[{"data":1,"prerenderedAt":155},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-04":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-04","Supply Chain Attacks Cripple EU Commission and Axios; Google Patches Actively Exploited Chrome Zero-Day","The cybersecurity landscape for April 3-4, 2026, was dominated by a surge in sophisticated supply chain attacks and critical zero-day exploits. The European Commission disclosed a major breach originating from a compromised version of the Trivy vulnerability scanner, while the popular Axios NPM package was hijacked by North Korean actors to distribute malware. Concurrently, Google issued an emergency patch for an actively exploited zero-day in Chrome (CVE-2026-5281). Other significant events include a Chinese APT exploiting a TrueConf zero-day (CVE-2026-3502) to target Asian governments, Russian hackers revisiting old breaches in Ukraine, and a wiper attack on medical giant Stryker, highlighting persistent threats across government, software supply chains, and critical infrastructure.","2026-04-04",8,[10,36,57,73,92,109,124,141],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":24,"createdAt":28,"updatedAt":29,"readingTime":30,"cves":31,"isUpdate":33,"updateSummary":34,"updateContent":35},"f594afaf-1aa6-4b3a-9679-7059a364a48a","chinese-apt-exploits-trueconf-zero-day-to-target-governments","Chinese Hackers Exploit TrueConf Zero-Day in 'Operation TrueChaos'","Chinese-Linked APT Exploits TrueConf Zero-Day (CVE-2026-3502) to Target Southeast Asian Governments","high","A suspected Chinese-nexus advanced persistent threat (APT) group is exploiting a zero-day vulnerability, CVE-2026-3502, in the TrueConf video conferencing application. The campaign, dubbed 'Operation TrueChaos' by Check Point, targets government entities in Southeast Asia. The attackers compromise on-premises TrueConf servers and hijack the software's update mechanism to deliver malicious updates to client machines. The final payload observed in these attacks is the Havoc open-source post-exploitation framework, giving the threat actors a persistent foothold inside the targeted government networks. TrueConf has patched the flaw in client version 8.5.3.",[18,19,20,21,22,23],"TrueConf","zero-day","China","APT","Havoc","espionage",[25,26,27],"Vulnerability","Threat Actor","Cyberattack","2026-04-02T15:00:00.000Z","2026-04-04T12:00:00.000Z",6,[32],"CVE-2026-3502",true,"CISA adds CVE-2026-3502, exploited by Chinese APT in 'Operation TrueChaos' targeting TrueConf, to its Known Exploited Vulnerabilities catalog, increasing urgency.","The zero-day vulnerability, CVE-2026-3502, exploited by a Chinese APT in 'Operation TrueChaos' targeting TrueConf, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. This inclusion signifies that the vulnerability is actively being exploited and poses a significant risk to federal agencies, urging immediate remediation. The campaign, which leverages the TrueConf client's update mechanism to deliver malware like the Havoc framework, continues to target government entities in Southeast Asia. Organizations are strongly advised to update TrueConf client software to version 8.5.3 or later to mitigate this critical threat.",{"id":37,"slug":38,"headline":39,"title":40,"severity":15,"excerpt":41,"tags":42,"categories":49,"createdAt":52,"updatedAt":53,"readingTime":54,"isUpdate":33,"updateSummary":55,"updateContent":56},"82798f0c-3765-4265-917c-1c2fc0bfaf2d","european-commission-data-breach-linked-to-teampcp-hacking-group","EU Commission Suffers Major Data Breach; TeamPCP Hackers Blamed for 92GB Data Heist","CERT-EU Attributes European Commission Data Breach to TeamPCP Hacking Group","The European Union's cybersecurity agency, CERT-EU, has attributed a significant data breach at the European Commission to the hacking group TeamPCP. The attack involved the compromise of the Commission's Amazon Web Services (AWS) account, leading to the exfiltration of approximately 92 gigabytes of data, including emails and documents. The breach is believed to be linked to the use of a compromised version of the Trivy open-source vulnerability scanner, which provided the attackers with a secret Amazon API key. The incident has potentially exposed data from dozens of EU entities.",[43,44,45,46,47,48],"cloud security","AWS","API key","supply chain attack","GDPR","open-source security",[50,51,26],"Data Breach","Cloud Security","2026-04-03T15:00:00.000Z","2026-04-04T00:00:00.000Z",5,"Stolen EU Commission data, exfiltrated by TeamPCP via compromised Trivy scanner, now being sold on dark web by ShinyHunters.","The 91.7 GB of compressed data exfiltrated from the European Commission's AWS environment by TeamPCP, which included sensitive email communications and personal information, has now been put up for sale on a dark web forum. The notorious data broker ShinyHunters is responsible for advertising the stolen data, confirming a dangerous collaboration between cybercriminal groups. This development significantly increases the impact of the breach, as the data is now actively being monetized and distributed, posing further risks to affected EU entities and individuals.",{"id":58,"slug":59,"headline":60,"title":61,"severity":15,"excerpt":62,"tags":63,"categories":68,"createdAt":52,"updatedAt":53,"readingTime":70,"isUpdate":33,"updateSummary":71,"updateContent":72},"725bf928-cc42-4f8e-9d0a-46fdc158ba78","nightspire-ransomware-group-claims-attack-on-french-organization-ocacia","NightSpire Ransomware Claims Attack on French Org, Threatens to Leak Audit Data","NightSpire Ransomware Group Targets French Organization OCACIA in Data Exfiltration Attack","The NightSpire ransomware group has claimed responsibility for a cyberattack against Association OCACIA, a French organization. On April 3, 2026, the group announced the breach on its leak site, threatening to publish sensitive internal documents if its ransom demands are not met. The allegedly exfiltrated data includes audit reports, non-compliance records, and corrective action plans, which could be highly damaging if released.",[64,65,66,67],"ransomware","double extortion","data leak","RaaS",[69,26,50],"Ransomware",4,"Additional MITRE TTPs and D3FEND techniques identified for NightSpire ransomware attack on OCACIA.","Further analysis of the NightSpire ransomware attack on Association OCACIA has revealed additional potential MITRE ATT&CK TTPs, including T1190 (Exploit Public-Facing Application), T1566 (Phishing), T1087 (Account Discovery), T1018 (Remote System Discovery), T1567.002 (Exfiltration to Cloud Storage), and T1657 (Financial Extortion). The D3FEND technique User Data Transfer Analysis (D3-UDTA) was also highlighted for detection. These details provide a more comprehensive understanding of the attack chain and potential detection/mitigation strategies.",{"id":74,"slug":75,"headline":76,"title":77,"severity":15,"excerpt":78,"tags":79,"categories":88,"createdAt":90,"updatedAt":90,"readingTime":70,"isUpdate":91},"857b0e17-6065-4ded-b55f-add4969ed4c8","russian-hackers-revisit-old-breaches-for-new-attacks-in-ukraine","Russian APTs Re-Exploiting Past Breaches for Renewed Attacks in Ukraine","CERT-UA: Russian Hackers Are Revisiting Old Breaches to Launch New Attacks","Ukraine's computer emergency response team, CERT-UA, has issued a warning that Russian state-sponsored hacking groups like APT28 (Fancy Bear) and Void Blizzard are systematically revisiting networks they have previously compromised. This new tactic focuses on checking for persistent access, unpatched vulnerabilities, and still-valid credentials to launch follow-up operations. The attackers are also evolving their social engineering, using direct phone and video calls to build trust before sending malicious files, making their initial access attempts more effective.",[80,81,82,83,84,85,23,86,87],"APT28","Fancy Bear","Void Blizzard","Russia","Ukraine","cyberwar","social engineering","CERT-UA",[26,27,89],"Security Operations","2026-04-04T15:00:00.000Z",false,{"id":93,"slug":94,"headline":95,"title":96,"severity":97,"excerpt":98,"tags":99,"categories":106,"createdAt":90,"updatedAt":90,"readingTime":70,"isUpdate":91},"de669227-708a-4e04-bff1-2564fb02ac6f","hims-hers-data-breach-investigated-after-zendesk-compromise","Hims & Hers Faces Class Action Probe After Third-Party Vendor Breach","Hims & Hers Data Breach via Third-Party Vendor Zendesk Under Investigation","medium","Telehealth company Hims & Hers, Inc. is under investigation for a data breach that originated from its third-party customer service provider, Zendesk. An unauthorized user gained access to the Zendesk platform between February 4 and February 7, 2026, exposing sensitive customer service tickets. These tickets contained personal information submitted by customers, including names and contact details. The national class action law firm Edelson Lechtzin LLP has launched an investigation into data privacy claims, highlighting the significant supply chain risks associated with third-party vendors.",[100,46,101,102,103,104,105],"data breach","third-party risk","Hims & Hers","Zendesk","telehealth","privacy",[50,107,108],"Supply Chain Attack","Policy and Compliance",{"id":110,"slug":111,"headline":112,"title":113,"severity":15,"excerpt":114,"tags":115,"categories":122,"createdAt":90,"updatedAt":90,"readingTime":70,"isUpdate":91},"a9920253-eb0b-48fc-bd03-7b3f598ff97b","massachusetts-regional-911-dispatch-center-hit-by-cyberattack","Cyberattack Disrupts Emergency Communications in Massachusetts Towns","Massachusetts Regional 911 Dispatch Center Hit by Cyberattack","A cyberattack beginning April 2, 2026, has impacted the Patriot Regional Emergency Communications Center, which provides 911 dispatch services for several towns in northern Massachusetts. The attack has disrupted town and public safety computer systems, taking non-emergency and business phone lines offline. While critical 9-1-1 call systems remain operational, the incident has significantly hampered administrative and secondary communication channels. Federal law enforcement has been notified, and an investigation is underway to determine the scope of the attack.",[116,117,118,119,120,121],"911","emergency services","critical infrastructure","cyberattack","Massachusetts","government",[27,123,108],"Industrial Control Systems",{"id":125,"slug":126,"headline":127,"title":128,"severity":15,"excerpt":129,"tags":130,"categories":138,"createdAt":90,"updatedAt":90,"readingTime":70,"cves":140,"isUpdate":91},"3633d9e2-3e4e-4820-ad6b-9e062b55add8","security-lapse-exposes-react2shell-attackers-credential-harvesting-dashboard","Researchers Gain Access to Hacker Dashboard in React2Shell Campaign","Security Lapse Exposes React2Shell Attackers' Credential Harvesting Dashboard","Researchers at Cisco Talos gained access to the operational dashboard of a threat group, UAT-10608, that is actively exploiting the React2Shell vulnerability (CVE-2025-55182) in Next.js applications. A security lapse in the attackers' own infrastructure left a web application fronting their stolen data collection exposed. This allowed Talos to view a trove of stolen credentials, API keys, and access tokens harvested from hundreds of compromised servers, including credentials for AWS and GitHub. Talos is now notifying the affected victims.",[131,132,133,134,135,136,137],"React2Shell","CVE-2025-55182","Next.js","Cisco Talos","vulnerability","credential harvesting","OPSEC",[25,139,26],"Threat Intelligence",[132],{"id":142,"slug":143,"headline":144,"title":145,"severity":97,"excerpt":146,"tags":147,"categories":153,"createdAt":90,"updatedAt":90,"readingTime":70,"isUpdate":91},"088d4c4e-ae58-43c7-8eb1-0290be1a53db","qr-code-scams-evolve-to-steal-payment-card-details","Traffic Violation Scams Leverage QR Codes to Harvest Financial Data","QR Code Scams Evolve to Steal Payment Card Details","A new wave of phishing scams is using QR codes embedded in fake traffic violation notices to trick victims into visiting malicious websites. This tactic bypasses user suspicion of malicious links in text messages and leverages the authority of government impersonation to create urgency. When scanned, the QR code directs the victim to a sophisticated phishing page designed to harvest personal and payment card details, contributing to the nearly $800 million in losses from government impersonation scams reported by the FBI in 2025.",[148,149,150,151,86,152],"phishing","quishing","QR code","scam","payment fraud",[154,108],"Phishing",1775683849397]