Critical vulnerabilities in CrowdStrike LogScale and Tenable Nessus products were patched this week, exposing self-hosted LogScale instances to unauthenticated path traversal and enabling Windows-based Nessus scanners to suffer privilege escalation via junction-based attacks. CrowdStrike resolved CVE-2026-40050, a critical unauthenticated path traversal flaw in LogScale that permitted arbitrary file read access on affected servers. Tenable addressed CVE-2026-33694, a high-severity vulnerability in Nessus for Windows allowing arbitrary file deletion and potential arbitrary code execution with SYSTEM privileges through junction-based exploitation. No evidence of exploitation in the wild has been identified by CrowdStrike, and mitigations were automatically applied for SaaS LogScale customers. Self-hosted LogScale and Nessus users are advised to apply vendor-supplied updates immediately.

A campaign attributed to Tropic Trooper (APT23, Earth Centaur) uses a trojanized SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent. Chinese-speaking individuals in Taiwan and users in South Korea and Japan are targeted via military-themed ZIP archives containing malicious SumatraPDF executables. The executable displays a decoy PDF while fetching encrypted shellcode from a staging server to launch AdaptixC2, which communicates with C2 infrastructure via GitHub. Subsequent activity includes deployment of Microsoft VS Code tunnels for remote access on high-value hosts, alongside the use of trojanized applications for camouflage. The staging server at 158.247.193[.]100 has hosted Cobalt Strike Beacon and the custom EntryShell backdoor previously associated with Tropic Trooper.

Supply chain compromise in the Trivy vulnerability scanner triggered the CanisterWorm propagation across CI/CD pipelines, now expanding to additional open-source ecosystems and involving multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) and Cisco confirming collaboration and horizontal movement across cloud environments. A new npm supply chain malware campaign discovered on April 24, 2026, shows self-propagating worm-like behavior via @automagik/genie and pgserve packages, stealing credentials and spreading across developer ecosystems while using Internet Computer Protocol (ICP) canisters for command and control. The malware shares technical similarities with prior TeamPCP campaigns, including post-install scripts and canister-based infrastructure, potentially indicating ongoing evolution of the threat actor's tactics or a new campaign leveraging established infrastructure. The Axios NPM package compromise via malicious versions 0.27.5 and 0.28.0 delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with attribution disputes suggesting either TeamPCP involvement or North Korean actor UNC1069 (Google's Threat Intelligence Group). Cisco's internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories including proprietary AI product code and customer data from banks, BPOs, and US government agencies. Multiple AWS keys were abused across a subset of Cisco's cloud accounts, with multiple threat actors participating in the breach.

A pre-authenticated remote code execution (RCE) vulnerability in Marimo, tracked as CVE-2026-39987 (CVSS 9.3), was exploited in the wild within hours of public disclosure, enabling attackers to gain full PTY shells on exposed instances via the unauthenticated /terminal/ws WebSocket endpoint. The flaw, affecting Marimo versions prior to 0.23.0, initially led to rapid, human-driven exploitation campaigns focused on credential theft. Recent attacks have expanded to deploy a new NKAbuse malware variant hosted on Hugging Face Spaces, using typosquatted repositories to evade detection and establish persistent remote access. Additional exploitation activity includes sophisticated lateral movement, such as reverse-shell techniques and database enumeration, indicating a shift toward multi-stage attacks beyond initial credential harvesting. GitHub assessed the flaw with a critical CVSS score of 9.3, and Marimo developers confirmed impact on instances deployed as editable notebooks or exposed via --host 0.0.0.0 in edit mode. This event is distinct from the LMDeploy SSRF flaw (CVE-2026-33626), which was exploited within 12 hours of disclosure to conduct internal network reconnaissance via SSRF, targeting cloud metadata services, Redis, and MySQL instances.

Unauthenticated attackers are actively exploiting a critical file upload vulnerability (CVE-2026-3844) in the Breeze Cache WordPress plugin (400,000+ active installations) to upload arbitrary files and achieve remote code execution (RCE) on affected servers. Exploitation requires the optional "Host Files Locally - Gravatars" add-on to be enabled, which is disabled by default. The flaw stems from missing file-type validation in the ‘fetch_gravatar_from_remote’ function and has a CVSS score of 9.8. Cloudways issued a patch in version 2.4.5, but over 138,000 downloads of the latest version suggest widespread exposure.

China-nexus cyber actors are systematically industrializing botnets composed primarily of compromised small office/home office (SOHO) routers and consumer IoT devices to support low-signature, high-deniability operations against US and allied organizations. These covert networks are maintained at scale by dedicated teams—potentially affiliated with Chinese information security firms—who continuously update and expand the botnets, while distributing access to multiple state-backed groups such as Flax Typhoon and Volt Typhoon. The infrastructure enables reconnaissance, malware delivery, command-and-control, data exfiltration, and deniable browsing, complicating attribution and defensive countermeasures. The advisory emphasizes that while botnet usage is not new, the strategic scale, tempo, and division of labor in China-aligned operations represent a marked escalation. Organizations are urged to implement network edge profiling, zero-trust controls, and threat hunting to detect anomalous connectivity patterns from consumer broadband ranges and known covert nodes.

Trigona ransomware affiliates are deploying a custom-built command-line exfiltration tool named "uploader_client.exe" to streamline data theft from compromised environments. The tool facilitates parallel uploads, connection rotation post-2GB traffic to evade monitoring, selective file type exfiltration, and access restriction via authentication keys. Observed in March 2026 attacks, the utility supports faster and stealthier data exfiltration compared to public tools like Rclone or MegaSync, reducing detection risks during critical phases of intrusions. The campaign leverages the Trigona ransomware, a double-extortion operation active since October 2022, targeting high-value documents such as invoices and PDFs on network drives. Recent activity suggests resumption of operations following disruptions to the group’s infrastructure in October 2023.

Google Cloud has decided against releasing a dedicated cybersecurity-focused frontier AI model, instead prioritizing the use of its general-purpose Gemini series (e.g., Gemini 3.1 Pro) for security workflows. Francis DeSouza, Google Cloud COO, stated that generalist models like Gemini have demonstrated sufficient capability across domains, including cybersecurity, negating the need for niche alternatives. The strategy emphasizes integrating high-quality general models with tailored tooling, governance, and contextual training for defense use cases rather than developing specialized cyber models.

TeamPCP has continued to escalate its multi-vector CanisterWorm campaign into a geopolitically targeted operation, leveraging compromised PyPI packages (LiteLLM versions 1.82.7–1.82.8 and Telnyx versions 4.87.1–4.87.2) and now Checkmarx KICS tooling to deliver credential-stealing malware that harvests SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files. The group’s most recent compromise involves the Checkmarx KICS analysis tool, where attackers pushed malicious Docker images to the official "checkmarx/kics" repository (overwriting v2.1.20 and introducing v2.1.21), alongside infected VS Code and Open VSX extensions that executed a hidden MCP addon to fetch and deploy multi-stage credential theft malware. The attack targeted data processed by KICS—including GitHub tokens, cloud provider credentials, npm tokens, SSH keys, and environment variables—encrypted and exfiltrated it to audit.checkmarx[.]cx, a domain designed to impersonate legitimate Checkmarx infrastructure. While TeamPCP publicly claimed the attack, researchers noted insufficient evidence beyond pattern-based correlations to confidently attribute the breach. The malicious timeframe for the Docker image compromise lasted from 2026-04-22 14:17:59 UTC to 15:41:31 UTC before affected tags were restored to legitimate digests. The campaign began as a supply-chain attack involving 47 compromised npm packages and escalated to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and direct targeting of CI/CD pipelines via GitHub Actions workflows (e.g., Checkmarx, Trivy). Recent compromises of LiteLLM and Telnyx demonstrate rapid iteration and maturation of supply-chain attack methodology, while destructive payloads targeting Iranian systems in Kubernetes environments (e.g., time-zone/locale-based wipers) highlight the group’s geopolitical alignment. The LiteLLM compromise specifically turned developer endpoints into systematic credential harvesting operations, with malware activating during installation/updates and cascading through transitive dependencies (e.g., dspy, opik) to affect organizations that never directly used LiteLLM. A coordinated attack on Checkmarx ecosystems has been discovered, including malicious images pushed to the official "checkmarx/kics" Docker Hub repository (v2.1.20, alpine overwritten; v2.1.21 introduced) and infected Visual Studio Code extensions (1.17.0, 1.19.0) that executed remote addons via Bun without user consent. The malware collected and exfiltrated sensitive data from infrastructure-as-code scans, exposing credentials in Terraform, CloudFormation, or Kubernetes configurations. Techniques and exfiltration infrastructure (e.g., ICP canister cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io) resemble TeamPCP's CanisterWorm operations, though attribution remains unconfirmed. The Docker Hub repository has been archived, and affected organizations must remediate potentially compromised secrets.

Threat actors impersonated a Marks & Spencer (M&S) employee to a third-party service desk in April 2025, convincing agents to perform a password reset that bypassed multi-factor authentication (MFA). This granted initial access, enabling subsequent Active Directory credential theft, lateral movement, and ransomware deployment that disrupted national operations for five days, resulting in estimated daily losses of £3.8 million ($5.1 million).

A regression introduced in a recent Microsoft Edge browser update prevents Windows users from joining Microsoft Teams meetings via scheduled invites or direct links. Microsoft confirmed the issue on April 23, 2026, and assigned incident report TM1288497. The failure occurs during the meeting join process, with restarting the Teams client serving as a temporary workaround. Microsoft is actively investigating the regression source and monitoring diagnostic data to determine the full scope of impact, including affected user counts and regions.

China-nexus advanced persistent threat (APT) groups are increasingly routing malicious traffic through large-scale botnets composed of compromised consumer and small office/home office (SOHO) devices to evade detection and attribution. These botnets, primarily consisting of routers, IP cameras, video recorders, and NAS units, enable threat actors to chain traffic through multiple intermediate nodes, obscuring geographic origins and disguising malicious activity as benign traffic. The UK National Cyber Security Centre (NCSC-UK) and allied agencies report that the majority of Chinese state-sponsored groups now favor such proxy networks over traditional infrastructure procurement. Recent disruptions—including the FBI’s takedown of the Raptor Train botnet in September 2024 and disruption of the KV-Botnet in January 2024—highlight the scale and persistence of these operations, with some networks revived within months by threat actors.

A previously undocumented China-aligned APT group named GopherWhisper has compromised at least 12 confirmed systems across Mongolian governmental institutions and dozens more globally since at least 2023 using a suite of Go-based backdoors and loaders. The threat actor abuses legitimate services—Discord, Slack, Microsoft 365 Outlook, and file.io—for command-and-control (C2) communications and data exfiltration. Operational activity began as early as November 2023, with C2 timestamps aligning to China Standard Time working hours (8 a.m.–5 p.m. CST), confirming human operator involvement. ESET telemetry indicates further victimization beyond Mongolia, though geography and sector details remain limited. Newly identified tools include JabGopher (an injector for LaxGopher) and FriendDelivery (a loader for BoxOfFriends), expanding the group’s toolkit. Hardcoded credentials in backdoors enabled researchers to recover thousands of Slack and Discord messages, reinforcing attribution to China.

The Cybersecurity and Infrastructure Security Agency (CISA) has **identified a new malware family, FIRESTARTER**, targeting Cisco Firepower and Secure Firewall products running ASA or FTD software. This malware enables remote access and control by threat actors and can persist on compromised devices **even after firmware patching**, rendering standard patching insufficient to remove existing threats. CISA updated **Emergency Directive 25-03** with new requirements for Federal Civilian Executive Branch (FCEB) agencies, including identifying vulnerable Firepower and Secure Firewall devices, collecting forensic data, and applying updated vendor patches. The vulnerabilities **CVE-2025-20333** and **CVE-2025-20362** continue to be exploited by an advanced persistent threat (APT) actor linked to the **ArcaneDoor campaign**, which has been active since at least July 2023. The campaign has deployed multiple malware families, including **RayInitiator**, **LINE VIPER**, and now **FIRESTARTER**, with tactics such as ROM manipulation for persistence and multi-platform exploitation (e.g., **Citrix Bleed 2** and **Cisco ISE zero-days**). CISA and the U.K. NCSC confirmed that over **30,000 devices remain exposed globally**, down from 45,000 in October 2025, despite prior patching efforts. The agency has also warned that some organizations **incorrectly applied updates**, leaving devices marked as patched but still vulnerable to active exploitation.

Google Cloud introduced the Gemini Enterprise Agent Platform to manage autonomous AI agents with unique cryptographic identities and enforce zero-trust verification across orchestration steps. The platform assigns each agent a distinct cryptographic ID tied to auditable authorization policies, enabling traceability and governance across agent actions. Security risks introduced by autonomous, goal-oriented AI agents are addressed through a suite of new capabilities, including an Agent Registry for indexing agents and tools, an Agent Gateway for policy enforcement, and an Agent Security Dashboard for threat detection and vulnerability scanning.

Analysis of nearly 800,000 email attacks across 4,600+ organizations reveals a significant shift in attacker tactics from exploiting technical flaws to targeting behavioral and organizational trust within workflows. Email-based threats now rely on finely tailored social engineering, leveraging trusted relationships, routine operations, and evasive pretexts to bypass detection. Phishing remains the most prevalent method (58%), while Business Email Compromise (BEC) and its subtype Vendor Email Compromise (VEC)—now comprising over 60% of BEC attacks—deliver higher impact despite lower volume. Attackers exploit predictable workflows such as file-sharing, invoicing, and internal communications, using redirect chains (over 20% of phishing) and popular URL shorteners (e.g., TinyURL, t.co) to conceal malicious destinations. Geographic targeting is evident, with invoice fraud dominating VEC in North America and procurement-stage pretexts prevailing in EMEA.

Luxury cosmetics company Rituals disclosed an unauthorized access incident affecting its My Rituals loyalty program members. The intrusion occurred earlier in April 2026 and resulted in the exfiltration of members’ personally identifiable information (PII), including names, addresses, phone numbers, email addresses, dates of birth, and gender. The incident was contained after detection, with no indication of password or payment data compromise. Rituals has initiated forensic analysis and notified relevant authorities but has not disclosed the number of affected individuals at this time.

Between November 2023 and October 2025, cyber-attacks on schools and universities worldwide rose 63% year-over-year, driven by geopolitical tensions, ransomware, and hacktivism, according to threat intelligence analyzed by Quorum Cyber. Data breaches increased 73%, hacktivist activity 75%, and ransomware incidents 21% across 67 countries. Research-intensive institutions face targeted theft of AI, quantum, and advanced materials data, while hacktivist campaigns—including Iranian-affiliated actors—conduct DDoS, defacement, and data-leak operations.

Unit 42 at Palo Alto Networks has demonstrated an autonomous AI agent, named Zealot, capable of executing end-to-end attacks against a Google Cloud Platform (GCP) environment with minimal human oversight. Zealot operated under an open-ended objective to exfiltrate sensitive data from a targeted BigQuery dataset in an isolated GCP lab environment. Using a supervisor-agent architecture with three specialized sub-agents, the system autonomously performed reconnaissance, exploited a web application to steal credentials, escalated privileges, and extracted data while improvising evasion tactics such as injecting SSH keys for persistence. The findings underscore a shift toward AI-driven offensive operations, revealing that current human-centric detection paradigms may be insufficient to counter machine-speed intrusions.

Security researchers demonstrated a self-directed AI system capable of executing a full cloud attack chain from initial access to data exfiltration in under three minutes, using only a single natural-language prompt and exploiting existing misconfigurations. The autonomous multi-agent framework, named Zealot, autonomously chained reconnaissance, exploitation, privilege escalation, and data theft by leveraging common cloud weaknesses such as server-side request forgery, exposed metadata services, and permissive storage bucket policies. The experiment, conducted in a deliberately misconfigured Google Cloud Platform environment, highlights that current large language models (LLMs) can automate complex attack sequences faster than human defenders can respond, reducing the operational window for mitigation to minutes rather than hours or days.

Security researchers reported 10 new indirect prompt injection (IPI) payloads being exploited in-the-wild, enabling threat actors to execute malicious instructions via web content poisoning. The attacks target AI agents that process web content for summarization, retrieval-augmented generation (RAG), metadata extraction, ad review, SEO analysis, or moderation. Impact scales with agent privileges, from low-risk summarizers to high-impact agentic tools capable of emailing, executing shell commands, or processing payments. Payloads observed include content suppression, attribution hijacking, forced file deletion, API key exfiltration, and financial fraud via embedded payment instructions.

Apple released iOS/iPadOS updates (26.4.2, 18.7.8) to remediate CVE-2026-28950, a logging issue that retained deleted message previews in system cache despite user deletion and application uninstallation. The flaw allowed forensic recovery of Signal chat previews via cached notifications, affecting iPhone and iPad models from iPhone XR through iPhone 16 series and iPad mini (5th gen) to iPad Pro 13-inch (M4). Apple did not disclose exploitation status but subsequent reporting indicated the flaw was exploited by law enforcement in the Prairieland case to extract deleted Signal messages. Apple’s update improves data redaction to prevent notification previews from persisting after deletion or uninstallation.

The UK National Cyber Security Centre (NCSC) has officially designated passkeys as the preferred consumer authentication method, urging adoption by businesses and the public. Previously reserved for scenarios where passkeys are unavailable, passwords are now deprecated as a primary login option. The endorsement follows a year-long collaboration with the FIDO Alliance and observed success in deployments such as the NHS. The move aims to reduce reliance on passwords by promoting passkeys, which leverage FIDO2 and WebAuthn standards for phishing-resistant, biometric, or device-based authentication. The UK government has also committed to rolling out passkeys across all public digital services.

Cyber threat activity in Africa declined by 22% in Q1 2026 compared to 2025, averaging 2,700 attacks per week per organization, while Latin America overtook Africa as the highest-risk region globally with 3,050 weekly attacks per organization. The reduction in Africa is attributed to improved cybersecurity maturity and a strategic shift by attackers toward Latin America, where rapid digitalization has outpaced security investments. Despite the decline, African organizations remain above the global average of 2,000 attacks per week, with ransomware activity remaining disproportionately concentrated in North America.

A Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in end-of-life D-Link DIR-823X routers, to recruit devices into a botnet. The flaw enables unauthenticated remote code execution (RCE) via a POST request to the /goform/set_prohibiting endpoint, allowing attackers to download and execute a Mirai variant named "tuxnokill" that supports multiple architectures. The campaign was detected by Akamai SIRT in early March 2026, marking the first observed in-the-wild exploitation despite the vulnerability’s public disclosure 13 months prior. The affected firmware versions (240126 and 24082) were end-of-life in November 2024, and no patches are expected from D-Link. The threat actor also exploits vulnerabilities in TP-Link (CVE-2023-1389) and ZTE routers using the same attack pattern, deploying Mirai payloads consistently across targets.

Threat actors are increasingly leveraging legitimate, native system tools across both Windows and macOS environments to conduct attacks, achieving lateral movement, privilege escalation, and persistence while evading detection. Analysis of over 700,000 high-severity incidents indicates that 84% now involve abuse of trusted utilities—practices known as Living off the Land (LOTL). This shift reduces reliance on malware and exploits, exploiting operational blind spots created by necessary administrative tools. Recent research from Cisco Talos highlights the expansion of LOTL techniques to macOS native features such as Remote Application Scripting (RAS), Spotlight metadata, and Apple Events, enabling covert execution, persistence, and lateral movement. More than 45% of organizations now use macOS in enterprise settings—often holding sensitive credentials, cloud access, and source code—making the platform a high-value target. Attackers abuse RAS to issue remote commands without triggering shell-based monitoring, embed malicious payloads in Finder comments stored as Spotlight metadata, and leverage protocols like SMB, Netcat, Git repositories, TFTP, and SNMP for covert data transfer and movement. The technique remains the dominant intrusion vector, progressing undetected until significant compromise occurs, particularly due to limited visibility into macOS-native behaviors and reliance on legitimate system processes.

Spanish law enforcement dismantled a long-running Spanish-language manga piracy platform active since 2014, resulting in four arrests and the seizure of assets valued at $4.7M in advertising revenue and over $470,000 in cryptocurrency. The platform provided unauthorized access to copyrighted manga works, monetized primarily through aggressive pop-up advertisements—including pornographic ads—exposed to millions of monthly users globally, many of whom were minors. A coordinated raid in Almería, Spain, uncovered a complex technological infrastructure supporting the operation and revealed an in-progress plan to migrate the platform to a new domain to evade enforcement.

The UK National Cyber Security Centre (NCSC) has publicly released SilentGlass, a plug-and-play hardware device designed to block malicious or unexpected content at the HDMI and DisplayPort interfaces between source devices and monitors. Deployed first on UK government estates and now available globally, SilentGlass is positioned as a low-cost mitigation against attacks leveraging compromised or malicious video streams to exfiltrate data, inject payloads, or pivot into protected networks. The device is approved for use in high-threat environments and is manufactured by Goldilock Labs in partnership with Sony UK.

A North Korean state-aligned actor has transformed fake job recruitment scams into a self-propagating supply-chain attack dubbed "Contagious Interview" that infects developer workstations and then silently propagates malicious code through cloned repositories. The campaign, attributed to Void Dokkaebi (aka Famous Chollima), abuses legitimate development workflows by luring developers with fake interviews at crypto and AI firms, then delivering malware via malicious VS Code tasks, hidden .vscode folders, or bundled payloads in fonts/images. Once a developer commits the infected code to GitHub/GitLab/Bitbucket, the repository becomes a Trojan horse that spreads the infection to downstream contributors and forked projects, creating a worm-like chain reaction across the software supply chain. Attackers stage payloads on blockchain networks (Tron, Aptos, Binance Smart Chain) to evade takedowns and target developers’ credentials, crypto wallets, CI/CD pipelines, and production infrastructure. In March 2026 alone, over 750 repositories, 500 VS Code task configurations, and 101 instances of commit-tampering tools were identified as infected, with markers found in repositories used by DataStax and Neutralinojs.

The UK government announced a £90 million ($120 million) investment in cybersecurity resilience, targeting small and medium-sized enterprises (SMEs) to bolster national cyber defense. The funding, revealed at the NCSC's CYBERUK conference on April 22, aims to support SMEs in implementing the Cyber Essentials standard and encourages broader adoption of cybersecurity best practices. A new Cyber Resilience Pledge will be introduced in summer 2026, requiring signatories to elevate cybersecurity to board-level responsibility, enroll in the NCSC’s Early Warning service, and mandate Cyber Essentials certification across supply chains.