Cybersecurity Newsfeed - 28/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 28/04/26
🛡️ Vulnerabilities
15-Year-Old OpenSSH Root Flaw: A critical race condition in the
sshdserver has been discovered that allowed full root shell access for over a decade and a half. While complex to exploit, the potential impact on global Linux/Unix infrastructure is immense. More infoFirefox Tracking & Tor Fingerprinting (CVE-2026-6770): A bug in the Firefox engine enabled cross-site tracking, compromising the anonymity of Tor Browser users. Mozilla has issued an emergency patch to fix the network request inconsistency. More info
73 Malicious VS Code Extensions: Researchers identified dozens of fake extensions in the Visual Studio Code Marketplace designed to exfiltrate source code, environment variables, and auth tokens from developer environments. More info
🎯 Adversaries
UNC6692 Social Engineering & Cloud Abuse: This threat actor is abusing legitimate services like Google Drive and Dropbox to deliver RATs and infostealers, bypassing traditional security perimeters via trusted domains. More info
Silk Typhoon Hacker Extradited: An alleged operative of the Silk Typhoon group has been extradited to the U.S. to face charges related to long-term network intrusions against government agencies and defense contractors. More info
BlackFile Group Targets Retail: The group is using specialized malware to compromise Point-of-Sale (PoS) systems, scraping memory for credit card data and intercepting internal retail communications. More info
Fake Crypto Apps Target iOS & macOS: Deceptive apps masquerading as legitimate crypto management tools have bypassed App Store reviews to steal private keys from high-net-worth investors. More info
Vidar Infostealer Uses Fake CAPTCHAs: Attackers are now using fraudulent CAPTCHA challenges to trick users into downloading malicious JPEG and TXT files containing infostealer payloads. More info
📈 Trends
Malicious AI Prompt Injection Rising: Google reports an increase in “jailbreaking” attempts on LLMs. While technical sophistication remains low, the frequency of attempts to bypass safety filters is growing. More info
20-Year-Old Malware Rewrites ICS History: The discovery of legacy code targeting hardware controllers suggests that early cyber sabotage efforts were far more advanced than previously documented. More info
Fake CAPTCHA IRSF Scams: A new scheme uses the Keitaro traffic distribution system and fake security checks to redirect users to high-cost fraudulent phone services. More info
Supply Chain Hit: PyPI Package Compromised: A PyPI package with 11 million monthly downloads was hacked to push an infostealer after a developer’s account was compromised. More info
82 Chrome Extensions Harvesting Data: Malicious extensions with millions of installs were found harvesting and selling browsing histories and personal identifiers to third-party brokers. More info
💥 Breaches & Leaks
ADT Data Breach Affects 5.5 Million: The home security giant confirmed a breach of customer names, emails, and addresses via a compromised third-party support interface. More info
Medtronic Confirms Breach: Following hacker claims of 9 million stolen records, the medical tech firm confirmed an intrusion into an internal system containing patient health information. More info
ShinyHunters Leak Zara, Udemy, 7-Eleven Data: The group has claimed responsibility for leaking massive datasets containing customer records and internal corporate info from several major brands. More info
📚 Others
- Canada Arrests “SMS Blaster” Operators: Three individuals in Toronto were arrested for using rogue cellular devices to mimic cell towers and push phishing links directly to mobile phones. More info