AI Discovers Thousands of Zero-Days, Iranian APTs Hit US Critical Infrastructure, and Multiple Zero-Days Actively Exploited
Summary
This 24-hour period has been marked by several unprecedented and critical cybersecurity events. Anthropic revealed its 'Claude Mythos' AI has autonomously discovered thousands of zero-day vulnerabilities, prompting a defensive-only coalition with major tech firms. Simultaneously, a joint federal advisory warned that Iranian-linked APTs are actively disrupting U.S. critical infrastructure by exploiting internet-facing PLCs. Adding to the urgency, unpatched zero-day exploits for Microsoft Windows ('BlueHammer') and Adobe Reader have been publicly detailed and are under active exploitation, while CISA has ordered federal agencies to patch a critical, actively exploited Ivanti EPMM flaw. The period also saw major ransomware attacks disrupting Dutch hospitals and targeting a global law firm.
Today New Articles
Ransomware Attack on Dutch Health-Tech Giant ChipSoft Disrupts 70% of Hospitals
A crippling ransomware attack has struck ChipSoft, a dominant provider of electronic health record (EHR) software in the Netherlands, causing widespread disruption across the nation's healthcare system. The attack, confirmed on April 7, 2026, forced ChipSoft t...
CISA Mandates Federal Agencies Patch Actively Exploited Ivanti EPMM Flaw by April 11
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score o...
Active Zero-Day in Adobe Reader Steals Files by Abusing Privileged APIs
A previously unknown zero-day vulnerability in Adobe Acrobat and Reader is being actively exploited in targeted attacks to steal data from victims' computers. The flaw, a logic bug in the application's JavaScript engine, allows a specially crafted PDF to bypas...
Silent Ransom Group Claims Phishing Attack on Law Firm Jones Day, Demands $13M
The prominent global law firm Jones Day has disclosed it was the victim of a targeted phishing attack that resulted in unauthorized access to files for ten clients. The Silent Ransom Group (SRG), a sophisticated threat actor believed to be a splinter group fro...
Marimo RCE Flaw Exploited in Under 10 Hours of Public Disclosure
A critical, unauthenticated remote code execution (RCE) vulnerability in the Marimo Python notebook, CVE-2026-39987, was exploited in the wild just 9 hours and 41 minutes after its public disclosure on April 8, 2026. The flaw, which has a CVSS score of 9.3, al...
Atomic Stealer Malware Bypasses macOS Warnings with New 'ClickFix' Attack Vector
A new malware campaign is delivering the Atomic Stealer (AMOS) infostealer to macOS users by evolving the 'ClickFix' social engineering technique. To bypass recent security warnings Apple added to the Terminal application, threat actors are now tricking users...
Job Seekers Targeted in Phishing Scam Impersonating Palo Alto Networks Recruiters
Threat actors are conducting a sophisticated phishing campaign targeting senior-level professionals by impersonating recruiters from cybersecurity giant Palo Alto Networks. According to the company's own Unit 42 threat intelligence team, the scam uses data scr...
Fake Windows Update Site Tricks French-Speaking Users into Installing Infostealer
A malvertising campaign is directing French-speaking users to a highly convincing but fake Microsoft support website hosted on a typosquatted domain. The site, designed to mimic an official Windows update page, tricks users into downloading what they believe i...