Latest Internet & Cybersecurity News
Incomplete Windows Patch Enables Zero-Click Attacks by APT28
Microsoft's April 2026 patches fixed CVE-2026-32202, an authentication coercion flaw from an incomplete fix for CVE-2026-21510, allowing zero-click credential theft via LNK files. Russia-linked APT28 exploited these chained with CVE-2026-21513 in attacks on Ukraine and EU since December 2025.
Akamai disclosed the issue after finding the patch incomplete.
Utilities Firm Itron Discloses Cybersecurity Breach
Itron, a utilities tech provider, reported an unauthorized breach of its IT systems on April 24 to the SEC, activating response plans with external advisors. The company remediated the access, notified law enforcement, and saw no impact on customer systems or operations.
It expects insurance to cover most costs with no material financial effect.
Medtronic Admits Unauthorized Access to Corporate IT Systems
Medical device maker Medtronic disclosed an unauthorized party accessed certain corporate IT data in an SEC filing, separate from product and customer networks. Hacker group ShinyHunters claimed to steal over 9M records of PII and internal data, issuing an extortion deadline.
The breach follows similar attacks on med-tech firms like Stryker.
US, UK Warn Firestarter Backdoor Survives Cisco Patching
CISA and UK authorities alerted that Firestarter malware persists on patched Cisco Firepower and Secure Firewall devices despite fixes for CVE-2025-20333 and CVE-2025-20362. A US federal agency was hit by UAT-4356 actors deploying Line Viper implants via ArcaneDoor campaign.
Cisco issued mitigation guidance; FCEB agencies urged to check for compromise.
Chinese State-Sponsored Hacker Extradited to US from Italy
A prolific contract hacker linked to Chinese state-sponsored operations was extradited to the US from Italy on April 28, 2026. The individual faces charges for cyber intrusions supporting Beijing's interests.
This marks a significant win in international cybercrime enforcement.
Anthropic's Mythos AI Uncovers 2000 Software Vulnerabilities in 7 Weeks
Anthropic's Mythos AI model identified over 2000 previously unknown software flaws in just seven weeks, raising alarms on AI's dual-use in cybersecurity. The rapid discovery highlights both defensive potential and risks of AI automating vulnerability hunting.
Experts warn of escalated security challenges from such tools.
OpenSSH Flaw Allows Full Root Shell Access After 15 Years
A long-lurking OpenSSH vulnerability enabling full root shell access was disclosed after existing undetected for 15 years. The flaw poses severe risks to SSH-dependent systems worldwide.
Immediate patching is recommended for all affected versions.
Malicious AI Prompt Injection Attacks Rising but Low Sophistication
Google reports increasing malicious AI prompt injection attacks, though attacker sophistication remains low. These exploits target AI systems to manipulate outputs or extract data.
Defenses should focus on input validation and model hardening.
Taiwan Initiative Identifies 20 Critical ICT Security Risks
A cybersecurity initiative spotted 20 valid ICT loopholes in Taiwan, including three severe and six high-risk vulnerabilities. The findings urge urgent remediation in government and critical infrastructure systems.
Administration officials emphasized proactive threat hunting.
UNC6692 Deploys 'Snow' Malware via Email Bombing and Social Engineering
Threat actor UNC6692 uses email flooding and social tactics to deliver Snow malware in targeted campaigns. The group focuses on initial access for further exploitation.
Organizations should enhance email filters and user training.
Security Experts Warn AI Supercharges Cyber Threats to Jewish Philanthropy
Experts caution that AI amplifies cyber risks to philanthropic and Jewish organizations, urging advanced defenses. Recent alerts highlight AI's role in sophisticated attacks.
Community networks recommend AI-aware security postures.