Supply Chain Attacks and Critical Zero-Days Rattle Global Infrastructure

Fortinet Releases Emergency Hotfix for Critical RCE Zero-Day in FortiClient EMS, CISA Adds to KEV Catalog

Fortinet has released an emergency hotfix for a critical zero-day vulnerability, CVE-2026-35616, affecting its FortiClient Endpoint Management Server (EMS). The flaw, rated 9.1 on the CVSS scale, is an improper access control issue that allows an unauthenticated remote attacker to achieve remote code execution. Fortinet confirmed the vulnerability is being actively exploited in the wild, prompting the U.S. CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog and mandate a swift patching deadline for federal agencies.

Zero-DayFortinetCVE-2026-35616RCEVulnerability +2 more

Fortinet Scrambles to Patch Actively Exploited FortiClient EMS Zero-Day (CVE-2026-35616)

Vulnerability

Patch Management

Hong Kong Hospital Authority Apologizes for Data Leak Affecting 56,000 Patients

Hong Kong Hospital Authority Investigates Major Data Breach Exposing Personal and Medical Data of Over 56,000 Patients

The Hong Kong Hospital Authority (HA) is investigating a major data breach that exposed the sensitive personal and medical information of over 56,000 patients from its Kowloon East hospital cluster. The data, including HKID numbers and surgical details, was discovered on a third-party platform. While an external cyberattack has been ruled out, the breach is suspected to be linked to 'inappropriate access' by a contractor. The police and Hong Kong's privacy commissioner have launched formal investigations into the incident.

Data BreachHealthcareHong KongInsider ThreatContractor +2 more

5 min read

Hong Kong Hospital Authority Apologizes for Data Leak Affecting 56,000 Patients

Regulatory

Threat Actor

Anthropic Accidentally Leaks 'Claude Code' AI Source Code in Packaging Error

MEDIUM

Anthropic's 'Claude Code' AI Source Code Accidentally Leaked to Public via npm Registry

AI research company Anthropic experienced a significant intellectual property leak after the full source code for its flagship 'Claude Code' AI tool was accidentally published. The leak was caused by a packaging error where a JavaScript source map file, included in a public npm package, contained the entire agent architecture. For over three hours, 512,000 lines of proprietary TypeScript code were publicly accessible and were cloned thousands of times. Anthropic has stated it was a human error, not a security breach, and that no customer data was exposed.

AnthropicClaude CodeSource Code LeakData Leaknpm +3 more

Anthropic Accidentally Leaks 'Claude Code' AI Source Code in Packaging Error

Policy and Compliance

Other

Hyderabad Police Warn of WhatsApp Impersonation Fraud Leading to Major Corporate Losses

New WhatsApp Impersonation Fraud Targets Corporate Executives in Hyderabad

Police in Hyderabad, India, have issued an alert about a sophisticated new fraud scheme targeting corporations. The multi-stage attack begins with a phishing email that installs remote access malware on an employee's computer. The criminals then wait for an active WhatsApp Web session, which they hijack to impersonate a senior executive (like the CEO or CFO). Posing as the executive, they instruct finance staff to make urgent, fraudulent financial transfers. The use of the legitimate WhatsApp account lends credibility to the requests, leading to significant financial losses for several companies.

WhatsAppFraudPhishingSocial EngineeringBEC +3 more

Hyderabad Police Warn of WhatsApp Impersonation Fraud Leading to Major Corporate Losses

Phishing

Malware

Trend Micro Uncovers Coordinated Malware Campaigns Targeting Seven Indian Banks

Trend Micro Uncovers Malware Campaigns Targeting Seven Indian Banks

Cybersecurity firm Trend Micro has identified a large-scale, coordinated phishing campaign targeting the customers of seven major banks in India. The attackers are using five distinct families of banking malware to steal credit card data and personal credentials. The primary attack vector is phishing messages containing malicious links that redirect victims to fake login pages and other fraudulent websites. The report highlights a significant and ongoing threat to India's banking sector, though the specific banks and malware families were not disclosed.

PhishingMalwareBanking TrojanTrend MicroIndia +1 more

Phishing

Malware

Threat Actor

Novel AI 'Feedback Loop' Attack Triggers 4-Hour Market Freeze at Financial Hub

AI-Driven "Feedback Loop" Attack Causes 4-Hour Market Freeze

A major global financial hub experienced a four-hour market freeze due to a novel cyberattack that turned an AI-powered defense system against itself. Attackers generated millions of fake, low-grade security alerts, overwhelming the institution's AI-driven Security Orchestration, Automation, and Response (SOAR) platform. The defensive AI, misinterpreting the flood of alerts as a massive assault, initiated its ultimate containment protocol: quarantining the entire primary trading floor network. The incident exposes a critical vulnerability in fully automated defense systems.

AIAdversarial AISOARCyberattackFinance +1 more

Novel AI 'Feedback Loop' Attack Triggers 4-Hour Market Freeze at Financial Hub

Industrial Control Systems

Threat Intelligence

CISA Mandates Decommission of Medical IoT Gateways Due to 'Vitals Vapor' Zero-Day

CISA Issues Emergency Directive to Decommission Medical IoT Gateways Vulnerable to 'Vitals Vapor' Zero-Day Exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 26-03, ordering the immediate decommissioning of specific legacy embedded IoT gateways used in medical facilities. The urgent action responds to a new zero-day exploit dubbed 'Vitals Vapor,' which poses a grave threat to patient safety. The exploit allows attackers to compromise patient monitoring systems, freeze the live data feed, and loop pre-recorded normal data to nursing stations, effectively hiding a patient's deteriorating condition or the effects of a cyberattack.

CISAEmergency DirectiveIoT SecurityHealthcareZero-Day +3 more

CISA Mandates Decommission of Medical IoT Gateways Due to 'Vitals Vapor' Zero-Day

IoT Security

Vulnerability

Industrial Control Systems

Australian Water Treatment Facilities Thwart Coordinated PLC Cyberattack

Australian Water Treatment Facility Hit by Coordinated PLC Breach

Multiple municipal water treatment facilities in Australia were the target of a coordinated cyberattack aimed at their chemical feed Programmable Logic Controllers (PLCs). The attackers attempted to breach the industrial control systems to override safety thresholds for chlorine distribution. A potential public health crisis was averted by the timely manual intervention of plant operators. The incident exposes significant vulnerabilities in internet-connected critical infrastructure and highlights the growing threat to operational technology (OT) in the water sector.

ICSOT SecurityPLCCritical InfrastructureCyberattack +2 more

Industrial Control Systems

Threat Intelligence

Updated Articles (4)

Lapsus$ Claims Theft of 4TB of Data from AI Firm Mercor in LiteLLM Supply Chain Attack

Lapsus$ Claims 4TB Data Theft from AI Firm Mercor Following LiteLLM Supply Chain Attack

Meta has halted its partnership with AI data contracting startup Mercor following the LiteLLM supply chain attack. The breach, attributed to TeamPCP, exposed highly sensitive and proprietary AI training data and methodologies belonging to Mercor's high-profile clients, including Meta, OpenAI, and Anthropic. This development significantly escalates the incident's impact, highlighting critical security vulnerabilities within the AI supply chain and causing major financial and reputational damage to Mercor.

April 2, 2026

supply chainLapsus$PyPILiteLLMdata breach +1 more

6 min read

Supply Chain Attack

Threat Actor

Cisco Patches Critical Unauthenticated RCE Flaw in Smart Software Manager

Cisco Patches Critical 9.8 CVSS RCE Vulnerability (CVE-2026-20160) in SSM On-Prem

Cisco has issued a broader security advisory, now encompassing critical vulnerabilities in its Integrated Management Controller (IMC) in addition to Smart Software Manager On-Prem (SSM On-Prem). The new advisory covers a wider range of affected products, including UCS servers and Catalyst Edge uCPE devices. These flaws allow unauthenticated remote attackers to bypass authentication, escalate privileges, and execute arbitrary commands, leading to full system compromise. While no active exploitation is known, immediate patching is urged due to the expanded scope and critical nature of these vulnerabilities across Cisco's enterprise hardware.

April 2, 2026

CiscovulnerabilityRCEcriticalpatch management +1 more

5 min read

Cisco Patches Critical Unauthenticated RCE Flaw in Smart Software Manager

Vulnerability

Patch Management

EU Commission Hacked via Compromised Trivy Scanner in Major Supply Chain Attack

TeamPCP Exploits Compromised Trivy Scanner to Breach European Commission, Stealing 92GB of Data

The European Commission data breach update reveals that the Trivy scanner was compromised through its GitHub CI/CD pipeline. Attackers exfiltrated 92 GB of compressed data, which is now confirmed to be 340 GB uncompressed. The notorious ShinyHunters group publicly leaked the data on March 28, 2026. The breach impacts up to 71 EU entities, including 42 internal Commission clients and 29 other EU bodies. Additional MITRE ATT&CK techniques for persistence and exfiltration have also been identified.

April 4, 2026

supply chain attackcloud securityAWSdata breachvulnerability scanner +3 more

Supply Chain Attack

Cloud Security

Hims & Hers Faces Class Action Probe After Third-Party Vendor Breach

MEDIUM

Hims & Hers Data Breach via Third-Party Vendor Zendesk Under Investigation

New information reveals the Hims & Hers data breach was executed by the notorious ShinyHunters extortion group. The attackers gained unauthorized access to the company's Zendesk instance by compromising an Okta single sign-on (SSO) account, leveraging techniques such as Valid Accounts (T1078) and potentially SAML Evasion (T1606.002). The incident, which occurred between February 4-7, 2026, involved the exfiltration of customer support tickets containing names, contact information, and support request details. Hims & Hers confirmed medical records were not compromised and is offering 12 months of credit monitoring to affected individuals. This update provides crucial attribution and technical specifics on the initial access.

April 4, 2026

data breachsupply chain attackthird-party riskHims & HersZendesk +2 more

Hims & Hers Faces Class Action Probe After Third-Party Vendor Breach