Medusa Ransomware Exploits Zero-Days, Iranian APTs Target US Infrastructure, and Critical Fortinet Flaw Patched

Publication Date: April 7, 2026

Summary

This edition covers the period of April 6-7, 2026, a timeframe marked by significant nation-state activity, rapid zero-day exploitation, and major supply chain compromises. Key events include the identification of China-based Storm-1175, a Medusa ransomware affiliate using zero-days for swift attacks on healthcare and finance. Concurrently, a US federal advisory warns of Iranian APTs targeting critical infrastructure by exploiting Rockwell PLCs. CISA has mandated urgent patching for a new, actively exploited Fortinet zero-day (CVE-2026-35616), while a separate unpatched Windows LPE zero-day, 'BlueHammer,' was publicly released. Supply chain attacks also featured prominently, with a North Korean group compromising the popular Axios npm library and a breach at the European Commission traced back to a compromised Trivy scanner. These incidents highlight the increasing speed and sophistication of threat actors across the globe.

Today New Articles

Iranian APTs Target US Critical Infrastructure, Exploiting Internet-Exposed Rockwell PLCs

A coalition of U.S. federal agencies, including CISA, the FBI, and the NSA, has issued a joint advisory (AA26-097A) warning of ongoing disruptive attacks by Iranian-affiliated APT actors against U.S. critical infrastructure. The campaign specifically targets i...

AI Model Discovers RCE Zero-Days in Vim and Emacs with Simple Prompts

A security researcher has demonstrated the power of AI in vulnerability discovery by using Anthropic's Claude Code model to find critical zero-day flaws in the source code of the popular Vim and GNU Emacs text editors. With a simple prompt—"Somebody told me th...

Hackers Actively Exploit Critical RCE Flaw in Ninja Forms WordPress Add-on

A critical remote code execution (RCE) vulnerability, CVE-2026-0740, in the 'File Uploads' add-on for the popular Ninja Forms WordPress plugin is being actively exploited in the wild. The flaw, rated 9.8 out of 10 for severity, allows an unauthenticated attack...

SparkCat Mobile Malware Returns, Stealing Crypto Phrases from Photos on iOS and Android

A new variant of the SparkCat mobile trojan has been discovered on both the Apple App Store and Google Play Store, disguised as legitimate applications like enterprise messengers. Security researchers at Kaspersky report that the malware, which primarily targe...

Anthropic's Project Glasswing Uses New AI to Find Thousands of Critical Flaws

AI research company Anthropic has launched Project Glasswing, a major cybersecurity initiative that uses a new AI model, Claude Mythos, to proactively discover vulnerabilities in critical software. In partnership with a consortium of tech giants including Goog...

Article Updates

Fortinet Scrambles to Patch Actively Exploited FortiClient EMS Zero-Day (CVE-2026-35616)

Update:The U.S. CISA officially added CVE-2026-35616 to its Known Exploited Vulnerabilities catalog on April 6, 2026, mandating federal agencies to apply the Fortinet hotfix by April 9, 2026. The vulnerability, which allows remote code execution in FortiClient EMS ve...