Home security provider ADT detected and confirmed an intrusion on April 20, 2026, leading to the theft of customer and prospective customer data by the ShinyHunters extortion group. The attackers accessed ADT’s Salesforce instance after compromising an employee’s Okta SSO account via voice phishing (vishing). Stolen data included names, phone numbers, addresses, and in a small subset of cases, dates of birth and partial Social Security or Tax ID numbers. No payment or authentication data was accessed, and ADT states customer security systems remained unaffected. ShinyHunters threatened to leak the data—claiming over 10 million records—unless a ransom is paid by April 27, 2026.

The **Firestarter malware**, a custom backdoor linked to the **UAT-4356** threat actor (associated with the **ArcaneDoor campaign**), continues to persist on **Cisco Firepower and Secure Firewall devices** running ASA or FTD software **even after firmware updates and security patches**. CISA and the U.K. NCSC confirmed that the malware enables **remote access and control** by threat actors, with persistence mechanisms that survive reboots and patching. The adversary initially exploited **CVE-2025-20333** (missing authorization) and **CVE-2025-20362** (buffer overflow) to deploy **Line Viper**—a user-mode shellcode loader used to extract credentials and configuration details—before installing Firestarter for long-term access. CISA’s updated **Emergency Directive 25-03** now requires Federal Civilian Executive Branch (FCEB) agencies to **identify vulnerable Firepower and Secure Firewall devices**, collect forensic evidence, and apply vendor-provided mitigations. Over **30,000 devices remain exposed globally**, despite prior patching efforts, with some organizations **incorrectly applying updates** and leaving systems vulnerable. Cisco’s advisory details Firestarter’s persistence via **LINA process hooking**, modification of boot files (e.g., `CSP_MOUNT_LIST`), and memory-resident shellcode triggered by crafted WebVPN requests. Mitigation requires **device reimaging** or, as a last resort, a **cold restart** (with risks of corruption). Administrators are urged to verify compromises using the command `show kernel process | include lina_cs`. The campaign reflects a broader trend of **multi-platform exploitation**, with UAT-4356 also linked to zero-day attacks on **Citrix Bleed 2 (CVE-2025-5777)** and **Cisco ISE (CVE-2025-20337)**, deploying custom malware like **‘IdentityAuditAction’** for persistence. The indiscriminate yet sophisticated targeting suggests a **highly resourced actor** with access to advanced tools or non-public vulnerability intelligence.

Microsoft is introducing several Windows Update policy and interface changes to reduce disruptions from forced restarts and improve user control over update timing. The changes include new pause controls, separated update-related shutdown/restart options, clearer device-specific driver labeling, and consolidation of multiple update types into a single monthly restart. These updates are designed to address user feedback about workflow interruptions and limited control over when updates are installed. The features are initially available to Windows Insiders in the Dev and Experimental channels, with broader deployment planned.

A financially motivated hacking group, tracked as BlackFile (aliases: CL-CRI-1116, UNC6671, Cordial Spider), has conducted sustained data theft and extortion attacks against retail and hospitality organizations since February 2026. The group employs voice-based phishing (vishing) campaigns impersonating corporate IT helpdesk staff to steal employee credentials and bypass multifactor authentication (MFA), escalating to executive-level account access. Stolen data is exfiltrated via Salesforce and SharePoint API functions, targeting files containing sensitive terms such as 'confidential' and 'SSN', prior to dark web leak site publications and extortion demands. Additional pressure tactics include swatting attempts against employees and executives.

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, enabling phishing-resistant passwordless authentication via Windows Hello. The feature is opt-in and will be available in public preview from mid-March through late April 2026 for worldwide tenants, with government cloud environments following in mid-April through mid-May and general availability expected by mid-June 2026. The update extends passwordless sign-in to unmanaged Windows devices—including corporate, personal, and shared devices—addressing a previous security gap where these devices relied on password-based authentication. The passkeys are device-bound and cryptographically secured, preventing theft via phishing or malware, and are stored in the Windows Hello container for authentication via face, fingerprint, or PIN. Admin controls via Conditional Access and Authentication Methods policies enable IT administrators to manage access across different device ownership scenarios.

A local privilege escalation vulnerability in the PackageKit daemon, tracked as CVE-2026-41651, allows unauthenticated users to execute arbitrary package installation or removal commands, leading to full root access on affected Linux systems. The flaw has existed for approximately 12 years in PackageKit versions up to 1.3.4 and impacts default installations across multiple major Linux distributions. Deutsche Telekom’s Red Team discovered the issue through authentication bypass in command handling, particularly in 'pkcon install' operations on Fedora systems. No public exploit code or technical details have been released to facilitate patching. The flaw carries a CVSS score of 8.8 (Medium severity) due to its high impact on confidentiality, integrity, and availability.

US authorities executed a coordinated enforcement action targeting a Myanmar-based scam compound linked to a broader Southeast Asian financial fraud network. The operation included sanctions against 29 individuals, the seizure of a Telegram channel with 6,000+ followers, and the takedown of over 500 .com domains tied to fake investment sites. Two Chinese nationals were criminally charged for managing operations that forced trafficked workers to conduct phone-based social engineering attacks targeting US citizens. The network’s infrastructure and workforce were traced to a compound seized by Burmese forces in November 2025 near the Thai border, revealing a multi-stage scam operation involving deceptive recruitment, coercion, and fraudulent financial schemes.

Unauthorized individuals accessed Anthropic’s Claude Mythos through a third-party vendor environment, exploiting an exposed interface designed for testing advanced AI capabilities. The incident highlights risks associated with third-party vendor integrations and the potential for misconfigured or inadequately secured AI testing interfaces to be leveraged for unauthorized access. No evidence of data exfiltration or operational disruption has been confirmed as of publication.

The Digital Operational Resilience Act (DORA) has enforced Article 9 requirements since January 17, 2025, establishing credential security as a binding financial risk control for EU financial institutions. Stolen credentials remain the leading initial access vector, accounting for 22% of breaches and costing the sector an average of $5.56 million per incident. DORA’s Article 9(4)(c) mandates least-privilege access, while Article 9(4)(d) requires strong authentication mechanisms, including phishing-resistant standards such as FIDO2/WebAuthn, and cryptographic key protection. Institutions failing to meet these controls face supervisory consequences, with mandatory incident reporting timelines under Article 19 triggered by credential-based breaches. Vendor credential security now falls under the same compliance perimeter, as demonstrated by high-profile breaches leveraging third-party access.

De-identified health data from 500,000 UK Biobank volunteers surfaced on Alibaba e-commerce platforms in China after researchers at three academic institutions misused their legitimate access to extract and attempt to sell the data. The UK government confirmed listings were identified and removed, with no evidence of purchase. UK Biobank emphasized the data lacked direct identifiers such as names, addresses, phone numbers, or NHS numbers, and stated it was de-identified. The breach was traced to a contractual violation by researchers who accessed the data outside the authorized UK-hosted research platform. UK Biobank suspended all platform access and suspended implicated researchers and institutions pending a forensic investigation.

Enterprises rapidly deploying AI systems are neglecting fundamental security controls, reviving previously mitigated risks while introducing new attack surfaces, according to Mandiant’s red-team findings. Security teams have observed adversaries leveraging authorized AI deployments to alter data classifications, bypass data loss prevention systems, and exfiltrate data, with initial access often gained through social engineering. Basic lapses—such as unencrypted AI-to-browser communication in financial environments—underscore systemic failures in secure AI integration.

Enterprises are confronting a structural governance failure in AI agent deployment tied to ungoverned delegation chains. AI agents derive authority from traditional enterprise identities—human users, machine identities, bots, and service accounts—creating a delegation gap where unmanaged or poorly governed delegators amplify hidden access and execution paths. Unlike static IAM models, agent authority requires dynamic, real-time observability of the entire delegation chain to determine permissible actions based on delegator posture, intent, context, and scope. The absence of such controls risks transforming agents into efficient vectors for privilege escalation and lateral movement.

A fraudulent Ledger Live macOS application, distributed through Apple’s App Store under the publisher name ‘Leva Heal Limited,’ compromised approximately 50 users in early April 2026, resulting in the theft of $9.5 million in cryptocurrency assets. The illicit app tricked users into entering seed phrases, granting attackers full wallet control and enabling fund transfers to attacker-controlled addresses. The incident is part of the broader Apple App Store infiltration campaign dubbed FakeWallet, linked to the SparkKitty operation and active since at least fall 2025. Kaspersky identified 26 malicious apps impersonating major wallets (e.g., Ledger, MetaMask, Coinbase) to steal seed phrases and drain crypto assets, with malware delivered via libraries, injected code, or OCR-based recovery phrase theft. Some apps contained latent malicious features awaiting future activation, and the campaign’s modules lacked regional restrictions despite initial targeting of Chinese-speaking users. Apple began removing malicious apps after Kaspersky’s disclosure, freezing implicated KuCoin accounts until April 20, 2026. New details indicate the apps redirected users to fake App Store-like browser pages to distribute trojanized wallet versions, while some non-crypto apps (e.g., games, calculators) acted as placeholders to direct victims to official wallets under regulatory pretexts. Attackers used OCR modules to capture recovery phrases and employed sophisticated phishing tactics, including code hooking during entry and fake verification prompts, to maximize theft efficiency.

Microsoft has introduced a new policy setting, RemoveMicrosoftCopilotApp, enabling enterprise administrators to uninstall the Copilot AI assistant from Windows 11 25H2 enterprise-managed devices after the April 2026 Patch Tuesday update. The policy is accessible via Policy CSP and Group Policy within Microsoft Intune or System Center Configuration Manager (SCCM) environments, targeting Windows 11 25H2 endpoints where Copilot is installed without user initiation and not recently used. The removal is non-disruptive and allows users to reinstall Copilot if desired, while applying only to Enterprise, Professional, and Education client SKUs.

Critical vulnerabilities in CrowdStrike LogScale and Tenable Nessus products were patched this week, exposing self-hosted LogScale instances to unauthenticated path traversal and enabling Windows-based Nessus scanners to suffer privilege escalation via junction-based attacks. CrowdStrike resolved CVE-2026-40050, a critical unauthenticated path traversal flaw in LogScale that permitted arbitrary file read access on affected servers. Tenable addressed CVE-2026-33694, a high-severity vulnerability in Nessus for Windows allowing arbitrary file deletion and potential arbitrary code execution with SYSTEM privileges through junction-based exploitation. No evidence of exploitation in the wild has been identified by CrowdStrike, and mitigations were automatically applied for SaaS LogScale customers. Self-hosted LogScale and Nessus users are advised to apply vendor-supplied updates immediately.

A campaign attributed to Tropic Trooper (APT23, Earth Centaur) uses a trojanized SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent. Chinese-speaking individuals in Taiwan and users in South Korea and Japan are targeted via military-themed ZIP archives containing malicious SumatraPDF executables. The executable displays a decoy PDF while fetching encrypted shellcode from a staging server to launch AdaptixC2, which communicates with C2 infrastructure via GitHub. Subsequent activity includes deployment of Microsoft VS Code tunnels for remote access on high-value hosts, alongside the use of trojanized applications for camouflage. The staging server at 158.247.193[.]100 has hosted Cobalt Strike Beacon and the custom EntryShell backdoor previously associated with Tropic Trooper.

Supply chain compromise in the Trivy vulnerability scanner triggered the CanisterWorm propagation across CI/CD pipelines, now expanding to additional open-source ecosystems and involving multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) and Cisco confirming collaboration and horizontal movement across cloud environments. A new npm supply chain malware campaign discovered on April 24, 2026, shows self-propagating worm-like behavior via @automagik/genie and pgserve packages, stealing credentials and spreading across developer ecosystems while using Internet Computer Protocol (ICP) canisters for command and control. The malware shares technical similarities with prior TeamPCP campaigns, including post-install scripts and canister-based infrastructure, potentially indicating ongoing evolution of the threat actor's tactics or a new campaign leveraging established infrastructure. The Axios NPM package compromise via malicious versions 0.27.5 and 0.28.0 delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with attribution disputes suggesting either TeamPCP involvement or North Korean actor UNC1069 (Google's Threat Intelligence Group). Cisco's internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories including proprietary AI product code and customer data from banks, BPOs, and US government agencies. Multiple AWS keys were abused across a subset of Cisco's cloud accounts, with multiple threat actors participating in the breach.

A pre-authenticated remote code execution (RCE) vulnerability in Marimo, tracked as CVE-2026-39987 (CVSS 9.3), was exploited in the wild within hours of public disclosure, enabling attackers to gain full PTY shells on exposed instances via the unauthenticated /terminal/ws WebSocket endpoint. The flaw, affecting Marimo versions prior to 0.23.0, initially led to rapid, human-driven exploitation campaigns focused on credential theft. Recent attacks have expanded to deploy a new NKAbuse malware variant hosted on Hugging Face Spaces, using typosquatted repositories to evade detection and establish persistent remote access. Additional exploitation activity includes sophisticated lateral movement, such as reverse-shell techniques and database enumeration, indicating a shift toward multi-stage attacks beyond initial credential harvesting. GitHub assessed the flaw with a critical CVSS score of 9.3, and Marimo developers confirmed impact on instances deployed as editable notebooks or exposed via --host 0.0.0.0 in edit mode. This event is distinct from the LMDeploy SSRF flaw (CVE-2026-33626), which was exploited within 12 hours of disclosure to conduct internal network reconnaissance via SSRF, targeting cloud metadata services, Redis, and MySQL instances.

Unauthenticated attackers are actively exploiting a critical file upload vulnerability (CVE-2026-3844) in the Breeze Cache WordPress plugin (400,000+ active installations) to upload arbitrary files and achieve remote code execution (RCE) on affected servers. Exploitation requires the optional "Host Files Locally - Gravatars" add-on to be enabled, which is disabled by default. The flaw stems from missing file-type validation in the ‘fetch_gravatar_from_remote’ function and has a CVSS score of 9.8. Cloudways issued a patch in version 2.4.5, but over 138,000 downloads of the latest version suggest widespread exposure.

China-nexus cyber actors are systematically industrializing botnets composed primarily of compromised small office/home office (SOHO) routers and consumer IoT devices to support low-signature, high-deniability operations against US and allied organizations. These covert networks are maintained at scale by dedicated teams—potentially affiliated with Chinese information security firms—who continuously update and expand the botnets, while distributing access to multiple state-backed groups such as Flax Typhoon and Volt Typhoon. The infrastructure enables reconnaissance, malware delivery, command-and-control, data exfiltration, and deniable browsing, complicating attribution and defensive countermeasures. The advisory emphasizes that while botnet usage is not new, the strategic scale, tempo, and division of labor in China-aligned operations represent a marked escalation. Organizations are urged to implement network edge profiling, zero-trust controls, and threat hunting to detect anomalous connectivity patterns from consumer broadband ranges and known covert nodes.

Trigona ransomware affiliates are deploying a custom-built command-line exfiltration tool named "uploader_client.exe" to streamline data theft from compromised environments. The tool facilitates parallel uploads, connection rotation post-2GB traffic to evade monitoring, selective file type exfiltration, and access restriction via authentication keys. Observed in March 2026 attacks, the utility supports faster and stealthier data exfiltration compared to public tools like Rclone or MegaSync, reducing detection risks during critical phases of intrusions. The campaign leverages the Trigona ransomware, a double-extortion operation active since October 2022, targeting high-value documents such as invoices and PDFs on network drives. Recent activity suggests resumption of operations following disruptions to the group’s infrastructure in October 2023.

Google Cloud has decided against releasing a dedicated cybersecurity-focused frontier AI model, instead prioritizing the use of its general-purpose Gemini series (e.g., Gemini 3.1 Pro) for security workflows. Francis DeSouza, Google Cloud COO, stated that generalist models like Gemini have demonstrated sufficient capability across domains, including cybersecurity, negating the need for niche alternatives. The strategy emphasizes integrating high-quality general models with tailored tooling, governance, and contextual training for defense use cases rather than developing specialized cyber models.

TeamPCP has continued to escalate its multi-vector CanisterWorm campaign into a geopolitically targeted operation, leveraging compromised PyPI packages (LiteLLM versions 1.82.7–1.82.8 and Telnyx versions 4.87.1–4.87.2) and now Checkmarx KICS tooling to deliver credential-stealing malware that harvests SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files. The group’s most recent compromise involves the Checkmarx KICS analysis tool, where attackers pushed malicious Docker images to the official "checkmarx/kics" repository (overwriting v2.1.20 and introducing v2.1.21), alongside infected VS Code and Open VSX extensions that executed a hidden MCP addon to fetch and deploy multi-stage credential theft malware. The attack targeted data processed by KICS—including GitHub tokens, cloud provider credentials, npm tokens, SSH keys, and environment variables—encrypted and exfiltrated it to audit.checkmarx[.]cx, a domain designed to impersonate legitimate Checkmarx infrastructure. While TeamPCP publicly claimed the attack, researchers noted insufficient evidence beyond pattern-based correlations to confidently attribute the breach. The malicious timeframe for the Docker image compromise lasted from 2026-04-22 14:17:59 UTC to 15:41:31 UTC before affected tags were restored to legitimate digests. The campaign began as a supply-chain attack involving 47 compromised npm packages and escalated to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and direct targeting of CI/CD pipelines via GitHub Actions workflows (e.g., Checkmarx, Trivy). Recent compromises of LiteLLM and Telnyx demonstrate rapid iteration and maturation of supply-chain attack methodology, while destructive payloads targeting Iranian systems in Kubernetes environments (e.g., time-zone/locale-based wipers) highlight the group’s geopolitical alignment. The LiteLLM compromise specifically turned developer endpoints into systematic credential harvesting operations, with malware activating during installation/updates and cascading through transitive dependencies (e.g., dspy, opik) to affect organizations that never directly used LiteLLM. A coordinated attack on Checkmarx ecosystems has been discovered, including malicious images pushed to the official "checkmarx/kics" Docker Hub repository (v2.1.20, alpine overwritten; v2.1.21 introduced) and infected Visual Studio Code extensions (1.17.0, 1.19.0) that executed remote addons via Bun without user consent. The malware collected and exfiltrated sensitive data from infrastructure-as-code scans, exposing credentials in Terraform, CloudFormation, or Kubernetes configurations. Techniques and exfiltration infrastructure (e.g., ICP canister cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io) resemble TeamPCP's CanisterWorm operations, though attribution remains unconfirmed. The Docker Hub repository has been archived, and affected organizations must remediate potentially compromised secrets.

Threat actors impersonated a Marks & Spencer (M&S) employee to a third-party service desk in April 2025, convincing agents to perform a password reset that bypassed multi-factor authentication (MFA). This granted initial access, enabling subsequent Active Directory credential theft, lateral movement, and ransomware deployment that disrupted national operations for five days, resulting in estimated daily losses of £3.8 million ($5.1 million).

A regression introduced in a recent Microsoft Edge browser update prevents Windows users from joining Microsoft Teams meetings via scheduled invites or direct links. Microsoft confirmed the issue on April 23, 2026, and assigned incident report TM1288497. The failure occurs during the meeting join process, with restarting the Teams client serving as a temporary workaround. Microsoft is actively investigating the regression source and monitoring diagnostic data to determine the full scope of impact, including affected user counts and regions.

China-nexus advanced persistent threat (APT) groups are increasingly routing malicious traffic through large-scale botnets composed of compromised consumer and small office/home office (SOHO) devices to evade detection and attribution. These botnets, primarily consisting of routers, IP cameras, video recorders, and NAS units, enable threat actors to chain traffic through multiple intermediate nodes, obscuring geographic origins and disguising malicious activity as benign traffic. The UK National Cyber Security Centre (NCSC-UK) and allied agencies report that the majority of Chinese state-sponsored groups now favor such proxy networks over traditional infrastructure procurement. Recent disruptions—including the FBI’s takedown of the Raptor Train botnet in September 2024 and disruption of the KV-Botnet in January 2024—highlight the scale and persistence of these operations, with some networks revived within months by threat actors.

A previously undocumented China-aligned APT group named GopherWhisper has compromised at least 12 confirmed systems across Mongolian governmental institutions and dozens more globally since at least 2023 using a suite of Go-based backdoors and loaders. The threat actor abuses legitimate services—Discord, Slack, Microsoft 365 Outlook, and file.io—for command-and-control (C2) communications and data exfiltration. Operational activity began as early as November 2023, with C2 timestamps aligning to China Standard Time working hours (8 a.m.–5 p.m. CST), confirming human operator involvement. ESET telemetry indicates further victimization beyond Mongolia, though geography and sector details remain limited. Newly identified tools include JabGopher (an injector for LaxGopher) and FriendDelivery (a loader for BoxOfFriends), expanding the group’s toolkit. Hardcoded credentials in backdoors enabled researchers to recover thousands of Slack and Discord messages, reinforcing attribution to China.

Google Cloud introduced the Gemini Enterprise Agent Platform to manage autonomous AI agents with unique cryptographic identities and enforce zero-trust verification across orchestration steps. The platform assigns each agent a distinct cryptographic ID tied to auditable authorization policies, enabling traceability and governance across agent actions. Security risks introduced by autonomous, goal-oriented AI agents are addressed through a suite of new capabilities, including an Agent Registry for indexing agents and tools, an Agent Gateway for policy enforcement, and an Agent Security Dashboard for threat detection and vulnerability scanning.

Analysis of nearly 800,000 email attacks across 4,600+ organizations reveals a significant shift in attacker tactics from exploiting technical flaws to targeting behavioral and organizational trust within workflows. Email-based threats now rely on finely tailored social engineering, leveraging trusted relationships, routine operations, and evasive pretexts to bypass detection. Phishing remains the most prevalent method (58%), while Business Email Compromise (BEC) and its subtype Vendor Email Compromise (VEC)—now comprising over 60% of BEC attacks—deliver higher impact despite lower volume. Attackers exploit predictable workflows such as file-sharing, invoicing, and internal communications, using redirect chains (over 20% of phishing) and popular URL shorteners (e.g., TinyURL, t.co) to conceal malicious destinations. Geographic targeting is evident, with invoice fraud dominating VEC in North America and procurement-stage pretexts prevailing in EMEA.

Luxury cosmetics company Rituals disclosed an unauthorized access incident affecting its My Rituals loyalty program members. The intrusion occurred earlier in April 2026 and resulted in the exfiltration of members’ personally identifiable information (PII), including names, addresses, phone numbers, email addresses, dates of birth, and gender. The incident was contained after detection, with no indication of password or payment data compromise. Rituals has initiated forensic analysis and notified relevant authorities but has not disclosed the number of affected individuals at this time.