Cybersecurity

Vercel has revealed a significant expansion of its security breach investigation, identifying additional compromised customer accounts beyond its initial disclosure. The incident, traced to a supply chain attack originating from Context.ai via the Lumma Stealer malware on an employee's system, underscores the persistent and evolving threat landscape facing cloud infrastructure providers and their users.

A newly identified China-aligned advanced persistent threat (APT) group, dubbed GopherWhisper, has been actively targeting Mongolian governmental institutions since January 2025, deploying a sophisticated suite of Go-based backdoors. This revelation comes from ESET, highlighting a significant and ongoing cyberespionage campaign focused on a critical geopolitical region. The group's operational sophistication is further underscored by its innovative use of legitimate services like Discord, Slack, and Microsoft Outlook for covert command-and-control and data exfiltration.

Anthropic's Project Glasswing AI has unearthed critical, decades-old software vulnerabilities across major operating systems and browsers, prompting the company to delay its public release and engage tech giants in a pre-emptive patching effort. This revelation is not merely an AI lab touting its capabilities, but a stark demonstration of advanced AI's unprecedented ability to discover deeply embedded flaws previously missed by human experts and traditional methods, including a 27-year-old bug in OpenBSD. The model's capacity to chain four independent bugs into a complex exploit sequence highlights a new era in vulnerability discovery, moving beyond individual CVEs to sophisticated attack paths.

AI-driven exploitation, spearheaded by systems like 'Mythos,' is rapidly collapsing exploit windows, making traditional manual patching obsolete in the face of lightning-speed automated attacks. This unprecedented crisis means the time available to fix vulnerabilities before they are exploited is shrinking to near zero, forcing a fundamental reevaluation of current cybersecurity defenses. To understand and combat this new threat, organizations must adopt a new AppSec blueprint that leverages virtual patching.

North Korean state-backed threat actors, identified as TraderTraitor, have executed a sophisticated $290 million cryptocurrency heist against KelpDAO, exploiting vulnerabilities within LayerZero's inter-blockchain communication infrastructure. This incident highlights a critical attack vector targeting the foundational RPC nodes vital for transaction verification, exposing inherent risks within the DeFi ecosystem's reliance on distributed but susceptible infrastructure. The audacious theft, coupled with broader cybersecurity threats like supply chain malware and active RCE exploits, underscores a rapidly evolving threat landscape.

The popular password manager Bitwarden's CLI has been ensnared in a sophisticated supply chain attack, with its version 2026.4.0 compromised through a malicious GitHub Action. This incident, linked to the 'Shai-Hulud: The Third Coming' campaign, saw attackers exfiltrate critical developer secrets including GitHub/npm tokens, SSH keys, and cloud credentials, though Bitwarden reassures users that no end-user vault data was accessed. The attack vector highlights a critical vulnerability in CI/CD pipelines, echoing a pattern seen across other affected repositories in this ongoing campaign.

Apple has released urgent iOS and iPadOS updates to patch a critical logging flaw, CVE-2026-28950, which inadvertently retained deleted notifications, making them forensically recoverable. This vulnerability notably allowed law enforcement, including the FBI, to reportedly extract previously deleted Signal communications from an Antifa suspect's iPhone.

A previously undocumented and highly destructive data-wiping malware, dubbed 'Lotus,' was deployed late last year against Venezuelan energy and utility firms, completely obliterating critical infrastructure. Researchers at Kaspersky analyzed the sophisticated multi-stage wiper, which systematically disables defenses, deletes recovery points, overwrites physical drives, and clears forensic traces to ensure systems are irrecoverable. The targeted attacks emerged in mid-December from a machine in Venezuela, aligning with heightened geopolitical tensions in the region.

A significant data breach has been confirmed at France Titres (ANTS), a key French government agency responsible for citizen identification documents, with a threat actor claiming to have exfiltrated 19 million citizen records. The stolen data, including login IDs, full names, and sensitive personal information, is now reportedly for sale, raising alarm over potential phishing and social engineering campaigns targeting French citizens.

More than 1,300 Microsoft SharePoint servers globally remain unpatched against an actively exploited zero-day spoofing vulnerability, CVE-2026-32201, despite Microsoft releasing security updates last week. This critical flaw allows unprivileged attackers to compromise data confidentiality and integrity through network spoofing without requiring any user interaction, posing a significant risk to organizations using vulnerable on-premises SharePoint versions. The urgency of this threat is underscored by CISA adding CVE-2026-32201 to its Known Exploited Vulnerabilities Catalog, mandating federal agencies to apply patches by April 28.

Microsoft has issued an emergency out-of-band security update for a critical ASP.NET Core flaw (CVE-2026-40372) that allows unauthenticated attackers to achieve SYSTEM privileges. This privilege escalation vulnerability, residing within the ASP.NET Core Data Protection cryptographic APIs, can be exploited by forging authentication cookies, posing a severe threat to affected applications.

The Harvester APT group has significantly expanded its evasion tactics by deploying a new Linux variant of its GoGra backdoor, ingeniously leveraging the legitimate Microsoft Graph API for command and control. This sophisticated approach allows the state-backed espionage group to use a dedicated Outlook inbox for stealthy communications, operating under the guise of ordinary network traffic and making detection exceedingly difficult.