From the EU Commission to global enterprises like Booking.com, McGrawHill, and Medtronic, in April 2026 attackers demonstrated a relentless ability to exploit weaknesses across government bodies, healthcare providers, travel platforms, and critical technology environments. Incidents involving the Chinese Supercomputer, Eurail B.V., Basic-Fit, Chipsoft, and the Los Angeles City Attorney’s Office further underline a concerning reality: whether it’s public sector infrastructure, consumer platforms or specialised enterprise systems, no organisation is beyond reach.
What stands out this month is not just the diversity of victims, but the breadth of impact. These attacks disrupted operations, exposed sensitive data, and in some cases, risked undermining public trust at scale. The targeting of high-value systems and interconnected platforms highlights how modern cyber threats are increasingly strategic, often designed to maximise disruption rather than just extract data. As threat actors continue to refine their tactics, the gap between organisations that are prepared and those that are not becomes dangerously visible.
This is exactly where robust cyber resilience becomes non-negotiable. Organisations must move beyond reactive security measures and build the capability to detect, respond, and recover fast. At CM-Alliance, we help organisations operationalise resilience through industry-leading cyber incident response training and playbook development. Our cyber tabletop exercises help you truly test where your cyber resilience stands in the real world. By turning frameworks into real-world readiness and embedding muscle memory across teams, we ensure that when and not 'if' an incident occurs, your organisation is ready to respond with confidence, clarity, and control.
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 3, 2026 |
Die Linke |
Die Linke German political party confirms data stolen by Qilin ransomware |
Qilin ransomware group |
The ransomware attack led to unauthorised access to Die Linke’s internal systems, with attackers stealing sensitive organisational and employee data and threatening to leak it, creating risks of exposure and operational disruption. |
|
|
April 6, 2026 |
Multiple global organisations, including businesses and public institutions |
German authorities identify REvil and GandCrab ransomware bosses |
Daniil Maksimovich Shchukin (alias “UNKN”) and Anatoly Sergeevitsch Kravchuk |
The ransomware operations led by REvil and GandCrab caused widespread global damage, encrypting systems, stealing sensitive data, and extorting hundreds of millions in ransom payments from organisations. |
Source: Bleeping Computer |
|
April 6, 2026 |
Organisations across healthcare, education, finance, and professional services sectors |
Microsoft links Medusa ransomware affiliate to zero-day attacks |
Storm-1175 |
The attacks allowed hackers to rapidly exploit zero-day vulnerabilities to infiltrate networks, steal data, and deploy Medusa ransomware within hours, causing widespread system compromise and extortion across multiple industries. |
Source: Bleeping Computer |
|
April 8, 2026 |
Winona County, Minnesota |
Minnesota governor sends National Guard to county after cyber attack |
Unknown |
The ransomware attack severely disrupted critical county systems and municipal services, forcing systems offline, delaying public services, and prompting deployment of the National Guard to support recovery efforts. |
|
|
April 9, 2026 |
ChipSoft and hospitals using its healthcare systems |
Healthcare IT solutions provider ChipSoft hit by ransomware attack |
Unknown |
The ransomware attack forced ChipSoft to take key systems offline and disrupted digital healthcare services across multiple hospitals, limiting access to patient platforms and raising concerns over possible unauthorised access to sensitive data. |
Source: Bleeping Computer |
|
April 15, 2026 |
Home users and small-to-medium businesses in Turkey |
New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments |
Unknown |
The ransomware campaign quietly encrypted files of Turkish home users and small businesses through phishing attacks, enabling attackers to extract repeated small ransom payments while largely evading detection due to its localised targeting. |
Source: The Record |
|
April 21, 2026 |
Adaptavist Group |
Adaptavist Group breach spawns impostor emails as ransomware crew claims mega-haul |
TheGentlemen ransomware group |
The ransomware attack led to large-scale data theft, which was then used to send convincing impersonation emails to customers and partners, increasing the risk of follow-on scams and further compromise. |
|
|
April 22, 2026 |
Organisations using Windows and VMware ESXi environments (including a U.S. defense contractor) |
Kyber ransomware gang toys with post-quantum encryption on Windows |
Kyber ransomware group |
The ransomware attacks encrypted Windows and VMware systems while deleting backups and disabling recovery mechanisms, making data restoration extremely difficult and causing significant operational disruption for affected organisations. |
Source: Bleeping Computer |
|
April 23, 2026 |
Multiple organisations targeted by Trigona ransomware campaigns |
Trigona ransomware attacks use custom exfiltration tool to steal data |
Trigona ransomware group |
The ransomware attacks enabled faster and more efficient theft of sensitive data from compromised networks using a custom-built exfiltration tool, increasing the scale of data loss while also encrypting systems and intensifying operational disruption for victims. |
Source: Bleeping Computer |
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 1, 2026 |
Mercor |
Mercor says it was hit by cyber attack tied to compromise of open-source LiteLLM project |
TeamPCP (supply chain compromise) and Lapsus$ (claimed data theft) |
The supply chain attack compromised Mercor through the LiteLLM library, potentially exposing sensitive company data, including source code, databases, and credentials while impacting thousands of organisations relying on the same software. |
|
|
April 1, 2026 |
CareCloud, Inc. and its patients/users |
On March 24, 2026, CareCloud filed a report with the SEC regarding a network outage in its Health division that affected one of six EHR systems for approximately eight hours around March 16. |
Unknown |
The incident caused a network disruption in CareCloud’s health systems and potentially exposed sensitive patient data, putting affected individuals at risk of identity theft and fraud while investigations into data access continued. |
|
|
April 1, 2026 |
Cisco Systems |
Cisco source code stolen in Trivy-linked dev environment breach |
TeamPCP |
The attackers breached Cisco’s internal development environment using stolen credentials, leading to the theft of source code, exposure of AWS keys, and unauthorised access to internal systems and customer-related repositories, raising risks of further compromise. |
Source: Bleeping Computer |
|
April 3, 2026 |
European Commission and multiple EU entities |
CERT-EU: European Commission hack exposes data of 30 EU entities |
TeamPCP |
The cloud-based breach exposed sensitive data from at least 30 EU entities, including emails, usernames, and internal information, after attackers infiltrated the European Commission’s hosting environment and exfiltrated data without disrupting services. |
Source: Bleeping Computer |
|
April 7, 2026 |
Jones Day |
Jones Day confirms data breach after hackers leak client files online |
Silent ransom group |
The phishing-based breach allowed hackers to access and leak sensitive client files linked to at least 10 clients, exposing confidential legal data and raising risks of reputational damage and potential misuse of sensitive information. |
|
|
April 7, 2026 |
Snowflake customers |
Snowflake customers hit in data theft attacks after SaaS integrator breach |
ShinyHunters |
The breach of a SaaS integration provider allowed attackers to steal authentication tokens and use them to access and exfiltrate sensitive data from multiple Snowflake customer environments, leading to widespread data theft and potential extortion risks. |
Source: Bleeping Computer |
|
April 8, 2026 |
Eurail B.V. |
Passport numbers for more than 300,000 leaked during December Eurail data breach |
Unknown |
The breach exposed personal data,including names and passport numbers, of over 300,000 travelers after hackers accessed Eurail’s systems, with the stolen information later being offered for sale on the dark web, increasing risks of identity theft and fraud. |
Source: The Record |
|
April 8, 2026 |
Los Angeles City Attorney’s Office (affecting Los Angeles Police Department data) |
Breach exposes LAPD files stored in city attorney system |
World Leaks |
The breach exposed around 7.7TB of sensitive LAPD data, including personnel records, witness details, and medical information after hackers accessed a city attorney system, raising serious privacy and safety concerns for officers and individuals involved in cases. |
Source: The Record |
|
April 08, 2026 |
China’s supercomputers |
A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data |
FlamingChina |
The cyber attack allegedly led to the theft of more than 10 petabytes of sensitive data including defence research and classified scientific information creating major national security concerns and exposing weaknesses in critical infrastructure protection |
Source: CNN.com |
|
April 13, 2026 |
Basic-Fit |
Hack at Dutch gym chain Basic-Fit exposes customer data in several EU countries |
Unknown |
The breach attack exposed personal and financial data of around 1 million gym members across multiple European countries after hackers breached internal systems and downloaded sensitive information, increasing risks of fraud and phishing. |
Source: The Record |
|
April 13, 2026 |
Booking.com |
Booking.com confirms hackers accessed customers data |
Unknown |
The breach allowed unauthorised access to customer booking data including names contact details and reservation information which was later used in phishing attacks to target users and potentially compromise their accounts and personal information. |
Source: Tech Crunch |
|
April 13, 2026 |
Rockstar Games |
Stolen Rockstar Games analytics data leaked by extortion gang |
ShinyHunters |
The breach led to the theft and public leak of internal analytics data including game metrics and user behavior insights, exposing business sensitive information and creating extortion pressure on the company despite no impact on players or operations. |
Source: Bleeping Computer |
|
April 14, 2026 |
McGraw-Hill |
McGraw-Hill confirms data breach following extortion threat |
ShinyHunters |
The breach allowed attackers to access a limited set of internal data through a Salesforce misconfiguration and use it for extortion threats, creating risks of data exposure and reputational damage despite no access to sensitive customer or student information. |
Source: Bleeping Computer |
|
April 20, 2026 |
Ameriprise Financial Services |
Ameriprise Data Breach Impacts More Than 47,000 People |
Unknown |
The data breach exposed sensitive personal information of 47,876 customers after an unauthorised actor accessed internal data, increasing risks of identity theft and financial fraud for affected individuals. |
|
|
April 20, 2026 |
Bol.com |
Dutch ecommerce site Bol.com investigates claims of a data breach |
Unknown |
The incident raised concerns after a dataset allegedly containing around 400,000 customer records was put up for sale online, potentially exposing personal and account details and increasing risks of phishing and fraud, although the company said there was no confirmed breach or system compromise. |
Source: techzine.eu |
|
April 21, 2026 |
Vercel (via breach at Context AI) |
App host Vercel confirms security incident; says customer data was stolen via breach at Context AI |
Unknown |
The breach allowed hackers to access internal systems and steal customer data, including API keys, source code, and database information after compromising a third-party AI tool, raising concerns about wider downstream risks across multiple organisations. |
Source: Tech Crunch |
|
April 21, 2026 |
Canada Life |
Hackers accessed personal information of 70,000 people in Canada Life data breach |
ShinyHunters |
The breach exposed personal information including names, dates of birth, addresses, gender, and income details of up to 70,000 individuals after attackers accessed systems through a compromised employee account, increasing risks of identity theft and targeted fraud. |
|
|
April 21, 2026 |
Gonets satellite communication system (Russia) |
Ukrainian hackers breach internal data of Russia’s Starlink-like Gonets system |
Ukrainian hackers (pro-Ukraine cyber units) |
The cyber attack exposed sensitive internal communications and operational data from Russia’s Gonets satellite system after Ukrainian hackers gained access to internal accounts, potentially revealing infrastructure details and intelligence linked to military and state users. |
|
|
April 22, 2026 |
France Titres (Agence Nationale des Titres Sécurisés – ANTS) |
France Titres data breach: 19 million records allegedly stolen |
breach3d |
The breach potentially exposed sensitive personal data such as names, birth details, contact information, and account identifiers of millions of individuals, significantly increasing risks of phishing, identity theft, and large-scale social engineering attacks. |
|
|
April 23, 2026 |
Vercel |
Vercel says some of its customers’ data was stolen prior to its recent hack |
Unknown |
The breach revealed that hackers had already accessed and stolen some customer data before the incident was detected, indicating a broader compromise that exposed sensitive information and increased risks for affected users. |
Source: Tech Crunch |
|
April 23, 2026 |
Rituals Cosmetics |
Luxury cosmetics giant Rituals discloses data breach |
Unknown |
The breach exposed customer membership data including names, contact details, and demographic information after attackers accessed and downloaded records from Rituals’ loyalty database, increasing risks of phishing and targeted scams despite no financial data being compromised. |
|
|
April 24, 2026 |
Udemy |
ShinyHunters claim Udemy data theft |
ShinyHunters |
Udemy faced a large-scale data breach claim in which ShinyHunters said they stole 1.4 million user and instructor records, exposing email addresses, names, phone numbers, physical addresses, employer details, and instructor payout information, creating significant phishing, fraud, and identity theft risks for affected users. |
Source: cybernews.com |
|
April 24, 2026 |
UK Biobank |
UK Biobank data breach raises concerns over healthcare data security |
Unknown |
The breach led to sensitive health and genetic data of around 500,000 individuals being exposed and even listed for sale online, raising serious privacy concerns and prompting authorities to suspend access and investigate the incident. |
Source: Cyber Express |
|
April 24, 2026 |
Coupang |
South Korea says Coupang data breach probe affects US security talks |
Unknown |
The massive data breach involving tens of millions of users escalated beyond a corporate incident, straining U.S.–South Korea relations and delaying key security and defence discussions due to legal and political tensions surrounding the investigation. |
Source: Investing.com |
|
April 24, 2026 |
ADT Inc. |
ADT confirms data breach after ShinyHunters leak threat |
ShinyHunters |
ADT confirmed that attackers accessed and stole customer and prospective customer data, exposing personal information such as names, phone numbers, and addresses, while triggering an internal investigation and containment efforts after the intrusion was discovered. |
Source: Bleeping Computer |
|
April 27, 2026 |
Medtronic |
Medtronic confirms breach after hackers claim 9 million records theft |
ShinyHunters |
Medtronic confirmed that attackers breached parts of its corporate IT environment and accessed internal data, with hackers claiming to have stolen around 9 million records, forcing the company to launch containment and forensic investigations, although patient care, products, and operations remained unaffected. |
Source: Bleeping Computer |
|
April 28, 2026 |
Vimeo |
Vimeo confirms user and customer data breach |
ShinyHunters |
Vimeo confirmed that attackers accessed customer email addresses, technical data, and video metadata through a compromised third-party vendor, exposing user information but without disrupting platform operations or affecting login credentials and payment data. |
Source: Security Week |
|
April 28, 2026 |
Pitney Bowes |
Pitney Bowes becomes the latest victim of ShinyHunters breach spree |
ShinyHunters |
Pitney Bowes confirmed that attackers accessed business customer records in its Salesforce CRM environment after a phishing-led account compromise, exposing millions of contact records and creating risks of phishing, fraud, and customer data misuse, though its core systems remained unaffected. |
Source: The Register |
|
April 29, 2026 |
Amtrak |
Amtrak data breach exposes millions of customer records |
ShinyHunters |
Amtrak suffered a large-scale data breach in which attackers apparently gained access to millions of customer records, exposing names, email addresses, physical addresses, and support ticket histories, increasing the risk of highly targeted phishing and identity-based fraud against travelers. |
|
|
April 30, 2026 |
Movistar Perú |
Movistar Peru data breach impacts 4 million users |
Dedale |
Movistar Perú suffered a large-scale data exposure affecting nearly 4 million users, with leaked names, phone numbers, national IDs, birth dates, and telecom plan details, increasing the risk of phishing, identity theft, and SIM-swapping fraud against customers. |
Source: escudodigital.com |
|
April 30, 2026 |
National Health Insurance Company of Moldova (CNAM) |
Moldova’s health insurance agency reports possible data leak after cyber attack |
Unknown |
Moldova’s health insurance agency reported that a cyber attack may have exposed sensitive patient and payment records affecting roughly one-third of its healthcare database, raising serious privacy risks for insured citizens even though medical services continued without disruption. |
Source: The Record Media |
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 1, 2026 |
Organisations using Citrix NetScaler ADC and Gateway systems |
Citrix NetScaler instances exploited |
Unknown |
Attackers exploited critical NetScaler vulnerabilities to leak sensitive memory data, including credentials and session tokens, putting organisations at risk of unauthorised access and network compromise. |
|
|
April 4, 2026 |
Axios users, developers, and organisations |
Axios npm hack used fake Teams error fix to hijack maintainer account |
Unknown |
The attack compromised the Axios npm package and spread a hidden remote access trojan to developers and organisations worldwide, potentially exposing credentials, systems, and sensitive data across millions of downstream applications. |
Source: Bleeping Computer |
|
April 7, 2026 |
Government agencies, IT providers, hosting companies, and Microsoft 365 users worldwide |
Authorities disrupt DNS hijacks used to steal Microsoft 365 logins |
APT28 also known as Fancy Bear |
The DNS hijacking campaign compromised thousands of routers to intercept authentication traffic and steal Microsoft 365 credentials and tokens, enabling widespread unauthorised access to emails, files, and enterprise systems across more than 120 countries. |
Source: Bleeping Computer |
|
April 7, 2026 |
Education Authority (C2K school network), Northern Ireland |
Cyber attack hits Northern Ireland’s centralised school network, disrupting access for thousands |
Unknown |
The cyber attack disrupted access to critical school IT systems across Northern Ireland, leaving hundreds of thousands of students and teachers unable to use educational platforms and forcing authorities to shut down and gradually restore services. |
Source: The Record |
|
April 7, 2026 |
Anna Jaques Hospital (part of Beth Israel Lahey Health), Massachusetts |
Cyber attack on Massachusetts hospital disrupted records system, emergency services |
Unknown |
The cyber attack disrupted hospital IT systems and electronic health records, forcing the facility to turn away ambulances and rely on manual processes, which delayed care and strained emergency services. |
Source: The Record |
|
April 9, 2026 |
WordPress and Joomla websites using Smart Slider 3 plugin |
Smart Slider updates hijacked to push malicious WordPress Joomla versions |
Unknown |
The supply chain attack pushed a backdoored plugin update to hundreds of thousands of websites, allowing attackers to execute remote code, create hidden admin accounts, steal sensitive data, and fully compromise affected WordPress and Joomla sites. |
Source: Bleeping Computer |
|
April 9, 2026 |
Non governmental organisations and universities in Taiwan |
New LucidRook malware used in targeted attacks on NGOs universities |
UAT-10362 |
The targeted malware campaign infiltrated NGOs and universities through spear phishing, enabling attackers to collect system data, encrypt it, and exfiltrate sensitive information while maintaining stealthy long term access to compromised systems. |
Source: Bleeping Computer |
|
April 9, 2026 |
Bitcoin Depot |
Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyber attack |
Unknown |
The cyber attack led to the theft of over $3.6 million in Bitcoin after attackers gained control of internal credentials and transferred funds from company wallets, causing financial loss though core customer systems remained unaffected. |
Source: The Record |
|
April 13, 2026 |
Individuals and organisations using web browsers and online services |
The silent Storm new infostealer hijacks sessions decrypts server side |
Unknown |
The Storm infostealer enabled attackers to steal browser data and session cookies, bypass multi factor authentication, and hijack active user sessions through server side decryption, leading to widespread account takeover and exposure of sensitive credentials and financial data. |
Source: Bleeping Computer |
|
April 15, 2026 |
Ukrainian government entities and hospitals |
New AgingFly malware used in attacks on Ukraine govt hospitals |
UAC-0247 |
The malware campaign enabled attackers to steal browser and messaging app data, gain remote control of infected systems, and move laterally across networks, putting sensitive government and healthcare information at risk of exfiltration and misuse. |
Source: Bleeping Computer |
|
April 20, 2026 |
Bluesky |
Bluesky blames app outage on ‘sophisticated’ DDoS attack |
313 Team |
The DDoS attack caused widespread outages across the platform, disrupting core features like feeds, notifications, search, and threads, leaving millions of users unable to reliably access the service until mitigation efforts restored stability. |
Source: The Record |
|
April 20, 2026 |
Kelp DAO |
Crypto infrastructure company blames $290 million theft on North Korean hackers |
North Korea-linked hackers (suspected Lazarus Group) |
The cyber attack resulted in the theft of roughly $290 million in cryptocurrency from the Kelp DAO platform, causing significant financial losses and highlighting continued large-scale exploitation of crypto systems by state-backed attackers. |
Source: The Record |
|
April 22, 2026 |
Developers and organisations using affected npm packages (Namastex Labs ecosystem) |
New npm supply-chain attack self-spreads to steal auth tokens |
Unknown |
The attack compromised multiple npm packages to steal developer credentials, API keys, and crypto wallet data, then spread automatically through infected accounts—putting software supply chains, cloud systems, and downstream applications at significant risk of further compromise. |
Source: Bleeping Computer |
|
April 23, 2026 |
Checkmarx (KICS analysis tool users and developer environments) |
New Checkmarx supply-chain breach affects KICS analysis tool |
TeamPCP hackers allegedly |
The supply chain attack compromised trusted developer tools (Docker images and extensions), allowing attackers to silently harvest sensitive data such as credentials and infrastructure secrets from development environments and CI/CD pipelines, putting downstream systems at risk. |
Source: Bleeping Computer |
|
April 24, 2026 |
Government of Sri Lanka (Treasury / Finance Ministry) |
Sri Lanka has launched an investigation after hackers allegedly breached the finance ministry's computer systems and stole $2.5m (£1.8m), officials say |
Unknown |
The cyber attack resulted in the theft of around $2.5 million from Sri Lanka’s government funds during a financial transaction, disrupting planned debt repayment processes and triggering a national investigation into how the breach occurred. |
Source: The BBC |
|
April 26, 2026 |
Itron, Inc. |
American utility firm Itron discloses breach of internal IT network |
Unknown |
Itron disclosed that an unauthorised third party breached parts of its internal IT network, prompting incident response, forensic investigation, and containment efforts, with the company confirming the intrusion was blocked and no continued malicious activity was seen afterward. |
Source: Bleeping Computer |
|
April 27, 2026 |
Multiple corporate organisations using Microsoft Teams |
Hackers impersonate Microsoft Teams help desk to breach corporate networks |
UNC6692 |
The campaign used email flooding and fake Microsoft Teams help desk messages to trick employees into installing SnowBelt malware, giving attackers persistent access to corporate accounts and internal systems and increasing the risk of credential theft, data exposure, and network compromise. |
Source: The Record |
|
April 28, 2026 |
Multiple organisations |
Scattered Spider Exposed Critical Takeaways for Cyber Defenders |
Scattered Spider |
Scattered Spider’s intrusions disrupted enterprise environments through social engineering, identity compromise, and lateral movement, causing operational outages, unauthorised access, and major incident response costs across targeted organisations. |
Source: The BBC |
|
April 30, 2026 |
Government agencies, financial institutions, ports, utilities, and private businesses across the UAE and Gulf region |
600,000 cyber attacks a day Massive cyber attack wave targets UAE and Gulf |
Iran-aligned threat actors |
The cyber attack wave caused widespread service disruptions across government systems, ports, courts, and financial platforms in the UAE and Gulf, delaying transactions, interrupting access to records and payment systems, and increasing the risk of digital identity theft for businesses and citizens. |
Source: wionews.com |
|
New Ransomware |
Summary |
|
Elite Enterprise ransomware |
Elite Enterprise is a newly identified ransomware strain monitored in underground forums, targeting Windows enterprise environments with extortion-based encryption. |
|
Firestarter malware |
Firestarter is a newly analysed persistent malware used against exposed Cisco firewall appliances for stealthy long-term access. |
|
AgingFly malware campaign |
AgingFly is a documented malware campaign targeting Ukrainian government and healthcare institutions through phishing-led intrusions. |
|
Payouts King ransomware |
Payouts King is an emerging ransomware operation using hidden QEMU virtual machines to evade EDR and remain covert before encryption deployment. |
|
Elite Enterprise ransomware |
Elite Enterprise is a newly identified ransomware strain monitored in underground forums, targeting Windows enterprise environments with extortion-based encryption. |
Source for the above table: Bleeping Computer, Recorded Future News
|
Date |
New Flaws/Fixes |
Summary |
|
April 1, 2026 |
CVE-2026-3055 |
The vulnerability in Citrix NetScaler was actively probed and later exploited by attackers to leak sensitive memory data, including session tokens and credentials, putting organisations at risk of unauthorised access and account compromise. |
|
April 2, 2026 |
CVE-2022-1388 |
The flaw in F5 BIG-IP APM exposed thousands of internet-facing instances to remote code execution attacks, allowing attackers to take control of vulnerable systems and potentially access sensitive network resources. |
|
April 2, 2026 |
CVE-2026-2699 CVE-2026-2701 |
The chained Progress ShareFile vulnerabilities allowed unauthenticated attackers to bypass authentication and execute remote code, enabling full access to systems and the potential theft of sensitive files from affected environments. |
|
April 2, 2026 |
CVE-2026-20093 |
The critical flaw in Cisco IMC allowed unauthenticated attackers to bypass authentication and gain full admin access, enabling them to take control of servers, change user credentials, and potentially compromise entire infrastructure environments. |
|
April 5, 2026 |
CVE-2025-55182 |
The React2Shell vulnerability was actively exploited in automated campaigns that allowed attackers to gain remote code execution on vulnerable servers and steal credentials, API keys, and sensitive data at scale from compromised applications. |
|
April 5, 2026 |
CVE-2026-21643 |
The Fortinet FortiClient EMS flaw was actively exploited to let unauthenticated attackers execute remote code and fully compromise vulnerable systems, potentially leading to data theft, system takeover, and service disruption. |
|
April 6, 2026 |
CVE: CVE-2026-35616 |
Singapore and U.S. authorities had warned that a critical Fortinet vulnerability was being actively exploited in the wild, urging organizations to urgently apply patches and check for signs of compromise as attackers rapidly targeted exposed systems. |
|
April 6, 2026 |
CVE-2026-35616 |
The actively exploited Fortinet FortiClient EMS flaw allowed unauthenticated attackers to bypass access controls and execute malicious code, prompting urgent patching orders due to the risk of full system compromise and network intrusion. |
|
April 7, 2026 |
CVE-2025-59528 |
The critical Flowise vulnerability was actively exploited to inject malicious code and achieve remote code execution on exposed systems, allowing attackers to run commands and access sensitive files on compromised servers. |
|
April 7, 2026 |
CVE-2026-0740 |
The critical Ninja Forms plugin flaw allowed unauthenticated attackers to upload malicious files and execute code on vulnerable WordPress sites, leading to full site takeover and potential data compromise. |
|
April 8, 2026 |
CVE-2026-1340 |
The Ivanti EPMM flaw was actively exploited to let unauthenticated attackers execute remote code on vulnerable systems, potentially giving them full control over mobile management servers and access to sensitive enterprise data. |
|
April 12, 2026 |
CVE-2026-39987 |
The critical Marimo flaw was actively exploited within hours of disclosure, allowing attackers to gain unauthenticated remote code execution, take full control of servers, and quickly steal sensitive credentials and data from compromised systems. |
|
April 13, 2026 |
CVE-2026-28906 |
The zero day flaw in Adobe Acrobat and Reader was actively exploited to let attackers execute malicious code through specially crafted PDF files, prompting an emergency patch to prevent system compromise and data theft. |
|
April 15, 2026 |
CVE-2025-60710 |
The Windows Task Host vulnerability was actively exploited to let attackers with low level access escalate privileges to SYSTEM level and take full control of affected devices, prompting urgent patching due to the risk of complete system compromise |
|
April 17, 2026 |
CVE-2026-33825 |
Attackers had begun actively exploiting recently leaked Windows zero-day vulnerabilities—including BlueHammer and RedSun—to gain SYSTEM-level privileges on affected machines, even as some flaws remained unpatched and continued to pose a significant risk to users. |
|
April 22, 2026 |
CVE-2025-29635 |
Attackers had actively exploited a remote code execution flaw in end-of-life D-Link routers to deploy Mirai malware, allowing them to take control of devices and add them to botnets used for large-scale DDoS attacks and other malicious activities. |
|
April 23, 2026 |
CVE-2026-33825 |
Authorities had ordered federal agencies to urgently patch a Microsoft Defender zero-day vulnerability that was already being actively exploited in attacks to let low-privileged attackers gain full SYSTEM-level access on affected machines. |
|
April 24, 2026 |
CVE-2024-45519 |
Attackers had actively exploited a Zimbra vulnerability across thousands of internet-exposed servers, allowing them to gain unauthorized access and compromise email systems at scale, prompting urgent patching guidance from authorities. |
Source for the above table: Bleeping Computer, Recorded Future
|
News Type |
Summary |
|
Warning |
The FBI warned that Chinese-developed mobile apps posed serious data security risks by potentially collecting sensitive user information and exposing it to foreign access, urging users to limit data sharing and use trusted app sources. |
|
Report |
The “prompt poaching” attack involved malicious browser extensions silently stealing users’ AI conversations and sensitive data, exposing both personal and corporate information to external servers without consent. |
|
Report |
Threat actors combined publicly available data, weak identity checks, and postal services to exploit vacant homes as “drop addresses,” allowing them to intercept sensitive mail and enable large-scale identity theft and financial fraud. |
|
Report |
Multi-extortion ransomware attacks evolved to steal sensitive data and threaten public leaks—often alongside encryption—to pressure victims into paying, making attacks more damaging even when systems could be restored. |
|
Warning |
Iranian state linked hackers were found targeting critical infrastructure systems such as water and energy facilities by exploiting vulnerable industrial control devices, in some cases causing operational disruptions and financial losses while raising serious risks to public safety. |
|
Report |
Google introduced a new Chrome security feature that tied session cookies to a user’s device, making stolen cookies useless and reducing the risk of account hijacking by infostealer malware. |
|
Report |
The exposure of nearly 4000 internet connected industrial control devices allowed Iranian linked hackers to target critical infrastructure sectors such as water energy and manufacturing which created risks of operational disruption system manipulation and potential physical damage to essential services |
|
Report |
The FBI and Indonesian authorities dismantled the W3LL phishing platform and arrested its developer, disrupting a global cybercrime service that had enabled large scale credential theft and over 20 million dollars in fraud targeting thousands of victims worldwide |
|
Warning |
WhatsApp issued a warning stating that around 200 users had been tricked into installing a fake version of its app containing spyware, after which the company logged them out and alerted them about the security risks and advised switching to the official app. |
|
Warning |
UK authorities issued a warning that a Russian state-linked cyber unit was exploiting vulnerable home routers to hijack internet traffic and spy on users by intercepting data and stealing login credentials. |
|
Warning |
Authorities including the FBI and Pentagon had issued a warning that Iran-linked hacking groups were actively targeting operational technology systems—such as those used in water, energy, and municipal infrastructure—to disrupt industrial processes by exploiting vulnerable control devices. |
|
Report |
Researchers published a report revealing that cybercriminals were running highly sophisticated campaigns targeting logistics companies, using remote access tools and stolen credentials to infiltrate systems, steal cargo, and even search for financial data like crypto wallets and payment accounts to maximize profits. |
|
Report |
Ukrainian authorities had confirmed in a report that a long-running cyber-espionage campaign, likely linked to Russia’s APT28 group, had targeted prosecutors and anti-corruption agencies by compromising email accounts to monitor sensitive investigations and gather intelligence. |
|
Warning |
Authorities issued a warning that China-linked hackers were exploiting everyday internet-connected devices like routers and cameras to build covert networks, allowing them to secretly infiltrate UK firms for espionage and data theft while masking their activity. |
Sources: Bleeping Computer and Infosecurity Magazine