US Warns of Iranian APTs on Critical Infrastructure; APT28 Hijacks Routers and Deploys New Malware

Publication Date: April 8, 2026

Summary

This edition covers a critical alert from US agencies regarding Iranian APTs targeting industrial controllers in critical infrastructure, leading to operational disruptions. Concurrently, the Russian-linked group APT28 has been implicated in two major campaigns: one hijacking thousands of SOHO routers for global espionage and another deploying a new malware suite, PRISMEX, against Ukraine and NATO allies. Other significant events include Google patching a fourth actively exploited Chrome zero-day, a supply chain attack hitting Cisco via a compromised scanner, and multiple data breaches in the healthcare sector, highlighting the persistent threats facing both public and private entities.

Today New Articles

New 'LucidRook' Malware Uses Lua and Rust in Targeted Attacks on Taiwan

Security researchers at Cisco Talos have discovered a new, sophisticated malware family named 'LucidRook' used in targeted spear-phishing campaigns. Attributed to a threat cluster known as UAT-10362, the attacks primarily target non-governmental organizations...

APT28 'FrostArmada' Campaign Hijacks SOHO Routers for Global DNS Espionage

The Russian-linked threat group APT28 (aka Forest Blizzard) has been identified as the actor behind 'FrostArmada,' a large-scale cyber espionage campaign compromising insecure Small Office/Home Office (SOHO) routers. According to Lumen's Black Lotus Labs and M...

Singapore's CSA Issues Advisory on Securing Software Supply Chains

The Cyber Security Agency of Singapore (CSA) has published an advisory on the increasing threat of software supply chain attacks. The guidance warns that threat actors are targeting third-party software dependencies and automated development pipelines to compr...

Southern Illinois Dermatology Breach Exposes Data of Over 150,000 Patients

Southern Illinois Dermatology has started notifying patients of a data breach that occurred in November 2025. An unauthorized party gained access to its network and exfiltrated files containing patient data, including names, Social Security numbers, and medica...

Samsung's April 2026 Patch Fixes 47 Vulnerabilities in Galaxy Devices

Samsung has released its April 2026 security patch, which addresses a total of 47 vulnerabilities affecting its Galaxy line of smartphones, tablets, and wearables. The update is a combination of patches from Google and Samsung itself. It includes 33 fixes from...

US Data Breach Costs Hit Record $10.2M, Fueled by AI and Supply Chain Attacks

A new report from insurance provider Chubb reveals that the average cost of a data breach in the United States has reached a record high of $10.2 million, more than double the global average. The 2026 Cyber Claims Report identifies three key drivers for this s...

Article Updates

TeamPCP's Sophisticated Supply Chain Attack on Trivy and LiteLLM Hits 1,000+ SaaS Environments

Update:Technology giant Cisco has confirmed it was impacted by the TeamPCP supply chain attack, which leveraged the compromised Trivy scanner. Attackers used a malicious GitHub Action to pivot into Cisco's internal development environment, resulting in the theft of s...

Pro-Iranian Hacktivists "Handala" Claim Attack on US Medical Tech Firm Stryker

Update:The pro-Iranian hacktivist group Handala has dramatically intensified its cyber campaign, evolving from primarily web defacements and DoS attacks to employing more destructive tactics. According to Bitdefender, Handala claimed 23 ransomware victims in March 20...

Healthcare IT Firm CareCloud Probes Patient Data Access in EHR Breach

Update:CareCloud has officially confirmed that the cyberattack on March 16, 2026, resulted in the theft of sensitive patient data. A forensic investigation concluded that Protected Health Information (PHI) was exfiltrated by the attackers. In addition to the data bre...