[{"data":1,"prerenderedAt":132},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-09":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-09","AI Discovers Thousands of Zero-Days, Iranian APTs Hit US Critical Infrastructure, and Multiple Zero-Days Actively Exploited","This 24-hour period has been marked by several unprecedented and critical cybersecurity events. Anthropic revealed its 'Claude Mythos' AI has autonomously discovered thousands of zero-day vulnerabilities, prompting a defensive-only coalition with major tech firms. Simultaneously, a joint federal advisory warned that Iranian-linked APTs are actively disrupting U.S. critical infrastructure by exploiting internet-facing PLCs. Adding to the urgency, unpatched zero-day exploits for Microsoft Windows ('BlueHammer') and Adobe Reader have been publicly detailed and are under active exploitation, while CISA has ordered federal agencies to patch a critical, actively exploited Ivanti EPMM flaw. The period also saw major ransomware attacks disrupting Dutch hospitals and targeting a global law firm.","2026-04-09",8,[10,29,48,61,75,90,106,121],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":25,"createdAt":26,"updatedAt":26,"readingTime":27,"isUpdate":28},"1e751b05-ef6e-41c2-aeef-d42fd076c21e","ransomware-attack-on-dutch-vendor-chipsoft-disrupts-hospitals","Ransomware Attack on Dutch Health-Tech Giant ChipSoft Disrupts 70% of Hospitals","Major Dutch Healthcare Vendor ChipSoft Hit by Ransomware, Forcing Hospitals Offline and Sparking Patient Data Fears","high","A crippling ransomware attack has struck ChipSoft, a dominant provider of electronic health record (EHR) software in the Netherlands, causing widespread disruption across the nation's healthcare system. The attack, confirmed on April 7, 2026, forced ChipSoft to take its platforms offline and prompted at least 11 hospitals to sever connections as a precaution. The incident has created significant logistical challenges and raised concerns that sensitive patient data may have been compromised, highlighting the systemic risk posed by supply chain attacks in the healthcare sector.",[18,19,20,21,22,23,24],"Ransomware","Healthcare","ChipSoft","Netherlands","EHR","Supply Chain Attack","Data Breach",[18,24,23],"2026-04-09T15:00:00.000Z",5,false,{"id":30,"slug":31,"headline":32,"title":33,"severity":34,"excerpt":35,"tags":36,"categories":44,"createdAt":26,"updatedAt":26,"readingTime":27,"cves":46,"cvssScore":47,"isUpdate":28},"62f4640b-ee48-4664-9553-abc33f139b2a","cisa-adds-critical-ivanti-epmm-flaw-to-kev-catalog","CISA Mandates Federal Agencies Patch Actively Exploited Ivanti EPMM Flaw by April 11","CISA Adds Critical Ivanti EPMM Code Injection Flaw (CVE-2026-1340) to Known Exploited Vulnerabilities Catalog","critical","The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score of 9.8, allows for unauthenticated remote code execution and is confirmed to be actively exploited in the wild. CISA has issued a directive requiring all federal civilian agencies to apply patches by April 11, 2026, and strongly urges all organizations using the affected product to remediate immediately.",[37,38,39,40,41,42,43],"CISA","KEV","Ivanti","CVE-2026-1340","Vulnerability","Patch Management","Zero-Day",[41,42,45],"Cyberattack",[40],9.8,{"id":49,"slug":50,"headline":51,"title":52,"severity":15,"excerpt":53,"tags":54,"categories":60,"createdAt":26,"updatedAt":26,"readingTime":27,"isUpdate":28},"357555a6-5abe-40ef-8e4d-9dc344b924af","adobe-reader-zero-day-exploit-actively-steals-data","Active Zero-Day in Adobe Reader Steals Files by Abusing Privileged APIs","Unpatched Adobe Reader Zero-Day Exploit Actively Stealing Local Files via Malicious PDFs","A previously unknown zero-day vulnerability in Adobe Acrobat and Reader is being actively exploited in targeted attacks to steal data from victims' computers. The flaw, a logic bug in the application's JavaScript engine, allows a specially crafted PDF to bypass the sandbox and invoke privileged APIs. Simply opening the malicious document is enough to trigger the exploit, which can read arbitrary local files and exfiltrate them to an attacker-controlled server. Adobe has not yet released a patch, and the campaign, which uses Russian-language lures, appears to be targeting the oil and gas sector.",[43,55,56,57,58,59],"Adobe","PDF","Exploit","Data Exfiltration","Sandbox Escape",[41,45,24],{"id":62,"slug":63,"headline":64,"title":65,"severity":15,"excerpt":66,"tags":67,"categories":73,"createdAt":26,"updatedAt":26,"readingTime":27,"isUpdate":28},"88095d9d-c2cb-4033-b9a8-b016404f3347","silent-ransom-group-targets-law-firm-jones-day-phishing-attack","Silent Ransom Group Claims Phishing Attack on Law Firm Jones Day, Demands $13M","Global Law Firm Jones Day Hit by Silent Ransom Group in Phishing Attack, Client Files Accessed","The prominent global law firm Jones Day has disclosed it was the victim of a targeted phishing attack that resulted in unauthorized access to files for ten clients. The Silent Ransom Group (SRG), a sophisticated threat actor believed to be a splinter group from the notorious Conti syndicate, has claimed responsibility. The group allegedly published negotiation chats demanding a US$13 million ransom to prevent the public leak of stolen confidential client data and internal communications, highlighting the persistent targeting of the legal sector by high-stakes extortion groups.",[24,68,18,69,70,71,72],"Phishing","Silent Ransom Group","Conti","Jones Day","Legal",[24,68,74],"Threat Actor",{"id":76,"slug":77,"headline":78,"title":79,"severity":34,"excerpt":80,"tags":81,"categories":86,"createdAt":26,"updatedAt":26,"readingTime":87,"cves":88,"cvssScore":89,"isUpdate":28},"2595f69b-f872-4641-b8a5-0cd141377ca4","marimo-rce-flaw-exploited-within-hours-of-disclosure","Marimo RCE Flaw Exploited in Under 10 Hours of Public Disclosure","Critical Marimo RCE Flaw (CVE-2026-39987) Exploited in the Wild Less Than 10 Hours After Disclosure","A critical, unauthenticated remote code execution (RCE) vulnerability in the Marimo Python notebook, CVE-2026-39987, was exploited in the wild just 9 hours and 41 minutes after its public disclosure on April 8, 2026. The flaw, which has a CVSS score of 9.3, allows an unauthenticated attacker to gain a full interactive shell on the server running the notebook. Security firm Sysdig observed an attacker developing a working exploit directly from the advisory's technical details and using it to steal credentials, demonstrating the rapidly shrinking window between vulnerability disclosure and exploitation.",[82,41,57,83,84,85,43],"RCE","Marimo","Python","CVE-2026-39987",[41,45],4,[85],9.3,{"id":91,"slug":92,"headline":93,"title":94,"severity":15,"excerpt":95,"tags":96,"categories":104,"createdAt":26,"updatedAt":26,"readingTime":87,"isUpdate":28},"63295c07-5050-4fca-9da2-23e7ef03d2c1","atomic-stealer-targets-macos-with-new-clickfix-attack","Atomic Stealer Malware Bypasses macOS Warnings with New 'ClickFix' Attack Vector","Atomic Stealer Evolves 'ClickFix' Tactic to Target macOS Users via Apple's Script Editor","A new malware campaign is delivering the Atomic Stealer (AMOS) infostealer to macOS users by evolving the 'ClickFix' social engineering technique. To bypass recent security warnings Apple added to the Terminal application, threat actors are now tricking users into launching Apple's built-in Script Editor and pasting malicious code. The attack, identified by Jamf Threat Labs, uses convincing browser pop-ups to guide victims through a fake troubleshooting workflow, ultimately leading to the installation of the AMOS infostealer and a persistent backdoor.",[97,98,99,100,101,102,103],"Malware","macOS","Atomic Stealer","AMOS","Social Engineering","ClickFix","Infostealer",[97,68,105],"Mobile Security",{"id":107,"slug":108,"headline":109,"title":110,"severity":111,"excerpt":112,"tags":113,"categories":118,"createdAt":26,"updatedAt":26,"readingTime":87,"isUpdate":28},"eb4e08b0-f504-4f08-af59-02af0fb514f6","phishing-campaign-impersonates-palo-alto-networks-recruiters","Job Seekers Targeted in Phishing Scam Impersonating Palo Alto Networks Recruiters","Unit 42 Exposes Phishing Scam Where Fake Palo Alto Networks Recruiters Trick Job Seekers into Paying for 'CV Formatting'","medium","Threat actors are conducting a sophisticated phishing campaign targeting senior-level professionals by impersonating recruiters from cybersecurity giant Palo Alto Networks. According to the company's own Unit 42 threat intelligence team, the scam uses data scraped from LinkedIn for highly personalized lures. The attackers trick victims by creating a sense of urgency, claiming the candidate's CV failed an automated screening, and then referring them to a paid 'CV expert' to fix the fake formatting issue, ultimately scamming them out of several hundred dollars.",[68,114,101,115,116,117],"Scam","Palo Alto Networks","Recruitment","LinkedIn",[68,119,120],"Policy and Compliance","Other",{"id":122,"slug":123,"headline":124,"title":125,"severity":15,"excerpt":126,"tags":127,"categories":131,"createdAt":26,"updatedAt":26,"readingTime":87,"isUpdate":28},"7c6ea256-ebff-431d-91cc-872bcf553eff","fake-microsoft-support-site-targets-french-users-with-infostealer","Fake Windows Update Site Tricks French-Speaking Users into Installing Infostealer","Convincing Fake Microsoft Support Site Distributes Infostealer to French Users via Malvertising","A malvertising campaign is directing French-speaking users to a highly convincing but fake Microsoft support website hosted on a typosquatted domain. The site, designed to mimic an official Windows update page, tricks users into downloading what they believe is a cumulative update for Windows. The downloaded file is actually a Windows Installer package that deploys a potent information-stealing malware. Researchers at Malwarebytes, who discovered the campaign, suggest it may be leveraging recent large-scale data breaches in France to enhance the believability of related scams.",[97,103,68,128,129,130],"Malvertising","Microsoft","France",[97,68],1776260665656]