Supply Chain Attacks Cripple EU Commission and Axios; Google Patches Actively Exploited Chrome Zero-Day

CERT-UA: Russian Hackers Are Revisiting Old Breaches to Launch New Attacks

Ukraine's computer emergency response team, CERT-UA, has issued a warning that Russian state-sponsored hacking groups like APT28 (Fancy Bear) and Void Blizzard are systematically revisiting networks they have previously compromised. This new tactic focuses on checking for persistent access, unpatched vulnerabilities, and still-valid credentials to launch follow-up operations. The attackers are also evolving their social engineering, using direct phone and video calls to build trust before sending malicious files, making their initial access attempts more effective.

APT28Fancy BearVoid BlizzardRussiaUkraine +4 more

Russian APTs Re-Exploiting Past Breaches for Renewed Attacks in Ukraine

Cyberattack

Security Operations

Hims & Hers Faces Class Action Probe After Third-Party Vendor Breach

MEDIUM

Hims & Hers Data Breach via Third-Party Vendor Zendesk Under Investigation

Telehealth company Hims & Hers, Inc. is under investigation for a data breach that originated from its third-party customer service provider, Zendesk. An unauthorized user gained access to the Zendesk platform between February 4 and February 7, 2026, exposing sensitive customer service tickets. These tickets contained personal information submitted by customers, including names and contact details. The national class action law firm Edelson Lechtzin LLP has launched an investigation into data privacy claims, highlighting the significant supply chain risks associated with third-party vendors.

data breachsupply chain attackthird-party riskHims & HersZendesk +2 more

Hims & Hers Faces Class Action Probe After Third-Party Vendor Breach

Data Breach

Supply Chain Attack

Policy and Compliance

Cyberattack Disrupts Emergency Communications in Massachusetts Towns

Massachusetts Regional 911 Dispatch Center Hit by Cyberattack

A cyberattack beginning April 2, 2026, has impacted the Patriot Regional Emergency Communications Center, which provides 911 dispatch services for several towns in northern Massachusetts. The attack has disrupted town and public safety computer systems, taking non-emergency and business phone lines offline. While critical 9-1-1 call systems remain operational, the incident has significantly hampered administrative and secondary communication channels. Federal law enforcement has been notified, and an investigation is underway to determine the scope of the attack.

911emergency servicescritical infrastructurecyberattackMassachusetts +1 more

Cyberattack

Industrial Control Systems

Policy and Compliance

Researchers Gain Access to Hacker Dashboard in React2Shell Campaign

Security Lapse Exposes React2Shell Attackers' Credential Harvesting Dashboard

Researchers at Cisco Talos gained access to the operational dashboard of a threat group, UAT-10608, that is actively exploiting the React2Shell vulnerability (CVE-2025-55182) in Next.js applications. A security lapse in the attackers' own infrastructure left a web application fronting their stolen data collection exposed. This allowed Talos to view a trove of stolen credentials, API keys, and access tokens harvested from hundreds of compromised servers, including credentials for AWS and GitHub. Talos is now notifying the affected victims.

React2ShellCVE-2025-55182Next.jsCisco Talosvulnerability +2 more

Researchers Gain Access to Hacker Dashboard in React2Shell Campaign

Vulnerability

Threat Intelligence

Traffic Violation Scams Leverage QR Codes to Harvest Financial Data

MEDIUM

QR Code Scams Evolve to Steal Payment Card Details

A new wave of phishing scams is using QR codes embedded in fake traffic violation notices to trick victims into visiting malicious websites. This tactic bypasses user suspicion of malicious links in text messages and leverages the authority of government impersonation to create urgency. When scanned, the QR code directs the victim to a sophisticated phishing page designed to harvest personal and payment card details, contributing to the nearly $800 million in losses from government impersonation scams reported by the FBI in 2025.

phishingquishingQR codescamsocial engineering +1 more

Traffic Violation Scams Leverage QR Codes to Harvest Financial Data

Phishing

Policy and Compliance

Updated Articles (3)

Chinese Hackers Exploit TrueConf Zero-Day in 'Operation TrueChaos'

TrueConfzero-dayChinaAPTHavoc +1 more

Chinese-Linked APT Exploits TrueConf Zero-Day (CVE-2026-3502) to Target Southeast Asian Governments

Update:

The zero-day vulnerability, CVE-2026-3502, exploited by a Chinese APT in 'Operation TrueChaos' targeting TrueConf, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. This inclusion signifies that the vulnerability is actively being exploited and poses a significant risk to federal agencies, urging immediate remediation. The campaign, which leverages the TrueConf client's update mechanism to deliver malware like the Havoc framework, continues to target government entities in Southeast Asia. Organizations are strongly advised to update TrueConf client software to version 8.5.3 or later to mitigate this critical threat.

April 2, 2026

Updated: April 4, 2026

6 min read

Chinese Hackers Exploit TrueConf Zero-Day in 'Operation TrueChaos'

Vulnerability

Cyberattack

EU Commission Suffers Major Data Breach; TeamPCP Hackers Blamed for 92GB Data Heist

cloud securityAWSAPI keysupply chain attackGDPR +1 more

CERT-EU Attributes European Commission Data Breach to TeamPCP Hacking Group

Update:

The 91.7 GB of compressed data exfiltrated from the European Commission's AWS environment by TeamPCP, which included sensitive email communications and personal information, has now been put up for sale on a dark web forum. The notorious data broker ShinyHunters is responsible for advertising the stolen data, confirming a dangerous collaboration between cybercriminal groups. This development significantly increases the impact of the breach, as the data is now actively being monetized and distributed, posing further risks to affected EU entities and individuals.

April 3, 2026

Updated: April 4, 2026

5 min read

Data Breach

Cloud Security

NightSpire Ransomware Claims Attack on French Org, Threatens to Leak Audit Data

NightSpire Ransomware Group Targets French Organization OCACIA in Data Exfiltration Attack

Update:

Further analysis of the NightSpire ransomware attack on Association OCACIA has revealed additional potential MITRE ATT&CK TTPs, including T1190 (Exploit Public-Facing Application), T1566 (Phishing), T1087 (Account Discovery), T1018 (Remote System Discovery), T1567.002 (Exfiltration to Cloud Storage), and T1657 (Financial Extortion). The D3FEND technique User Data Transfer Analysis (D3-UDTA) was also highlighted for detection. These details provide a more comprehensive understanding of the attack chain and potential detection/mitigation strategies.

April 3, 2026

Updated: April 4, 2026

ransomwaredouble extortiondata leakRaaS

Ransomware