Weekly Review - April 20, 2026

Covers 6 daily digests (2026-04-14 to 2026-04-20).

All summaries, analysis, and story clustering are done by an LLM. It may make mistakes and say incorrect things. Check the sources and support the actual journalists.

Vulnerabilities & Patches

NIST narrows CVE analysis scope to manage rising vulnerability volume

Active: 2026-04-16, 2026-04-19, 2026-04-20

The reporting tracks the evolution of NIST's strategy to address a massive surge in CVE submissions that has overwhelmed the National Vulnerability Database. While initial coverage focused on the implementation of a risk-based enrichment model to prioritize systemic risks, subsequent reports clarified the significant impact of this shift, noting that many vulnerabilities will no longer receive automated severity scoring. The narrative progressed from announcing a new prioritization framework to highlighting the specific consequences for defenders who can no longer rely on the NVD for comprehensive automated analysis.

Coverage Timeline

• 2026-04-16: Coverage announces NIST's transition to a risk-based enrichment model to manage the growing backlog of vulnerabilities.
• 2026-04-19: Reporting expands to detail that the new scope means many vulnerabilities will lack automated enrichment or severity scoring, while identifying key industry experts commenting on the shift.
• 2026-04-20: Coverage emphasizes the specific impact on cybersecurity defenders, noting that they can no longer rely on the NVD for automated scoring on all vulnerabilities.

Sources

• NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software - SecurityWeek, 2026-04-16 (quality: 19/21)
• NIST to stop rating non-priority flaws due to volume increase - BleepingComputer, 2026-04-19 (quality: 17/21)
• NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities - CyberScoop, 2026-04-15 (quality: 20/21)
• NIST limits vulnerability analysis as CVE backlog swells - Cybersecurity Dive - Latest News, 2026-04-16 (quality: 10/21)
• NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions - The Hacker News, 2026-04-17 (quality: 11/21)
• How NIST's Cutback of CVE Handling Impacts Cyber Teams - darkreading, 2026-04-17 (quality: 20/21)
• NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities - darkreading, 2026-04-16 (quality: 20/21)

Data Breaches

McGraw Hill confirms massive data breach affecting 13.5 million accounts

Active: 2026-04-15, 2026-04-16

The situation escalated from an initial extortion threat and confirmation of unauthorized access to a massive-scale data leak. While the first reports focused on the threat of a leak and the identification of a Salesforce misconfiguration, the scope of the incident was later revealed to involve 13.5 million user accounts. The story concluded with the confirmed release of this stolen data by the ShinyHunters group.

Coverage Timeline

• 2026-04-15: Reports confirm that McGraw-Hill is facing an extortion threat and has identified a breach caused by a Salesforce misconfiguration.
• 2026-04-16: Coverage expands to reveal that the ShinyHunters group has leaked the data of 13.5 million McGraw Hill accounts.

Sources

• McGraw-Hill confirms data breach following extortion threat - BleepingComputer, 2026-04-14 (quality: 17/21)
• Data breach at edtech giant McGraw Hill affects 13.5 million accounts - BleepingComputer, 2026-04-16 (quality: 18/21)

Storm-1865 hackers breach Booking.com to expose sensitive guest reservation data

Active: 2026-04-14, 2026-04-19

The situation escalated from an initial report of a general security breach involving unauthorized access to user data to a more specific identification of the threat actor, Storm-1865. While the first report focused on the immediate need for PIN resets and the risk of phishing, subsequent coverage revealed that the breach actually occurred through the compromise of hotel partners. This expansion of the story clarified the attack vector and highlighted the significant scale of the resulting scams and financial losses reported to authorities.

Coverage Timeline

• 2026-04-14: Booking.com reports a security breach involving unauthorized access to reservation information and the necessity of PIN resets.
• 2026-04-19: New reports identify the threat actor as Storm-1865 and reveal that the breach originated via compromised hotel partners.

Sources

• New Booking.com data breach forces reservation PIN resets - BleepingComputer, 2026-04-13 (quality: 17/21)
• Booking.com Says Hackers Accessed User Information - SecurityWeek, 2026-04-13 (quality: 15/21)
• Booking.com breach gives scammers what they need to target guests - Malwarebytes, 2026-04-16 (quality: 16/21)

Malware & Botnets

ZionSiphon malware targets Israeli water and desalination control systems

Active: 2026-04-17, 2026-04-20

The story evolved from the initial discovery of the malware's specific destructive capabilities to a more detailed understanding of its operational methods. While the first report focused on the malware's intent to manipulate chlorine levels and hydraulic pressure, subsequent reporting clarified that the strain functions by scanning local subnets for specific operational technology services and tampering with local configurations. The narrative transitioned from identifying the potential physical impact on water safety to detailing the technical reconnaissance phase used by the threat actors.

Coverage Timeline

• 2026-04-17: Darktrace reports on the discovery of ZionSiphon and its specific capabilities to manipulate chemical levels and pressure in Israeli water plants.
• 2026-04-20: New details emerge regarding the malware's technical behavior, specifically its ability to perform local subnet scans for OT-relevant services.

Sources

• ZionSiphon malware designed to sabotage water treatment systems - BleepingComputer, 2026-04-16 (quality: 17/21)
• ZionSiphon Malware Targets ICS in Water Facilities - SecurityWeek, 2026-04-17 (quality: 19/21)
• Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems - The Hacker News, 2026-04-20 (quality: 10/21)

Hackers target TP-Link routers with Mirai malware using known vulnerabilities

Active: 2026-04-19, 2026-04-20

The narrative shifts from reporting on active, automated scanning campaigns using Mirai-like malware to revealing that these exploitation attempts have been largely unsuccessful. While the initial reports highlighted the persistent risk of command injection in end-of-life TP-Link routers, subsequent coverage clarified that errors in the attackers' exploit code have prevented actual compromises. The story concludes by identifying specific vulnerable router models and noting that the threat actors have been struggling with these technical failures for over a year.

Coverage Timeline

• 2026-04-19: Reports emerge regarding automated scanning campaigns using Mirai variants to exploit a command injection vulnerability in TP-Link routers.
• 2026-04-20: New coverage reveals that the ongoing exploitation attempts have failed due to errors in the attackers' exploit code.

Sources

• A Deep Dive Into Attempted Exploitation of CVE-2023-33538 - Unit 42, 2026-04-16 (quality: 17/21)
• Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers - SecurityWeek, 2026-04-20 (quality: 20/21)

Over 100 Malicious Chrome Extensions Stealing Data From Thousands of Users

Active: 2026-04-15, 2026-04-19

The reporting on this malicious extension campaign evolved from identifying the technical infrastructure and threat actors to quantifying the actual impact on users. While initial reports focused on the shared command-and-control servers and the involvement of a Russian malware-as-a-service operation, subsequent coverage revealed that the breach had already affected approximately 20,000 users. The narrative shifted from a technical analysis of data exfiltration methods to a broader assessment of the scale of the credential theft and session hijacking.

Coverage Timeline

• 2026-04-15: Socket reports on a coordinated campaign involving over 100 Chrome extensions using shared infrastructure to steal OAuth2 tokens and deploy backdoors.
• 2026-04-19: New coverage reveals that the cluster of 108 extensions has successfully stolen data from 20,000 users and is injecting unauthorized ads into web pages.

Sources

• Over 100 Chrome Web Store extensions steal user accounts, data - BleepingComputer, 2026-04-14 (quality: 19/21)
• 100 Chrome Extensions Steal User Data, Create Backdoor - SecurityWeek, 2026-04-15 (quality: 20/21)
• 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users - GRAHAM CLULEY, 2026-04-15 (quality: 17/21)
• 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users - The Hacker News, 2026-04-14 (quality: 16/21)

AI & Machine Learning Security

Frontier AI advances cyber exploits as US and UK prepare defenses

Active: 2026-04-14, 2026-04-20

The narrative evolved from an initial warning about the specific capabilities of Anthropic's Claude Mythos model to a broader industry-wide realization regarding the acceleration of automated exploitation. While the first report focused on the geopolitical preparations of US and UK leaders in response to this new asymmetric threat, subsequent reporting expanded the scope to include findings from hands-on testing by researchers at Unit 42. The situation escalated from a localized concern about a single model to a systemic threat involving frontier AI models that can autonomously target open-source software maintainers.

Coverage Timeline

• 2026-04-14: Reports emerge regarding the emergence of the Claude Mythos model and the resulting preparations by US and UK leaders for new cyber threats.
• 2026-04-20: Coverage expands to include research from Unit 42 demonstrating how frontier AI models are accelerating the autonomous discovery and exploitation of software vulnerabilities.

Sources

• Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos - CyberScoop, 2026-04-13 (quality: 20/21)
• CSA: CISOs Should Prepare for Post-Mythos Exploit Storm - darkreading, 2026-04-13 (quality: 20/21)
• Fracturing Software Security With Frontier AI Models - Unit 42, 2026-04-20 (quality: 16/21)

OpenAI expands access to new GPT-5.4-Cyber model for enhanced defense

Active: 2026-04-17, 2026-04-19

The narrative tracks the expansion of OpenAI's specialized cybersecurity capabilities in response to Anthropic's release of the autonomous vulnerability-discovery model, Claude Mythos. While initial reports focused on the widening access of the GPT-5.4-Cyber model to verified defenders, subsequent coverage detailed the specific launch of the model itself and the massive scaling of the "Trusted Access for Cyber" program to thousands of users. The situation has evolved from a strategic response to a competitor into a large-scale deployment of defensive AI tools aimed at countering potential bad actors.

Coverage Timeline

• 2026-04-17: Reports cover OpenAI's decision to expand access to its GPT-5.4-Cyber model following Anthropic's reveal of the Mythos AI model.
• 2026-04-19: Coverage details the official launch of the GPT-5.4-Cyber model and the expansion of the "Trusted Access for Cyber" program to thousands of users.

Sources

• OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal - SecurityWeek, 2026-04-16 (quality: 15/21)
• OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model - CyberScoop, 2026-04-15 (quality: 16/21)
• In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy - Security Latest, 2026-04-14 (quality: 9/21)
• OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams - The Hacker News, 2026-04-15 (quality: 8/21)

Legal & Law Enforcement

US nationals sentenced for aiding North Korean IT worker scheme

Active: 2026-04-16, 2026-04-19

While the initial reports focused on the sentencing of the primary facilitators and the general nature of the North Korean IT scheme, subsequent coverage expanded significantly on the specific impact of the operation. New details emerged regarding the specific shell companies used to mask the operatives, the identification of a California-based defense contractor as a victim, and the scale of identity theft involving at least 80 U.S. residents. The reporting evolved from a high-level overview of the legal outcome to a more granular breakdown of the fraudulent infrastructure and the broader list of indicted individuals involved.

Coverage Timeline

• 2026-04-16: Coverage reports on the sentencing of two U.S. nationals for their role in a North Korean IT scheme and identifies the primary facilitators and researchers involved.
• 2026-04-19: Coverage expands to identify specific shell companies, the involvement of a defense contractor, the number of identity theft victims, and additional unnamed indicted individuals.

Sources

• US nationals behind DPRK IT worker 'laptop farm' sent to prison - BleepingComputer, 2026-04-16 (quality: 18/21)
• US nationals sentenced for aiding North Korea’s tech worker scheme - CyberScoop, 2026-04-16 (quality: 20/21)
• New Jersey men given lengthy sentences for running North Korean laptop farms - The Record from Recorded Future News, 2026-04-16 (quality: 12/21)
• Two North Korean IT Worker Scheme Facilitators Jailed in the US - SecurityWeek, 2026-04-17 (quality: 18/21)

Policy & Regulation

Lawmakers and Trump push to extend controversial Section 702 surveillance powers

Active: 2026-04-15, 2026-04-19, 2026-04-20

The situation evolved from an initial political debate over the long-term reauthorization of Section 702 into a series of legislative maneuvers to prevent the program's expiration. While the Trump administration initially lobbied for a permanent renewal, the House of Representatives instead passed a much shorter, ten-day extension following failed negotiations. The tension culminated in the Senate approving a brief extension through the end of April, narrowly averting a total lapse in surveillance authorities.

Coverage Timeline

• 2026-04-15: Reports emerge regarding the political tension between the Trump administration's push for surveillance extension and lawmakers' calls for privacy protections.
• 2026-04-19: Coverage details the House of Representatives passing a short-term, ten-day extension of the FISA program despite executive lobbying for a longer term.
• 2026-04-20: News breaks that the Senate has approved a brief extension of the surveillance powers through April 30 to avoid an immediate expiration.

Sources

• Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections - SecurityWeek, 2026-04-15 (quality: 18/21)
• The surveillance law Congress can’t quit — and can’t explain - CyberScoop, 2026-04-17 (quality: 20/21)
• In defeat for Trump, House extends electronic spying program for just 10 days - The Record from Recorded Future News, 2026-04-17 (quality: 10/21)
• Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance - Security Latest, 2026-04-17 (quality: 10/21)
• Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House - SecurityWeek, 2026-04-20 (quality: 18/21)

In Brief

Notable one-off stories with significant broader implications.

• Vercel confirms data breach following hack by Context AI group. (2026-04-20)
  • Vercel confirms breach as hackers claim to be selling stolen data - BleepingComputer
  • Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials - The Hacker News
  • Next.js Creator Vercel Hacked - SecurityWeek
• Massive Crypto Hack and Fraud Drain Millions from Users (2026-04-19)
  • Singer loses life savings to fake wallet downloaded from the Apple App Store - GRAHAM CLULEY
  • Grinex exchange blames "Western intelligence" for $13.7M crypto hack - BleepingComputer
  • $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims - The Hacker News
• OpenAI updates Mac apps following North Korea-linked supply chain hack. (2026-04-14)
  • OpenAI’s Mac apps need updates thanks to the Axios hack - CyberScoop
  • OpenAI rotates macOS certs after Axios attack hit code-signing workflow - BleepingComputer
  • OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack - SecurityWeek
• Threat actors abuse n8n automation to deliver malware via phishing. (2026-04-19)
  • The n8n n8mare: How threat actors are misusing AI workflow automation - Cisco Talos Blog
  • n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails - The Hacker News
• British Hacker Pleads Guilty in $8M Scattered Spider Scheme (2026-04-20)
  • British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme - The Record from Recorded Future News
  • British Scattered Spider Hacker Pleads Guilty in the US - SecurityWeek
• New North Korean Malware Targets macOS Users via ClickFix (2026-04-19)
  • Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise - Threat intelligence | Microsoft Security Blog
  • North Korea Uses ClickFix to Target macOS Users' Data - darkreading
• New Malware Campaigns Target Crypto Users and Android Devices (2026-04-19)
  • Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks - The Hacker News
  • Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads - The Hacker News
• New PowMix botnet targets Czech workforce with randomized traffic. (2026-04-19)
  • PowMix botnet targets Czech workforce - Cisco Talos Blog
  • Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic - The Hacker News
• Rising Iranian Cyber Threats Target Critical Water Infrastructure (2026-04-19)
  • Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) - Unit 42
  • ZionSiphon Malware Targets ICS in Water Facilities - SecurityWeek
• Hackers sentenced to prison for selling stolen DraftKings accounts. (2026-04-19)
  • Man gets 30 months for selling thousands of hacked DraftKings accounts - BleepingComputer
  • Another DraftKings Hacker Sentenced to Prison - SecurityWeek
• Cyberattacks target Ukrainian government agencies and healthcare infrastructure. (2026-04-19)
  • Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies - The Record from Recorded Future News
  • UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign - The Hacker News
• US and Indonesia Shut Down Sophisticated W3LL Phishing Service (2026-04-14)
  • FBI takedown of W3LL phishing service leads to developer arrest - BleepingComputer
  • US, Indonesia shut down ‘sophisticated’ phishing kit - Cybersecurity Dive - Latest News
• Omnistealer and New Infostealers Highlight Recent Weekly Security Threats (2026-04-20)
  • A week in security (April 13 – April 19) - Malwarebytes
• Stolen Rockstar Games analytics data leaked by extortion gang (2026-04-14)
  • Stolen Rockstar Games analytics data leaked by extortion gang - BleepingComputer
• Pushpaganda Scam Uses AI to Exploit Google Discover Feeds (2026-04-19)
  • AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud - The Hacker News
• Apple Account Change Alerts Exploited for Sophisticated Phishing Attacks (2026-04-20)
  • Apple account change alerts abused to send phishing emails - BleepingComputer
• Chinese Operative Targeted Alysa Liu’s Father in Surveillance Campaign (2026-04-20)
  • The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad - Security Latest
• FakeWallet malware targets iOS users via malicious App Store apps (2026-04-20)
  • FakeWallet crypto stealer spreading through iOS apps in the App Store - Securelist
• Mirax RAT Targeting Android Users in Europe (2026-04-15)
  • Mirax RAT Targeting Android Users in Europe - SecurityWeek
• Payouts King Ransomware Uses QEMU VMs to Evade Security Detection (2026-04-19)
  • Payouts King ransomware uses QEMU VMs to bypass endpoint security - BleepingComputer
• Gold Encounter Uses QEMU Emulator to Evade Security Detection (2026-04-20)
  • Hackers Abuse QEMU for Defense Evasion - SecurityWeek
• 313 Team Launches Sophisticated DDoS Attack Against Bluesky Platform (2026-04-20)
  • Bluesky Disrupted by Sophisticated DDoS Attack - SecurityWeek
• Nexcorium Mirai Variant Exploits CVE-2024-3721 to Hijack TBK DVRs (2026-04-19)
  • Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet - The Hacker News
• Cisco Talos Report: State Actors Use Similar Tactics for Access (2026-04-19)
  • State-sponsored threats: Different objectives, similar access paths - Cisco Talos Blog
• Airspace DVRs Exploited via Default Credentials in Global Attacks (2026-04-19)
  • [Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th) - SANS Internet Storm Center, InfoCON: green
• Lumma Stealer and Sectop RAT Deploy via Cracked Software Downloads (2026-04-19)
  • Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th) - SANS Internet Storm Center, InfoCON: green
• Microsoft 365 Mailbox Rules Can Bypass Email Password Changes (2026-04-19)
  • Sometimes changing the password on your email mailbox isn’t enough - GRAHAM CLULEY
• FIFA World Cup 2026 Partners Vulnerable to Email Fraud Risks (2026-04-19)
  • FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud - Proofpoint News Feed
• Microsoft Defender Zero-Day and SonicWall Brute-Force Attacks Highlighted (2026-04-19)
  • ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories - The Hacker News
• TeamPCP Exploits LiteLLM to Launch Multi-Ecosystem Supply Chain Attack (2026-04-19)
  • Your Supply Chain Breach Is Someone Else's Payday - Recorded Future
• AI-Generated Ghost Breaches Create New Threat Vector for Organizations (2026-04-19)
  • Ghost breaches: How AI-mediated narratives have become a new threat vector - CyberScoop
• National Cyber Director Signals New Executive Orders for Cyber Strategy (2026-04-19)
  • Executive orders likely ahead in next steps for national cyber strategy - CyberScoop
• Super Micro Computer Networks Linked to Massive AI Chip Smuggling (2026-04-19)
  • We’re only seeing the tip of the chip-smuggling iceberg - CyberScoop
• South East London NHS Trust Still Faces Ransomware Disruptions (2026-04-19)
  • Ransomware attack continues to disrupt healthcare in London nearly two years later - The Record from Recorded Future News
• AI-Generated Deepfake Nudes Target 600 Students Across 90 Global Schools (2026-04-19)
  • The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought - Security Latest
• Telegram Still Hosts Sanctioned Xinbi Guarantee Crypto Scam Network (2026-04-19)
  • Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market - Security Latest
• US Coast Guard Mandates New Cybersecurity Framework for Maritime Operators (2026-04-19)
  • Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs - darkreading
• $10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks (2026-04-15)
  • $10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks - SecurityWeek
• Dragon Boss Solutions LLC Adware Update Disables Major Antivirus Software (2026-04-19)
  • 'Harmless' Global Adware Transforms Into an AV Killer - darkreading
• Turkish SMBs and Homes Targeted by Six-Year Ransomware Campaign (2026-04-19)
  • 6-Year Ransomware Campaign Targets Turkish Homes & SMBs - darkreading
• Google, Meta, and Microsoft Fail Half of California Privacy Requests (2026-04-19)
  • Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests - darkreading
• BYOVD Attacks Demand Stronger Defenses Against EDR-Killer Ecosystem Expansion (2026-04-19)
  • EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses - darkreading
• NWHStealer malware spreads via fake Proton VPN and gaming mods (2026-04-19)
  • From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere - Malwarebytes
• Fake Slack Installer Deploys Hidden Desktop Malware to Victims (2026-04-19)
  • A fake Slack download is giving attackers a hidden desktop on your machine - Malwarebytes
• Pushpaganda campaign uses AI clickbait to deliver mobile notification scams (2026-04-19)
  • AI clickbait can turn your notifications into a scam feed - Malwarebytes
• Omnistealer uses public blockchains to host malicious staging code (2026-04-19)
  • Omnistealer uses the blockchain to steal everything it can - Malwarebytes
• XWorm Malware and Curriculum-vitae-catalina Phishing Target Industrial Automation Systems (2026-04-19)
  • Threat landscape for industrial automation systems in Q4 2025 - Securelist
• Polymarket and Kalshi Rise Pose New Corporate Insider Trading Risks (2026-04-19)
  • Prediction Market Risk Is Hiding in Your Organization Whether You Know It or Not - Corporate Compliance Insights
• Applied Materials pays $253M for unauthorized SMIC equipment re-exports (2026-04-19)
  • $253M Settlement Raises the Bar on Re-Exports, ‘Dual‑Build’ Models & Entity List Risk - Corporate Compliance Insights
• n8n Automation and PowMix Botnet Drive Q1 Vulnerability Surge (2026-04-19)
  • The Q1 vulnerability pulse - Cisco Talos Blog
• Anthropic accidentally leaks Claude Code source code in new breach (2026-04-19)
  • Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying - GRAHAM CLULEY
• EU Age-Verification App Vulnerable to Two-Minute Hack, Researchers Find (2026-04-19)
  • It Takes 2 Minutes to Hack the EU’s New Age-Verification App - Security Latest
• New ATHR vishing platform uses AI voice agents for automated attacks (2026-04-17)
  • New ATHR vishing platform uses AI voice agents for automated attacks - BleepingComputer
• Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu (2026-04-16)
  • Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu - The Hacker News
• Data Breach at Tennessee Hospital Affects 337,000 (2026-04-16)
  • Data Breach at Tennessee Hospital Affects 337,000 - SecurityWeek
• Ransomware Hits Automotive Data Expert Autovista (2026-04-16)
  • Ransomware Hits Automotive Data Expert Autovista - SecurityWeek
• Crypto-exchange Kraken extorted by hackers after insider breach (2026-04-15)
  • Crypto-exchange Kraken extorted by hackers after insider breach - BleepingComputer
• Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto (2026-04-15)
  • Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto - BleepingComputer
• Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign (2026-04-15)
  • Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign - CyberScoop
• ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks (2026-04-15)
  • ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks - SecurityWeek
• European Gym giant Basic-Fit data breach affects 1 million members (2026-04-14)
  • European Gym giant Basic-Fit data breach affects 1 million members - BleepingComputer
• The silent “Storm”: New infostealer hijacks sessions, decrypts server-side (2026-04-14)
  • The silent “Storm”: New infostealer hijacks sessions, decrypts server-side - BleepingComputer
• JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 (2026-04-14)
  • JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 - The Hacker News
• APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials (2026-04-14)
  • APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials - darkreading
• Triad Nexus Evades Sanctions to Fuel Cybercrime (2026-04-14)
  • Triad Nexus Evades Sanctions to Fuel Cybercrime - SecurityWeek
• Nightclub Giant RCI Hospitality Reports Data Breach (2026-04-14)
  • Nightclub Giant RCI Hospitality Reports Data Breach - SecurityWeek

Reported Data Breaches

Breaches reported via Have I Been Pwned this period.

• Global Crackdown Targets DDoS-for-Hire Networks and Major Data Breaches (2026-04-19)
• McGraw Hill breach exposes 13.5 million accounts via Salesforce error (2026-04-19)
• Law Enforcement Seizes 53 Domains and Exposes Millions of Accounts (2026-04-17)