Today, 27 things to read .

affectedof high-value loadssocialX 27% · Reddit 0% · GitHub 73%

FBI links cybercriminals to sharp surge in cargo theft attacks

The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725

Apr 301d ago

…

mediumwebexploited in the wild

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

affectedCISA Adds One Known Exploited Vulnerability to CatalogsocialX 65% · Reddit 0% · GitHub 35%

Apr 292d ago

…

affectedzero-day attackssocialX 92% · Reddit 0% · GitHub 8%

CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.

Apr 283d ago

…

mediumransomware

US reportedly charges Scattered Spider hacker arrested in Finland

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective.

affectedFinland earlier this month faces federal charges in the UsocialX 64% · Reddit 0% · GitHub 36%

Apr 283d ago

…

mediumcritical-infrastructure

NSA GRASSMARLIN

Apr 23, 2026 ICS Advisory | ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW)

affectedNSA GRASSMARLINsocialX 19% · Reddit 0% · GitHub 81%

Apr 283d ago

…

affectedCISA Adds Two Known Exploited Vulnerabilities to CatalogsocialX 19% · Reddit 0% · GitHub 81%

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

Apr 283d ago

…

affectedFebruary 2022socialX 26% · Reddit 0% · GitHub 74%

Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials

Federal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts.

Apr 274d ago

…

mediumzero-day

FTC: Americans lost over $2.1 billion to social media scams in 2025

The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in 2025.

affectedFTCsocial0 · flat

Apr 274d ago

…

mediumbreach

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affected⚡ Weekly Recapsocial0 · flat

Apr 256d ago

…

mediumcloudexploited in the wild

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders. AI collapsed human response window and turned remote access into fastest path to breach.

affectedCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadlinesocial0 · flat

Apr 247d ago

…

affectedUkrainian government entities starting in Januarysocial0 · flat

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver.

Apr 247d ago

…

affectedCISA Adds Four Known Exploited Vulnerabilities to Catalogsocial0 · flat

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

Apr 238d ago

…

mediumemail

New GopherWhisper APT group abuses Outlook, Slack, Discord for comms

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government ent

affectedNew GopherWhisper APT group abuses Outlook, Slack, Discord for commssocial0 · flat

Apr 238d ago

…

affectedCISA Adds One Known Exploited Vulnerability to Catalogsocial0 · flat

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

Apr 238d ago

…

affectedthis report is relevant for both Cisco Firepower and Secure Firewall devicessocial0 · flat

FIRESTARTER Backdoor

The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained from a forensic investigation.

Apr 238d ago

…

affectedzero-day attackssocial0 · flat

CISA orders feds to patch BlueHammer flaw exploited as zero-day

CISA has given U.S. government agencies two weeks to secure their Windows systems against a Microsoft Defender privilege escalation vulnerability that has been exploited in zero-day attacks.

Apr 229d ago

…

affectedstored on the devicesocial0 · flat

Apple fixes bug that let the FBI recover deleted Signal messages

Article updated with statement from Signal thanking Apple for addressing the vulnerability .

Apr 229d ago

…

affectedCISA Adds One Known Exploited Vulnerability to Catalogsocial0 · flat

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.

Apr 2110d ago

…

affectedFrench govt agencysocial0 · flat

French govt agency confirms breach as hacker offers to sell data

France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data.

Apr 2110d ago

…

affectedCISA flags new SD-WAN flaw as actively exploited in attackssocial0 · flat

CISA flags new SD-WAN flaw as actively exploited in attacks

CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks.

Apr 2011d ago

…

mediumother

KelpDAO suffers $290 million heist tied to Lazarus hackers

State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday.

affectedKelpDAO suffers $290 million heist tied to Lazarus hackerssocial0 · flat

Apr 2011d ago

…

mediumsupply-chain

Supply Chain Compromise Impacts Axios Node Package Manager

<div class="OutlineElement Ltr SCXW232133708 BCX8"> <p>The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).

affecteddependencies in artifact repositories and dependency management toolssocial0 · flat

Apr 2011d ago

…

affectedCISA Adds Eight Known Exploited Vulnerabilities to Catalogsocial0 · flat

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

<div class="OutlineElement Ltr SCXW178812853 BCX8"> <p>CISA has added eight new vulnerabilities to its <a href="https://www.cisa.

Apr 1615d ago

…

highexploitationexploited in the wild

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added a new Apache ActiveMQ vulnerability (CVE-2026-34197) involving improper input validation to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Organizations running Apache ActiveMQ are at risk, as this type of vulnerability is a common attack vector for malicious actors. Developers and administrators using ActiveMQ should prioritize patching immediately, as federal agencies are required to remediate and all organizations are strongly urged to do the same.

affectedCISA Adds One Known Exploited Vulnerability to Catalogsocial0 · flat

Apr 1417d ago

…

highexploitationexploited in the wild

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation: a Microsoft Office Remote Code Execution flaw (CVE-2009-0238) and a Microsoft SharePoint Server Improper Input Validation vulnerability (CVE-2026-32201). Federal agencies are required to patch these by a set deadline, and all organizations are strongly urged to remediate them promptly. Developers and admins running Microsoft Office or SharePoint should prioritize applying available patches immediately given confirmed active exploitation.

affectedCISA Adds Two Known Exploited Vulnerabilities to Catalogsocial0 · flat

Apr 1318d ago

…