Supply Chain Attacks Rock Software Ecosystem; Ransomware Cripples Dutch Healthcare and US Hospitals

Publication Date: April 10, 2026

Summary

A turbulent day in cybersecurity saw multiple, high-impact supply chain attacks compromising trusted software vendors like CPUID, Anodot, and the open-source library Axios, distributing malware to unsuspecting users. Simultaneously, ransomware attacks caused severe disruptions to critical infrastructure, with a major Dutch healthcare IT provider and multiple US hospitals and a county government falling victim, forcing service cancellations and a reversion to manual operations. Federal agencies also issued an urgent warning about ongoing Iranian state-sponsored attacks targeting US water and energy systems, highlighting the escalating threat to operational technology.

Today New Articles

CPUID Website Hijacked in Supply Chain Attack to Distribute STX RAT Infostealer

Between April 9 and April 10, 2026, the official website of popular utility software provider CPUID was compromised in a supply chain attack. For up to 19 hours, attackers hijacked a website API to redirect download links for the widely-used CPU-Z and HWMonito...

Minnesota's Winona County Suffers Second Crippling Ransomware Attack This Year

Winona County, Minnesota, is grappling with its second major cyberattack of 2026 after detecting a ransomware incident on April 7. The attack has severely disrupted government functions, taking many critical systems and digital services offline. Due to the inc...

Anodot Breach Leads to Supply Chain Attack on Snowflake Customers; ShinyHunters Claims Responsibility

A security breach at Israeli AI analytics firm Anodot has resulted in a significant downstream supply chain attack targeting customers of the cloud data platform Snowflake. The 'ShinyHunters' extortion gang claimed responsibility on April 7, 2026, stating they...

Google Issues Urgent Chrome Update to Patch 60 Flaws, Including Two Critical Bugs

Google has released an urgent security update for its Chrome browser, version 147, patching a total of 60 vulnerabilities. The update, announced around April 9, 2026, addresses two critical flaws, CVE-2026-5858 (a heap buffer overflow) and CVE-2026-5859 (an in...

Article Updates

AI-Powered Attacks Now a Top Concern for 79% of IT Leaders, Armis Report Finds

Update:A new Rapid7 report provides concrete data on the accelerating threat landscape, showing the median time from vulnerability disclosure to CISA KEV inclusion has plummeted from 8.5 to 5.0 days. The mean time-to-exploit also halved to 28.5 days. This acceleratio...