Daily Digest

Supply Chain Attacks Rock Software Ecosystem; Ransomware Cripples Dutch Healthcare and US Hospitals

April 10, 2026

5 articles (4 new, 1 updated)

15 min read

Summary

A turbulent day in cybersecurity saw multiple, high-impact supply chain attacks compromising trusted software vendors like CPUID, Anodot, and the open-source library Axios, distributing malware to unsuspecting users. Simultaneously, ransomware attacks caused severe disruptions to critical infrastructure, with a major Dutch healthcare IT provider and multiple US hospitals and a county government falling victim, forcing service cancellations and a reversion to manual operations. Federal agencies also issued an urgent warning about ongoing Iranian state-sponsored attacks targeting US water and energy systems, highlighting the escalating threat to operational technology.

Filter by Category

New Articles (4)

CPUID Website Hijacked in Supply Chain Attack to Distribute STX RAT Infostealer

HIGH

CPUID Supply Chain Attack: Trojanized CPU-Z and HWMonitor Installers Deploy STX RAT Malware

Between April 9 and April 10, 2026, the official website of popular utility software provider CPUID was compromised in a supply chain attack. For up to 19 hours, attackers hijacked a website API to redirect download links for the widely-used CPU-Z and HWMonitor tools. Unsuspecting users were served trojanized installers that used a DLL side-loading technique to deploy the STX RAT, a potent information-stealing malware. The attack, which reused infrastructure from a previous campaign, successfully infected over 150 victims across multiple countries, primarily targeting individuals but also impacting organizations in retail, manufacturing, and telecommunications.

April 10, 2026

6 min read

supply chain attackwatering holeSTX RATDLL side-loadinginfostealer +1 more

Supply Chain Attack

Malware

Cyberattack

Minnesota's Winona County Suffers Second Crippling Ransomware Attack This Year

HIGH

Winona County, Minnesota Declares State of Emergency After Second Ransomware Attack in 2026

Winona County, Minnesota, is grappling with its second major cyberattack of 2026 after detecting a ransomware incident on April 7. The attack has severely disrupted government functions, taking many critical systems and digital services offline. Due to the incident's complexity, Minnesota's governor deployed the National Guard's cyber protection team to assist with response and recovery. While 911 services remain operational, other functions like the DMV are unavailable. This is the second time the county has been targeted this year, with a preliminary investigation suggesting a different threat actor is responsible for the latest attack.

April 10, 2026

4 min read

ransomwarelocal governmentminnesotawinona countynational guard +1 more

Ransomware

Cyberattack

Incident Response

Anodot Breach Leads to Supply Chain Attack on Snowflake Customers; ShinyHunters Claims Responsibility

HIGH

SaaS Vendor Anodot Breached; ShinyHunters Gang Uses Stolen Tokens to Attack Snowflake Customers

A security breach at Israeli AI analytics firm Anodot has resulted in a significant downstream supply chain attack targeting customers of the cloud data platform Snowflake. The 'ShinyHunters' extortion gang claimed responsibility on April 7, 2026, stating they leveraged stolen authentication tokens from Anodot's systems to gain unauthorized access to their customers' Snowflake instances. This allowed the attackers to bypass traditional defenses and steal data from multiple companies. High-profile victims, including Rockstar Games, have been named on the gang's leak site, with ransom demands issued to prevent the data from being published.

April 10, 2026

5 min read

supply chain attackshinyhuntersanodotsnowflakedata breach +2 more

Supply Chain Attack

Data Breach

Cloud Security

Google Issues Urgent Chrome Update to Patch 60 Flaws, Including Two Critical Bugs

CRITICAL

Google Chrome 147 Patches 60 Vulnerabilities, Including Two Critical RCE Flaws

Google has released an urgent security update for its Chrome browser, version 147, patching a total of 60 vulnerabilities. The update, announced around April 9, 2026, addresses two critical flaws, CVE-2026-5858 (a heap buffer overflow) and CVE-2026-5859 (an integer overflow), both in Chrome's WebML component. These vulnerabilities could be exploited for remote code execution, and Google awarded researchers a combined $86,000 in bug bounties for their discovery. The update also fixes 14 high-severity flaws affecting components like WebRTC and the V8 JavaScript engine. Users are strongly advised to update their browsers immediately.

April 10, 2026

4 min read

google chromevulnerabilitypatch managementrcecve-2026-5858 +2 more

Google Issues Urgent Chrome Update to Patch 60 Flaws, Including Two Critical Bugs

Patch Management

Vulnerability

Updated Articles (1)

AI-Powered Attacks Now a Top Concern for 79% of IT Leaders, Armis Report Finds

INFORMATIONAL

Armis Report: Nearly 8 in 10 IT Leaders View AI-Powered Attacks as a Major Threat

Update:

A new Rapid7 report provides concrete data on the accelerating threat landscape, showing the median time from vulnerability disclosure to CISA KEV inclusion has plummeted from 8.5 to 5.0 days. The mean time-to-exploit also halved to 28.5 days. This acceleration is attributed to the industrialization of cybercrime and AI's role in rapidly generating exploits via binary diffing. This makes known, unpatched 'n-day' vulnerabilities a more significant and immediate threat than zero-days, putting immense pressure on organizations to automate and accelerate patching cycles to avoid compromise.

March 18, 2026

Updated: April 10, 2026

3 min read

AIArtificial IntelligenceCyberwarfareThreat LandscapeArmis +1 more

AI-Powered Attacks Now a Top Concern for 79% of IT Leaders, Armis Report Finds

Threat Intelligence

Policy and Compliance

📢 Share This Publication

Help others stay informed about cybersecurity threats