial273 · flat

NGate Android malware uses HandyPay NFC app to steal card data

A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool.

affectedKelpDAO suffers $290 million heist tied to Lazarus hackerssocial244 · flat

KelpDAO suffers $290 million heist tied to Lazarus hackers

State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday.

affectedthem of cryptocurrency assetssocial225 · down

mediumconsumer-security

China's Apple App Store infiltrated by crypto-stealing wallet apps

A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets.

affectedThe Gentlemen ransomware now uses SystemBC for bot-powered attackssocial308 · flat

The Gentlemen ransomware now uses SystemBC for bot-powered attacks

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.

affectedSeiko USA website defaced as hacker claims customer data theftsocial424 · flat

Seiko USA website defaced as hacker claims customer data theft

The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid.

affectedMicrosoftsocial675 · flat

highother

Microsoft: Teams increasingly abused in helpdesk impersonation attacks

Microsoft has issued a warning that threat actors are increasingly using Microsoft Teams to impersonate IT helpdesk staff, tricking employees into granting access to enterprise networks. Attackers leverage legitimate tools for access and lateral movement, making detection difficult. Developers and enterprise users should be cautious of unsolicited Teams messages requesting credentials or remote access, and organizations should review their external Teams communication policies.

affectedcostly downtimesocial165 · up

lowransomware

The backup myth that is putting businesses at risk

This article challenges the common misconception that having backups alone is sufficient for business continuity. It highlights that while backups protect data, they do not ensure operational continuity during ransomware attacks or outages, which can result in costly downtime. Developers and businesses should consider implementing full Business Continuity and Disaster Recovery (BCDR) strategies rather than relying solely on backups.

highwebexploited in the wild

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

A weekly security roundup covers multiple active threats including a Vercel-related hack, push notification fraud, QEMU being abused as an attack vector, and new Android remote access trojans (RATs) emerging in the wild. The attacks share a common theme of abusing trusted pathways—third-party tools, browser extensions, update channels, and legitimate software—to gain internal access rather than breaking systems directly. Developers should care because supply chain trust assumptions are being systematically exploited across multiple platforms and tooling ecosystems.

affectedinternal access rather than breaking systems directlysocial924 · up

affectedtech companies and their employeessocial210 · flat

British Scattered Spider hacker pleads guilty to crypto theft charges

A British national believed to be a leader of the Scattered Spider cybercrime group has pleaded guilty in the US to wire fraud and aggravated identity theft charges related to cryptocurrency theft. Scattered Spider is known for sophisticated social engineering attacks, SIM swapping, and targeting tech companies and their employees. Developers and security teams should be aware of this group's tactics, which often involve impersonating IT staff to gain access to corporate systems and credentials.

affectedMicrosoft tests Windows Explorer speed, performance improvementssocial144 · flat

lowother

Microsoft tests Windows Explorer speed, performance improvements

Microsoft is testing performance and speed improvements for File Explorer in Windows 11, currently available to Insider program participants. These changes focus on faster launch times and overall performance enhancements. This is not a security issue but rather a UX/performance update relevant to Windows developers and power users.

affecteddependencies in artifact repositories and dependency management toolssocial239 · flat

Supply Chain Compromise Impacts Axios Node Package Manager

<div class="OutlineElement Ltr SCXW232133708 BCX8"> <p>The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).

affectedCISA Adds Eight Known Exploited Vulnerabilities to Catalogsocial620 · up

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

<div class="OutlineElement Ltr SCXW178812853 BCX8"> <p>CISA has added eight new vulnerabilities to its <a href="https://www.cisa.

affectedWhy Most AI Deployments Stall After the Demosocial99 · flat

lowother

Why Most AI Deployments Stall After the Demo

This article discusses operational challenges in AI deployment, focusing on why AI tools that perform well in demos often fail in real-world production environments. It is not a security incident or vulnerability report, but rather an analysis of AI adoption friction. Developers should be aware that scaling AI beyond proof-of-concept requires careful operational planning.

affectedAnthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chainsocial503 · down

highsupply-chain

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Researchers discovered a design-level vulnerability in the Model Context Protocol (MCP), a framework used to connect AI models with external tools and data sources. The flaw allows attackers to achieve remote code execution on any system running a vulnerable MCP implementation, potentially compromising the broader AI supply chain. Developers building AI-powered applications with MCP integrations should audit their implementations immediately, as this is an architectural issue rather than a simple patch-and-fix bug.

affectedMicrosoft pulls service update causing Teams launch failuressocial222 · down

lowother

Microsoft pulls service update causing Teams launch failures

Microsoft rolled back a faulty service update that was causing the Teams desktop client to fail on launch for some users. Developers and organizations relying on Teams for communication and collaboration were temporarily impacted. While not a security vulnerability, the incident highlights the risk of service disruptions from cloud-side updates outside users' control.

affectedMicrosoft releases emergency updates to fix Windows Server issuessocial241 · down

Microsoft releases emergency updates to fix Windows Server issues

Microsoft released emergency out-of-band updates to address problems introduced by the April 2026 security patches for Windows Server. Organizations running Windows Server that applied the April 2026 updates may be experiencing system issues and should apply the new OOB fixes promptly. Developers and sysadmins managing Windows Server infrastructure should prioritize installing these corrective updates to restore stability.

affectedIsraeli water treatment and desalination facilitiessocial681 · flat

highother

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Researchers at Darktrace have identified a new malware called ZionSiphon specifically designed to target Israeli water treatment and desalination facilities. The malware establishes persistence, tampers with configuration files, and scans for operational technology (OT) services on local networks, posing a significant threat to critical water infrastructure. Developers working on OT/ICS systems or critical infrastructure software should be aware of targeted malware capable of bridging IT and OT environments.

affectedunauthorized access to certain internal Vercel systemssocial692 · up

highweb

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Vercel suffered a security breach after a third-party AI tool, Context.ai, was compromised, allowing attackers to take over an employee's Google Workspace account and gain unauthorized access to certain internal Vercel systems. A limited number of customer credentials were exposed as a result. Developers using Vercel should monitor for any suspicious activity and consider rotating credentials, as supply chain attacks through third-party tools remain a significant and growing threat vector.

Apr 1911d ago

mediumcloud

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data.

affectedVercelsocial340 · up

Apr 1812d ago

lowidentity

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

A webinar focused on the growing security risk of unmanaged non-human identities such as service accounts, API tokens, and OAuth grants, which were cited as responsible for 68% of cloud breaches in 2024. Organizations typically have 40-50 automated credentials per employee, many of which become orphaned when projects end or staff leave. Developers should care because these 'ghost identities' represent a significant and often overlooked attack surface in cloud environments.

affectedcloud environmentssocial254 · up

criticalcritical-infrastructure

Anviz Multiple Products

Multiple Anviz biometric access control products (CX2 Lite, CX7 firmware, and CrossChex Standard software) contain numerous critical vulnerabilities including missing authentication, command injection, and improper authorization flaws. All firmware versions are affected, with CVSS scores reaching 9.8, meaning attackers could gain full root-level control, execute arbitrary code, capture sensitive data, and compromise credentials on these physical security devices. Developers and security teams integrating or managing Anviz hardware should treat these devices as untrusted until patches are available and isolate them from sensitive network segments.

affectedAnviz Multiple Productssocial1031 · down

highcritical-infrastructureexploited in the wild

AVEVA Pipeline Simulation

software contains a missing authorization vulnerability (CVE-2026-5387) with a CVSS v3 score of 9.1, allowing unauthenticated attackers to escalate privileges and perform administrator-level actions. Exploiting this flaw could enable modification of simulation parameters, training configurations, and training records in pipeline simulation systems used in critical manufacturing infrastructure worldwide. Developers and operators using AVEVA Pipeline Simulation should apply patches or mitigations immediately, as the high CVSS score and lack of authentication requirement make this a serious risk.

affectedpipeline simulation systems used in critical manufacturing infrastructure worldwidesocial963 · up

highexploitationexploited in the wild

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added a new Apache ActiveMQ vulnerability (CVE-2026-34197) involving improper input validation to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Organizations running Apache ActiveMQ are at risk, as this type of vulnerability is a common attack vector for malicious actors. Developers and administrators using ActiveMQ should prioritize patching immediately, as federal agencies are required to remediate and all organizations are strongly urged to do the same.

affectedCISA Adds One Known Exploited Vulnerability to Catalogsocial852 · up

highcritical-infrastructure

Horner Automation Cscape and XL4, XL7 PLC

Horner Automation's Cscape engineering software and XL4/XL7 PLCs used in critical manufacturing have a weak password requirements vulnerability (CVE-2026-6284, CVSS 9.1) that allows network-accessible attackers to brute force credentials with no rate limiting or complexity enforcement. Affected versions include Cscape v10.0, XL7 PLC v15.60, and XL4 PLC v16.32.0. Developers and engineers integrating or managing industrial control systems should apply patches or mitigations immediately, as successful exploitation could grant unauthorized access to operational technology environments.

affectedversions include Cscape v10social714 · up

affectedcritical manufacturing sectors worldwidesocial394 · down

Delta Electronics ASDA-Soft

version 7.2.0.0 contains a stack-based buffer overflow vulnerability (CVE-2026-5726) that can be triggered when parsing malformed .par files, potentially allowing attackers to execute arbitrary code. The flaw affects industrial automation software used in critical manufacturing sectors worldwide. Delta Electronics has released a patch in version 7.2.6.0, and users should upgrade immediately to mitigate the risk.

Apr 1416d ago

criticalzero-dayexploited in the wild

Patch Tuesday, April 2026 Edition

Microsoft's April 2026 Patch Tuesday addresses 167 security vulnerabilities, including an actively exploited SharePoint Server zero-day and a publicly disclosed Windows Defender flaw called 'BlueHammer'. Google Chrome patched its fourth zero-day of 2026, and Adobe Reader received an emergency fix for an actively exploited remote code execution vulnerability. Developers should prioritize updating all affected systems immediately, especially those running SharePoint Server, Chrome, and Adobe Reader, as active exploitation is confirmed.

affectedPatch Tuesday, April 2026 Editionsocial1500 · up

Apr 1416d ago

highexploitationexploited in the wild

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation: a Microsoft Office Remote Code Execution flaw (CVE-2009-0238) and a Microsoft SharePoint Server Improper Input Validation vulnerability (CVE-2026-32201). Federal agencies are required to patch these by a set deadline, and all organizations are strongly urged to remediate them promptly. Developers and admins running Microsoft Office or SharePoint should prioritize applying available patches immediately given confirmed active exploitation.

affectedCISA Adds Two Known Exploited Vulnerabilities to Catalogsocial969 · up

Apr 1317d ago

affectedCISA Adds Seven Known Exploited Vulnerabilities to Catalogsocial503 · up

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

<p>CISA has added seven new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabi

Apr 0921d ago