As of **April 10, 2026**, Iranian state-sponsored and affiliated cyber threat actors continue to escalate attacks against **U.S. critical infrastructure**, with new data revealing that **3,891 internet-exposed Rockwell Automation/Allen-Bradley PLCs**—74.6% of the global total—are vulnerable to ongoing Iranian APT campaigns. The FBI, CISA, and allied agencies confirm that these attacks have resulted in **PLC project file exfiltration, HMI/SCADA data manipulation, and operational disruptions**, marking a direct expansion of Iran’s cyber-kinetic doctrine into U.S. industrial control systems (ICS). The broader campaign remains defined by **Iran’s integration of cyber and kinetic warfare**, including the **systematic exploitation of Hikvision/Dahua IP cameras** for real-time battle damage assessment and the **re-emergence of destructive ransomware groups like Pay2Key**, which executed a **three-hour encryption blitz** against a U.S. healthcare provider in March 2026. Despite the **April 8 ceasefire announcement by Handala**—temporarily pausing U.S.-targeted attacks but continuing operations against Israel—**low-level cyberactivity by groups like 313 Team and Conquerors Electronic Army persists**, targeting Australian government systems, Israeli infrastructure, and U.S.-based platforms. Analysts warn that **ceasefires historically inflame cyber operations**, as actors exploit diplomatic pauses to pivot tactics or prepare for future escalations. **Strategic trends** highlight Iran’s use of **false-flag operations, ransomware-as-a-smokescreen, and multi-actor obfuscation** to stretch adversary defenses. The targeting of **U.S. OT systems**—mirroring prior CyberAv3ngers (IRGC) campaigns against Unitronics PLCs—signals a **shift from regional surveillance to direct, disruptive operations**, with risks of **follow-on kinetic effects**. Defenders are urged to **segment OT networks, eliminate public PLC exposure, and monitor for Iranian VPN/VPS infrastructure** (Mullvad, NordVPN, Surfshark) linked to ongoing campaigns.

Analysis of over one billion CISA KEV remediation records spanning four years across 10,000 organizations reveals a systemic failure in enterprise vulnerability remediation despite increased operational effort. Time-to-Exploit has collapsed to negative seven days for critical vulnerabilities, with 88% of tracked weaponized flaws remediated slower than exploitation occurred. Critical vulnerabilities open at Day 7 have risen from 56% to 63% while remediation tickets closed grew 6.5x since 2022. Traditional scan-and-report models cannot close this operational gap as autonomous AI agents accelerate offensive capabilities beyond human response cycles.

Researchers identified at least 179 Internet-connected industrial control systems (ICS) devices exposing the Modbus protocol on default port 502 without authentication, enabling direct read and write access by any Internet user. The exposed devices include controllers tied to national railway and power grid infrastructure, creating potential for serious physical consequences if compromised. Despite geopolitical tensions, direct targeting of OT assets remains an active and avoidable risk vector.

GlassWorm has escalated into a multi-stage framework combining remote access trojans (RATs), data theft, and hardware wallet phishing, with the latest iteration leveraging Solana dead drops for C2, a novel browser extension for surveillance, and a shift into the Model Context Protocol (MCP) ecosystem. The campaign now delivers a .NET binary that targets Ledger and Trezor devices by masquerading as configuration errors and prompting users to input recovery phrases, while a Websocket-based JavaScript RAT exfiltrates browser data, executes arbitrary code, and deploys HVNC or SOCKS proxy modules. The malware uses a Google Chrome extension disguised as Google Docs Offline to perform session surveillance on cryptocurrency platforms like Bybit and harvest extensive browser data. Additionally, threat actors have begun distributing malicious payloads via npm packages impersonating the WaterCrawl MCP server, marking GlassWorm’s first confirmed incursion into the AI-assisted development ecosystem. Recent innovations in the GlassWorm campaign include the introduction of a Zig-compiled dropper embedded within an Open VSX extension named 'specstudio.code-wakatime-activity-tracker', which masquerades as WakaTime. This dropper installs platform-specific Node.js native addons compiled from Zig code that execute outside the JavaScript sandbox with full OS-level access, enabling the threat actor to stealthily infect all IDEs on a developer's machine—including VS Code, VSCodium, Positron, Cursor, and Windsurf. The dropper then downloads a malicious VS Code extension (.VSIX) named 'floktokbok.autoimport' from an attacker-controlled GitHub account, which impersonates a legitimate extension with over 5 million installs and installs silently across all detected IDEs. The second-stage extension avoids execution on Russian systems, communicates with the Solana blockchain for C2, exfiltrates data, and deploys an information-stealing RAT that ultimately installs a malicious Google Chrome extension. Users who installed the malicious extensions should assume compromise and rotate all secrets immediately. The GlassWorm campaign remains a persistent supply chain threat impacting multiple ecosystems including npm, PyPI, GitHub, and Open VSX. Since its emergence in October 2025, the campaign has evolved from invisible Unicode steganography in VS Code extensions to a sophisticated multi-vector operation spanning 151 compromised GitHub repositories and dozens of malicious npm packages. The threat actor, assessed to be Russian-speaking, continues to avoid infecting Russian-locale systems and leverages Solana blockchain transactions as dead drops for C2 resolution. Recent developments include the ForceMemo offshoot that force-pushes malicious code into Python repositories, the abuse of extensionPack and extensionDependencies for transitive malware delivery, and the introduction of Rust-based implants targeting developer toolchains. The Eclipse Foundation and Open VSX have implemented security measures such as token revocation and automated scanning, but the threat actors have repeatedly adapted by rotating infrastructure, obfuscating payloads, and expanding into new ecosystems like MCP servers. A new large-scale social engineering campaign has emerged, using fake VS Code security alerts posted in GitHub Discussions to distribute malware. The campaign automates posts across thousands of repositories using low-activity accounts, triggering GitHub email notifications with fake vulnerability advisories containing realistic CVE references. Links in these posts redirect victims through a cookie-driven chain to drnatashachinn[.]com, where a JavaScript reconnaissance payload profiles targets before delivering additional malicious payloads. This operation represents a coordinated, large-scale effort targeting developers as part of the broader GlassWorm malware campaign.

A threat actor compromised an API used by the CPUID project to replace official download links for CPU-Z and HWMonitor with malicious executables for at least six hours between April 9 and April 10, 2026. The malicious payload, distributed as HWiNFO_Monitor_Setup.exe, is a multi-stage trojanized installer that leverages an Inno Setup wrapper and a Russian installer component, operating primarily in-memory to evade detection. The campaign specifically targeted users of widely used system monitoring utilities, and forensic analysis indicates advanced evasion techniques such as proxying NTDLL functionality from a .NET assembly. The compromise was limited to distribution links; signed original binaries were not altered. CPUID reported that the developer was unavailable during the incident, and affected users are advised to verify downloads from trusted sources.

A financially motivated threat actor named Storm-2755 has compromised Canadian employee accounts via adversary-in-the-middle (AiTM) phishing to intercept and divert salary payments in a payroll pirate campaign. The attackers hijacked Microsoft 365 sessions by stealing authentication tokens and session cookies through malicious sign-in pages hosted on SEO-poisoned or malvertised domains, thereby bypassing MFA protections. Once inside victim mailboxes, Storm-2755 created stealthy inbox rules to hide HR correspondence, then contacted HR staff to update direct deposit details or directly modified payroll systems such as Workday to reroute payments. The campaign highlights ongoing abuse of legacy authentication and non-phishing-resistant MFA in enterprise environments.

A new study reveals AI browser extensions as a rapidly expanding, under-monitored attack vector in enterprise environments. These extensions bypass traditional security controls by operating within the browser, granting direct access to user inputs, session cookies, and rendered page content. Enterprise adoption is nearly universal—99% of users install at least one extension—with AI extensions displaying disproportionately high risk profiles, including elevated vulnerability rates, increased permission escalations, and ungoverned access to sensitive data. The lack of visibility and governance creates an unmonitored channel for data exfiltration, session hijacking, and policy evasion, particularly as AI tooling becomes embedded directly into browsing workflows.

Google released Chrome 147, addressing 60 security vulnerabilities including two critical flaws in the WebML component that enable heap buffer overflow and integer overflow conditions. Both issues were reported anonymously and awarded $43,000 each in bug bounty payouts, indicating high exploit potential such as sandbox escape or remote code execution. The update also introduces new session cookie protections to mitigate account compromise via stolen authentication cookies.

Google has enabled native end-to-end encryption (E2EE) for Gmail on Android and iOS mobile devices, allowing users with Enterprise Plus licenses and Assured Controls add-ons to compose, read, and send encrypted emails directly within the Gmail app without additional tools. Encrypted messages are delivered as regular emails to recipients, regardless of their email service or device, and are accessible via a web browser if the recipient lacks the Gmail app. This implementation leverages client-side encryption (CSE), where encryption keys are controlled by the organization and stored externally, ensuring Google and third parties cannot access message content, aligning with compliance requirements such as HIPAA and data sovereignty mandates.

Google has enabled Device Bound Session Credentials (DBSC) for all Windows users of Chrome 146, providing a cryptographic defense against session cookie theft by binding authentication sessions to hardware-backed security modules. The feature leverages Trusted Platform Module (TPM) on Windows to generate non-exportable public/private key pairs, ensuring stolen session cookies expire and become unusable to attackers. This deployment follows earlier testing phases and targets session theft, a prevalent threat facilitated by information-stealing malware such as Atomic, Lumma, and Vidar Stealer. Google reports a significant reduction in session theft incidents since DBSC’s introduction and plans further expansion to macOS and broader device support.

A pre-authenticated remote code execution (RCE) vulnerability in Marimo, an open-source Python notebook platform, was exploited in the wild within 9 hours and 41 minutes of public disclosure. The flaw, tracked as CVE-2026-39987 (CVSS 9.3), affects all versions of Marimo prior to 0.23.0 and resides in the unauthenticated /terminal/ws WebSocket endpoint, which lacks authentication validation. Attackers exploited the endpoint to obtain full PTY shells and execute arbitrary system commands without credentials. Targeted systems included internet-facing Marimo instances, where threat actors performed manual reconnaissance, harvested sensitive files such as .env and SSH keys, and returned to confirm findings—demonstrating rapid, human-driven exploitation without PoC availability.

Dutch Electronic Health Record (EHR) software vendor ChipSoft confirmed a ransomware attack impacting its HiX platform, leading to the offline status of core digital health services including patient and provider portals. The incident forced multiple Dutch hospitals to disconnect from ChipSoft systems as a precautionary measure to prevent further compromise. Healthcare institutions using HiX reported operational disruptions, including four confirmed affected hospitals, while the national healthcare CERT (Z-CERT) engaged in response and recovery efforts. The attack highlights the systemic risk posed by ransomware targeting healthcare IT providers, which act as critical infrastructure supporting numerous care facilities and handling sensitive patient data.

Google Chrome 146 for Windows introduces Device Bound Session Credentials (DBSC) to prevent infostealer malware from harvesting and exploiting session cookies. The feature cryptographically binds user sessions to hardware security chips—TPM on Windows and Secure Enclave on macOS—ensuring session data cannot be exported or reused by attackers. DBSC enforces short-lived session cookies validated through possession of a unique private key stored on-device, rendering exfiltrated cookies immediately unusable. This mitigation targets the rising sophistication of infostealer families such as LummaC2, which increasingly target session cookies to bypass authentication mechanisms.

A now-patched intent redirection vulnerability in EngageLab SDK versions 4.5.4 and earlier allowed malicious apps on affected Android devices to bypass application sandboxing and gain unauthorized access to private data. At least 50 million installations across multiple apps—including more than 30 million cryptocurrency wallets—were potentially exposed. An attacker would need a malicious app installed on the same device to exploit the flaw by manipulating intent contents leveraging the SDK’s trusted context.

A threat actor compromised the update mechanism for the Smart Slider 3 Pro plugin (versions for WordPress and Joomla) and distributed a malicious update (3.5.1.35) on April 7, 2026. The malicious version installed multiple backdoors, created a hidden administrator account with stolen credentials, and exfiltrated sensitive data. The malware includes unauthenticated remote command execution via crafted HTTP headers and authenticated PHP eval/OS command backdoors. Persistence is achieved through hidden admin accounts, must-use plugins, theme injections, and core file tampering. The vendor recommends immediate upgrade to version 3.5.1.36 (or rollback to 3.5.1.34 or earlier) and comprehensive site remediation.

A previously undocumented remote access trojan (RAT), designated STX RAT, was deployed against a financial services organization in late February 2026. The malware uses a multi-stage, in-memory execution chain with XXTEA encryption, Zlib compression, and reflective loading via PowerShell to evade file-based detection. It establishes encrypted command-and-control (C2) channels, delays credential theft until instructed, and employs virtual desktop integration to operate stealthily. Attackers leveraged opportunistic delivery vectors such as browser-downloaded scripts and trojanized installers. Initial access led to privilege escalation, persistent registry autorun and COM hijacking, and extensive post-exploitation capabilities including data harvesting, payload execution, and network tunneling.

Since mid-February 2026, a large-scale device code phishing campaign has targeted Microsoft 365 across at least 340 organizations in over 10 countries, escalating 37.5x in early April. The campaign abuses OAuth device authorization flows via the EvilTokens PhaaS platform and at least 10 additional phishing kits (VENOM, DOCUPOLL, SHAREFILE, etc.), granting persistent access tokens even after password resets. Attacks incorporate anti-bot evasion, multi-hop redirect chains via vendor services, and SaaS-themed lures, while mitigation focuses on disabling device code flows and monitoring anomalous authentications. Credential exposures like the Figure breach (967,200 email records) enable follow-on campaigns—credential stuffing, AI-generated phishing, and help desk social engineering—that bypass legacy MFA through real-time phishing relays and social engineering. Legacy MFA and even FIDO2 passkeys are structurally unable to prevent these attacks, which rely on human judgment at critical control points. Phishing-resistant authentication requires cryptographic origin binding, hardware-bound keys, and live biometric verification to close relay and delegation vectors.

Anthropic’s Claude Mythos Preview, under Project Glasswing, has autonomously discovered and remediated thousands of high-severity zero-day vulnerabilities across major operating systems, web browsers, and software libraries, including long-standing flaws such as a 27-year-old OpenBSD denial-of-service bug and a 16-year-old FFmpeg issue. The model’s agentic coding and reasoning capabilities—developed without explicit cybersecurity training—also enable it to autonomously craft complex exploits, such as a FreeBSD NFS server remote code execution chain and a multi-stage browser sandbox escape via JIT heap spray. Project Glasswing, a consortium involving AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic, provides $100 million in Mythos Preview usage credits and $4 million in donations to secure critical software. While Anthropic positions the initiative as a defensive tool to reshape cybersecurity, industry experts warn that the dual-use nature of Mythos Preview’s capabilities creates a race for defenders to remediate vulnerabilities before threat actors adopt similar AI-driven exploitation techniques. The lack of independent verification and transparency around error rates further complicates assessments of the model’s real-world efficacy.

A new variant of the Phorpiex (Trik) botnet, identified as Twizt, has evolved into a hybrid peer-to-peer (P2P) and HTTP polling command-and-control (C2) architecture using both TCP and UDP protocols, enabling resilience against takedowns. The malware primarily functions as a cryptocurrency clipper to reroute financial transactions, while also distributing sextortion spam, facilitating ransomware deployment (LockBit Black, Global), and exfiltrating sensitive data such as mnemonic phrases. Worm-like propagation occurs via removable and remote drives, alongside scanning for Local File Inclusion (LFI) vulnerabilities. The botnet maintains an average of 125,000 active infections daily, with the highest concentration of compromised hosts in Iran, Uzbekistan, China, Kazakhstan, and Pakistan.

A live webinar scheduled for April 30, 2026, will outline methods for detecting and analyzing early indicators of threat actor activity across underground and encrypted communication channels. The session highlights the use of dark web forums, Telegram channels, and access broker marketplaces to identify pre-attack signals such as vulnerability discussions, leaked credentials, and compromised access listings. The goal is to enable security teams to shift from reactive to proactive defense by translating fragmented threat intelligence into prioritized defensive actions. The webinar is hosted by BleepingComputer and features Tammy Harper, Threat Intelligence Researcher at RansomLook, alongside insights from Flare Systems on monitoring external threat surfaces.

Since June 2025, the COOKIE SPIDER group’s Shamos infostealer and Atomic macOS Stealer (AMOS) variants have targeted Mac devices via evolving ClickFix social engineering campaigns, stealing data and credentials from browsers, Keychain, Apple Notes, and cryptocurrency wallets. Early campaigns relied on malvertising, fake GitHub repositories, and signed Swift applications hosted on legitimate platforms like Cloudflare Pages and Squarespace. AMOS has been delivered through disk images, obfuscated shell scripts, and in-memory payloads, expanding from Terminal-based ClickFix tactics to abuse trusted macOS applications. In March 2026, Apple introduced a Terminal security feature in macOS Tahoe 26.4 that blocks pasted command execution and warns users of risks, disrupting ClickFix attack chains. A new campaign observed in April 2026 by Jamf researchers now abuses the built-in Script Editor application to bypass these protections. The campaign uses fake Apple-themed disk cleanup guides to trick users into launching Script Editor via the applescript:// URL scheme, executing an obfuscated payload in system memory that delivers Atomic Stealer. The new Script Editor-based ClickFix variation enables theft of Keychain data, browser autofill information, cryptocurrency wallet extensions, and system details without requiring Terminal interaction. AMOS continues to expand its capabilities, now including a backdoor component for persistent access to compromised systems.

A spear-phishing campaign targeting civil society figures in the Middle East—including high-profile journalists in Egypt and Lebanon—was attributed to a hack-for-hire operation linked to the South Asian advanced persistent threat (APT) group Bitter (T-APT-17, APT-C-08). Between 2023 and 2025, attackers used social engineering via fake accounts and impersonation of legitimate services, including Signal and Apple Support, to deliver ProSpy Android spyware and compromise cloud accounts. The campaign leveraged two-stage delivery, credential phishing, and Android malware to extract files, contacts, messages, geolocation, and enable microphone and camera access. A Lebanese journalist’s Apple account was compromised in 2025, while two Egyptian journalists thwarted attempts in 2023–2024. The operation’s scope extended to Bahraini government entities, UAE, Saudi Arabia, UK, and potentially US targets, with infrastructure repurposed across campaigns.

Eurail B.V. confirmed a December 26, 2025 data breach impacting 308,777 individuals, with stolen data including full names, passport details, ID numbers, bank account IBANs, health information, and contact details now being sold on the dark web. The breach involved unauthorized file transfers from Eurail’s network, and the company has notified affected customers and data protection authorities. Customers are advised to update passwords, monitor bank accounts, and remain vigilant against phishing attacks. The breach occurred after threat actors gained unauthorized access to Eurail’s customer database, exposing sensitive traveler information. Eurail initially disclosed the incident in February 2026, noting that a sample of the stolen data was published on Telegram. The European Commission later warned that health information for young travelers in the DiscoverEU program may also have been compromised.

SANS Institute’s 2026 State of Identity Threats & Defenses Survey reveals a critical governance gap as enterprises integrate agentic AI into core operations. Organizations report a 76% increase in non-human identities (NHIs), such as service accounts, API keys, automation bots, and workload identities, with 74% already deploying AI agents or automations requiring credentials. Unlike traditional NHIs, agentic AI behaves unpredictably—interpreting instructions at machine speed, potentially hallucinating, and operating autonomously with privileged access to critical infrastructure and data. Credential hygiene failings are widespread: 92% of organizations do not rotate machine credentials on a 90-day cycle, fearing service account breakage; 59% rotate fewer than half of NHI credentials quarterly, while 15% do not track rotation rates at all. Manual access reviews and ticket-based provisioning are failing to scale across DevOps, cloud, and SaaS systems, with 5% of organizations unaware they are running agentic AI and 15% not even knowing their credential rotation policy.

A zero-day vulnerability in Adobe Acrobat Reader has been actively exploited since at least December 2025 using maliciously crafted PDF documents. Threat actors leverage a sophisticated, fingerprinting-style exploit targeting an unpatched flaw, enabling data theft and potential remote code execution or sandbox escape on compromised systems without requiring user interaction beyond opening the PDF. The attacks appear to be selectively targeting users, with phishing lures referencing Russian-language content related to the oil and gas industry.

Attackers breached Bitcoin Depot’s corporate IT systems on March 23, 2026, and exfiltrated approximately 50.903 Bitcoin (valued at $3.665 million) from the company’s controlled wallets before access was blocked. The intrusion targeted Bitcoin Depot’s corporate environment and did not affect customer-facing platforms, systems, or data. The company activated incident response protocols, engaged external cybersecurity experts, and notified law enforcement and regulators, including the SEC.

Microsoft suspended developer accounts used to maintain multiple high-profile open-source projects, blocking the publication of Windows drivers and security updates. Affected projects include WireGuard, VeraCrypt, MemTest86, and Windscribe VPN. Developers reported no prior notification, lack of appeal process, and inability to contact Microsoft support. The suspensions stemmed from non-compliance with Microsoft’s mandatory Windows Hardware Program account verification initiated in October 2025. Critically, the disruption impacted the delivery of Windows updates, which constitute the majority of user platforms for these projects.

Since mid-March 2026, a critical unauthenticated remote code execution flaw named PolyShell has affected all supported versions of Magento Open Source and Adobe Commerce (version 2), enabling attackers to upload polyglot files via the REST API and achieve code execution. Adobe has only released a patch in the alpha release of version 2.4.9, leaving production deployments vulnerable. Exploitation is now actively occurring in the wild, with mass scanning activity since March 19, 2026, and successful compromises detected in 56.7% of all vulnerable stores. A new wave of attacks injects a 1x1-pixel SVG element with an onload handler containing a base64-encoded skimmer payload, executed via setTimeout to avoid detection. The malware intercepts checkout clicks, displays a fake 'Secure Checkout' overlay with card and billing fields, and validates payment data in real time using the Luhn algorithm. Stolen data is exfiltrated to six exfiltration domains hosted at IncogNet LLC in the Netherlands via XOR-encrypted, base64-obfuscated JSON. Indicators of compromise include the _mgx_cv key in browser localStorage and requests to /fb_metrics.php. Adobe has not yet released a production patch, and sixteen exfiltration domains and IP address 23.137.249.67 are now associated with these attacks.

Threat actors are increasingly leveraging emojis in covert communications, malware logic, and operational coordination to evade detection and automate malicious activities. Emojis are used across Telegram, Discord, underground forums, and malware code to signal commands, exfiltrate data, and coordinate campaigns, with notable examples including the Pakistan-linked UTA0137 group’s 'Disgomoji' malware that translated emojis into operational actions. The technique provides obfuscation against keyword filters, enables multilingual coordination in global cybercriminal ecosystems, and supports rapid, high-volume communications in fraud channels and illicit marketplaces.

HackerOne suspended new vulnerability submissions to its Internet Bug Bounty (IBB) program on March 27, 2026, citing a critical imbalance between AI-assisted vulnerability discovery rates and the limited remediation capacity of open source maintainers. The decision reflects the broader challenge of managing exponential increases in low-to-medium quality vulnerability reports generated by AI tools, which overwhelm volunteer-driven open source projects. The move has prompted downstream impacts, including the temporary suspension of the Node.js project’s bug bounty program due to funding loss through IBB. Industry experts characterize this as a structural shift in the vulnerability discovery and remediation pipeline, where discovery has been industrialized while remediation remains under-resourced and human-scale.