Daily Digest

Supply Chain Attacks Rock Software Ecosystem; Ransomware Cripples Dutch Healthcare and US Hospitals

Supply Chain Attacks Rock Software Ecosystem; Ransomware Cripples Dutch Healthcare and US Hospitals

April 10, 2026
5 articles (4 new, 1 updated)
15 min read

Summary

A turbulent day in cybersecurity saw multiple, high-impact supply chain attacks compromising trusted software vendors like CPUID, Anodot, and the open-source library Axios, distributing malware to unsuspecting users. Simultaneously, ransomware attacks caused severe disruptions to critical infrastructure, with a major Dutch healthcare IT provider and multiple US hospitals and a county government falling victim, forcing service cancellations and a reversion to manual operations. Federal agencies also issued an urgent warning about ongoing Iranian state-sponsored attacks targeting US water and energy systems, highlighting the escalating threat to operational technology.

Filter by Category

New Articles (4)

CPUID Website Hijacked in Supply Chain Attack to Distribute STX RAT Infostealer

HIGH

CPUID Supply Chain Attack: Trojanized CPU-Z and HWMonitor Installers Deploy STX RAT Malware

Between April 9 and April 10, 2026, the official website of popular utility software provider CPUID was compromised in a supply chain attack. For up to 19 hours, attackers hijacked a website API to redirect download links for the widely-used CPU-Z and HWMonitor tools. Unsuspecting users were served trojanized installers that used a DLL side-loading technique to deploy the STX RAT, a potent information-stealing malware. The attack, which reused infrastructure from a previous campaign, successfully infected over 150 victims across multiple countries, primarily targeting individuals but also impacting organizations in retail, manufacturing, and telecommunications.

April 10, 2026
6 min read
supply chain attackwatering holeSTX RATDLL side-loadinginfostealer +1 more
CPUID Website Hijacked in Supply Chain Attack to Distribute STX RAT Infostealer

Minnesota's Winona County Suffers Second Crippling Ransomware Attack This Year

HIGH

Winona County, Minnesota Declares State of Emergency After Second Ransomware Attack in 2026

Winona County, Minnesota, is grappling with its second major cyberattack of 2026 after detecting a ransomware incident on April 7. The attack has severely disrupted government functions, taking many critical systems and digital services offline. Due to the incident's complexity, Minnesota's governor deployed the National Guard's cyber protection team to assist with response and recovery. While 911 services remain operational, other functions like the DMV are unavailable. This is the second time the county has been targeted this year, with a preliminary investigation suggesting a different threat actor is responsible for the latest attack.

April 10, 2026
4 min read
ransomwarelocal governmentminnesotawinona countynational guard +1 more
Minnesota's Winona County Suffers Second Crippling Ransomware Attack This Year

Anodot Breach Leads to Supply Chain Attack on Snowflake Customers; ShinyHunters Claims Responsibility

HIGH

SaaS Vendor Anodot Breached; ShinyHunters Gang Uses Stolen Tokens to Attack Snowflake Customers

A security breach at Israeli AI analytics firm Anodot has resulted in a significant downstream supply chain attack targeting customers of the cloud data platform Snowflake. The 'ShinyHunters' extortion gang claimed responsibility on April 7, 2026, stating they leveraged stolen authentication tokens from Anodot's systems to gain unauthorized access to their customers' Snowflake instances. This allowed the attackers to bypass traditional defenses and steal data from multiple companies. High-profile victims, including Rockstar Games, have been named on the gang's leak site, with ransom demands issued to prevent the data from being published.

April 10, 2026
5 min read
supply chain attackshinyhuntersanodotsnowflakedata breach +2 more
Anodot Breach Leads to Supply Chain Attack on Snowflake Customers; ShinyHunters Claims Responsibility

Google Issues Urgent Chrome Update to Patch 60 Flaws, Including Two Critical Bugs

CRITICAL

Google Chrome 147 Patches 60 Vulnerabilities, Including Two Critical RCE Flaws

Google has released an urgent security update for its Chrome browser, version 147, patching a total of 60 vulnerabilities. The update, announced around April 9, 2026, addresses two critical flaws, CVE-2026-5858 (a heap buffer overflow) and CVE-2026-5859 (an integer overflow), both in Chrome's WebML component. These vulnerabilities could be exploited for remote code execution, and Google awarded researchers a combined $86,000 in bug bounties for their discovery. The update also fixes 14 high-severity flaws affecting components like WebRTC and the V8 JavaScript engine. Users are strongly advised to update their browsers immediately.

April 10, 2026
4 min read
google chromevulnerabilitypatch managementrcecve-2026-5858 +2 more
Google Issues Urgent Chrome Update to Patch 60 Flaws, Including Two Critical Bugs

Updated Articles (1)

AI-Powered Attacks Now a Top Concern for 79% of IT Leaders, Armis Report Finds

INFORMATIONAL

Armis Report: Nearly 8 in 10 IT Leaders View AI-Powered Attacks as a Major Threat

Update:

A new Rapid7 report provides concrete data on the accelerating threat landscape, showing the median time from vulnerability disclosure to CISA KEV inclusion has plummeted from 8.5 to 5.0 days. The mean time-to-exploit also halved to 28.5 days. This acceleration is attributed to the industrialization of cybercrime and AI's role in rapidly generating exploits via binary diffing. This makes known, unpatched 'n-day' vulnerabilities a more significant and immediate threat than zero-days, putting immense pressure on organizations to automate and accelerate patching cycles to avoid compromise.

March 18, 2026
Updated: April 10, 2026
3 min read
AIArtificial IntelligenceCyberwarfareThreat LandscapeArmis +1 more
AI-Powered Attacks Now a Top Concern for 79% of IT Leaders, Armis Report Finds

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.