Cybersecurity Newsfeed - 13/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 13/04/26
🛡️ Vulnerabilities
Adobe Acrobat and Reader Under Attack (CVE-2026-34621): Adobe released urgent updates for a critical use-after-free vulnerability being exploited in the wild. The flaw allows arbitrary code execution via crafted PDFs. Windows and macOS users are urged to patch immediately. More info
Critical Marimo Pre-Auth RCE (CVE-2026-39987): A critical vulnerability in the Marimo open-source Python notebook allows unauthenticated attackers to execute code via specially crafted websocket messages. Exploitation attempts have surged following a public PoC release. More info
Iranian Threats to US ICS: Nearly 4,000 industrial control systems in the U.S. are exposed to potential Iranian cyberattacks due to public internet reachability and outdated firmware. More info
🎯 Adversaries
“Hacker Claude” Breaches Mexican Government: A threat actor allegedly exfiltrated 4.1 million sensitive records from a Mexican government portal using GPT-4-based scripts for reconnaissance and exploitation. More info
CPUID Supply Chain Attack Distributes STX RAT: The infrastructure for CPU-Z and HWMonitor was compromised to distribute the STX Remote Access Trojan. Legitimate binaries were replaced with malware-laced versions to gain full system control. More info
Glassworm Evolves with Zig-based Dropper: The Glassworm threat actor is now using the Zig programming language to create low-detection droppers targeting developer tools and upstream repositories. More info
UAT-10362 Targets Taiwanese NGOs: A new campaign is targeting non-governmental organizations in Taiwan with custom backdoors delivered via spear-phishing for geopolitical intelligence gathering. More info
Android Banking Trojan Hits Cambodia: A sophisticated mobile threat is targeting Cambodian users, using accessibility services to bypass MFA and perform unauthorized fund transfers. More info
ClickFix Campaign Expands to macOS: The “ClickFix” social engineering tactic now uses fake “missing font” errors to trick macOS users into executing malicious terminal commands that install infostealers. More info
📈 Trends
The “Agentic SOC” Framework: Microsoft has introduced a framework for autonomous AI agents to handle routine triage and investigation, aiming to solve the cybersecurity talent shortage. More info
Limits of Human-Scale Security: An analysis of one billion CISA KEV records suggests that manual patching processes cannot keep up with the speed of automated exploitation. More info
Google Rolls Out Gmail CSE for Mobile: Client-side encryption is now available for Gmail on Android and iOS, giving Workspace users more control over encryption keys and data privacy. More info
💥 Breaches & Leaks
W3LLSTORE Phishing Marketplace Dismantled: The FBI and Indonesian Police shut down W3LLSTORE, a major hub for “BEC-as-a-service” tools and MFA-bypass scripts. More info
International Crypto Fraud Crackdown: Law enforcement agencies identified over 20,000 victims of a massive “pig butchering” syndicate, seizing millions in digital assets. More info