WhatsApp, a ubiquitous communication platform, has recently disclosed two patched security vulnerabilities, including a file spoofing flaw and an arbitrary URL scheme issue. While there's no evidence of in-the-wild exploitation, these medium-impact bugs highlight persistent attack vectors in widely used applications. The fixes were rolled out earlier this year following responsible disclosure by unnamed researchers.

Threat actors have initiated widespread exploitation of two critical-severity vulnerabilities in MetInfo and Weaver E-cology systems, enabling unauthenticated remote code execution. These flaws, affecting enterprise content management and office automation platforms predominantly used in China, pose significant risks to organizations reliant on these applications. The rapid weaponization of these bugs underscores the urgency for immediate security measures.

Microsoft has disclosed a sophisticated large-scale credential theft campaign that successfully bypassed multi-factor authentication (MFA) to compromise over 35,000 users across 26 countries. Leveraging "code of conduct"-themed lures and legitimate email services, attackers employed adversary-in-the-middle (AiTM) tactics to steal authentication tokens. This campaign highlights a significant evolution in phishing attacks, demonstrating advanced social engineering and technical evasion techniques.

North Korea's state-sponsored ScarCruft group has executed a sophisticated supply chain attack, compromising a video game platform to deploy multi-platform BirdCall malware on both Android and Windows devices. This operation specifically targeted ethnic Koreans residing in China, including North Korean defectors, using a gaming service known to be a high-risk transit point. The campaign marks an evolution in ScarCruft's capabilities, extending their surveillance toolkit to Android for enhanced intelligence gathering.

DigiCert has confirmed the revocation of fraudulently obtained EV Code Signing certificates following a cyberattack on its internal support portal. Threat actors exploited a compromised customer chat channel to gain unauthorized access, leading to the issuance of illicit certificates, including some reportedly used to sign the Zhong Stealer malware.

Microsoft has officially confirmed that its April 2026 security updates are causing significant failures in third-party backup applications across Windows 10, 11, and Server environments. This widespread disruption stems from a critical security hardening measure that blocks a known vulnerable kernel driver, psmounterex.sys, to defend against a high-severity privilege escalation vulnerability. The move, while improving security posture, has inadvertently created operational challenges for organizations relying on these affected backup solutions.

AI-powered phishing campaigns are rapidly accelerating the sophistication of cyberattacks, overwhelming traditional defenses and posing an escalating threat to managed service providers. As threat actors increasingly leverage trusted infrastructure and SaaS platforms to bypass initial security layers, the focus shifts to robust recovery strategies to ensure continuity after a breach. This evolving landscape necessitates a radical rethink of how MSPs integrate prevention with business continuity and disaster recovery.

Threat actors are increasingly exploiting Amazon Simple Email Service (SES) to launch highly sophisticated phishing campaigns that effectively bypass conventional security filters. This surge is primarily attributed to a growing number of exposed AWS Identity and Access Management (IAM) access keys, enabling attackers to leverage a trusted resource for malicious ends. The unprecedented level of abuse highlights a critical vulnerability in cloud service security.

A critical unauthenticated remote code execution (RCE) flaw in Weaver E-cology, CVE-2026-22679, has been actively exploited in attacks since mid-March. This exploitation began just days after the vendor issued a patch and weeks before the vulnerability was publicly disclosed, highlighting the rapid weaponization of known flaws. Threat actors leveraged an exposed debug API to run discovery commands, primarily targeting Chinese organizations using the office automation platform.

Progress Software has issued an urgent patch for a critical authentication bypass vulnerability (CVE-2026-4670) in its MOVEit Automation secure file transfer solution. This flaw, rated 9.8 CVSS, could grant unauthorized access and administrative control over sensitive data movement workflows, posing a significant risk to enterprise and governmental operations. The update also addresses a privilege escalation bug, highlighting ongoing risks in critical MFT systems.

Retired Navy Capt. William Toti, a distinguished career submariner, has been appointed to perform the duties of the Under Secretary of the Navy, becoming the service's No. 2 civilian. This strategic move follows recent leadership changes within the Navy, with Toti stepping into a critical role to drive change and efficiency across the department. His deep operational and technical background is expected to bring a focused perspective to naval leadership.

The U.S. Air Force has finally authorized low-rate initial production (LRIP) for Boeing's T-7A Red Hawk advanced trainer. This long-awaited decision sets the stage for replacing the service's venerable 60-year-old T-38 Talon, marking a critical step in modernizing combat pilot readiness.