[{"data":1,"prerenderedAt":166},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-13":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-13","Major Supply Chain Breaches at Rockstar Games and Dutch Hospitals; Regulators Scrutinize AI Cyber Risks","A wave of significant cyber incidents over the past 24 hours highlights the increasing threat of supply chain attacks and critical vulnerabilities. Gaming giant Rockstar Games confirmed a breach by the ShinyHunters group via a third-party cloud vendor. In Europe, a ransomware attack on healthcare software provider ChipSoft crippled Dutch hospitals, while fitness chain Basic-Fit exposed data for one million members. Meanwhile, US and UK financial regulators are holding urgent talks over the systemic risks posed by a powerful new AI model from Anthropic capable of autonomous vulnerability exploitation. Concurrently, Adobe and Apache have patched actively exploited zero-day and critical vulnerabilities, demanding immediate action from administrators worldwide.","2026-04-13",9,[10,35,60,77,95,108,122,138,153],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":25,"createdAt":29,"updatedAt":30,"readingTime":31,"isUpdate":32,"updateSummary":33,"updateContent":34},"5b361541-78a4-42fe-9277-6d3b03f8c6ae","qilin-ransomware-targets-german-political-party-die-linke","Qilin Ransomware Attacks German Party Die Linke, Threatens Data Leak","Qilin Ransomware Claims Attack on German Political Party \"Die Linke,\" Hinting at Political Motivation","high","The Russia-speaking Qilin ransomware group has claimed responsibility for a cyberattack against the German political party Die Linke. The attack, detected on March 26, prompted the party to shut down parts of its IT infrastructure. Qilin is now threatening to publish stolen internal documents and employee data on its dark web leak site. While the main membership database was not compromised, Die Linke has suggested the attack may be politically motivated and part of a broader hybrid warfare campaign, not just a random criminal act.",[18,19,20,21,22,23,24],"Qilin","ransomware","Die Linke","Germany","political party","hybrid warfare","data leak",[26,27,28],"Ransomware","Threat Actor","Cyberattack","2026-04-06T15:00:00.000Z","2026-04-13T12:00:00.000Z",5,true,"New report highlights Qilin as March's most active ransomware, detailing specific TTPs like cloud exfiltration and emphasizing political/personnel risks for Die Linke.","This update provides additional context on the Qilin ransomware group, noting its identification as the most active ransomware operation in March 2026. It elaborates on specific TTPs, including data exfiltration to cloud storage (T1041) and the use of valid accounts for privilege escalation and lateral movement (T1078). The report further emphasizes the potential for significant political damage and increased risks to personnel due to the threatened data leak, beyond just operational disruption. It also integrates additional D3FEND techniques for detection and mitigation strategies.",{"id":36,"slug":37,"headline":38,"title":39,"severity":40,"excerpt":41,"tags":42,"categories":50,"createdAt":54,"updatedAt":55,"readingTime":56,"cves":57,"isUpdate":32,"updateSummary":58,"updateContent":59},"b81c4c0c-935e-4b66-8d6b-3904e5452ddd","anthropic-claude-mythos-ai-discovers-zero-day-vulnerabilities","Anthropic's \"Claude Mythos\" AI Discovers Thousands of Zero-Days, Public Release Withheld Over Security Risks","Anthropic's 'Claude Mythos' AI Uncovers Thousands of Critical Vulnerabilities, Prompting Unprecedented Defensive Coalition with Big Tech","critical","Artificial intelligence firm Anthropic has announced that its unreleased frontier model, 'Claude Mythos Preview,' has autonomously discovered thousands of high-severity zero-day vulnerabilities in major operating systems and software. Due to the immense security risks, the model is being withheld from public release. Instead, Anthropic has launched 'Project Glasswing,' a coalition with tech giants including Amazon Web Services, Apple, Google, and Microsoft, to use the AI for defensive purposes to secure critical software. The model has already identified decades-old flaws, including a critical remote code execution vulnerability (CVE-2026-4747) in FreeBSD's NFS server, fundamentally altering the landscape of vulnerability discovery.",[43,44,45,46,47,48,49],"AI","Artificial Intelligence","Zero-Day","Vulnerability Discovery","Project Glasswing","Anthropic","CVE-2026-4747",[51,52,53],"Threat Intelligence","Vulnerability","Other","2026-04-09T15:00:00.000Z","2026-04-13T00:00:00.000Z",6,[49],"Financial regulators in the UK and US are urgently assessing the systemic cybersecurity risks posed by Anthropic's 'Claude Mythos' AI, holding meetings with major banks to address potential disruption to global financial IT infrastructure.","Top financial regulators in the UK (Bank of England, FCA, NCSC) and US (Treasury, Federal Reserve) are urgently assessing the systemic cybersecurity risks posed by Anthropic's 'Claude Mythos' AI. High-level meetings with major banks are underway to address potential widespread disruption to global financial IT infrastructure. This development highlights the dual-use nature of the AI, raising alarms about its potential weaponization and the need for new regulatory frameworks and defensive strategies to counter AI-powered cyber threats. The perceived threat has escalated to a point where it is considered a systemic risk to the global financial system.",{"id":61,"slug":62,"headline":63,"title":64,"severity":40,"excerpt":65,"tags":66,"categories":72,"createdAt":54,"updatedAt":55,"readingTime":31,"cves":73,"cvssScore":74,"isUpdate":32,"updateSummary":75,"updateContent":76},"62f4640b-ee48-4664-9553-abc33f139b2a","cisa-adds-critical-ivanti-epmm-flaw-to-kev-catalog","CISA Mandates Federal Agencies Patch Actively Exploited Ivanti EPMM Flaw by April 11","CISA Adds Critical Ivanti EPMM Code Injection Flaw (CVE-2026-1340) to Known Exploited Vulnerabilities Catalog","The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score of 9.8, allows for unauthenticated remote code execution and is confirmed to be actively exploited in the wild. CISA has issued a directive requiring all federal civilian agencies to apply patches by April 11, 2026, and strongly urges all organizations using the affected product to remediate immediately.",[67,68,69,70,52,71,45],"CISA","KEV","Ivanti","CVE-2026-1340","Patch Management",[52,71,28],[70],9.8,"CISA and Check Point confirm ongoing active exploitation of Ivanti EPMM (CVE-2026-1340), affecting versions 12.5-12.7, urging immediate patching and compromise hunting.","CISA, alongside Check Point Research, has re-emphasized the active exploitation of CVE-2026-1340 in Ivanti EPMM, specifically impacting versions 12.5 through 12.7. This critical code injection flaw allows unauthenticated remote code execution. Given Ivanti products' history as targets for sophisticated threat actors, organizations are urged to patch immediately and assume potential compromise. New, detailed cyber observables for detection, including specific process monitoring and network traffic patterns, have been provided to aid in identifying and mitigating post-exploitation activity. The update reinforces the need for thorough compromise hunting.",{"id":78,"slug":79,"headline":80,"title":81,"severity":15,"excerpt":82,"tags":83,"categories":89,"createdAt":93,"updatedAt":93,"readingTime":31,"isUpdate":94},"eceb1dc5-2b06-4372-9d8c-cb86277a1f24","basic-fit-data-breach-exposes-member-personal-and-financial-details","Massive Basic-Fit Data Breach Exposes Personal and Financial Data of 1 Million Members","European Fitness Chain Basic-Fit Suffers Major Data Breach Affecting One Million Members","Basic-Fit, Europe's largest fitness chain, has admitted to a massive data breach affecting approximately one million members across several European countries. The compromised data includes sensitive personal information such as full names, addresses, phone numbers, and bank account details. The attack targeted the system used for member visit registration. While the company claims its monitoring tools detected and stopped the intrusion 'within minutes,' the attackers had already exfiltrated a large volume of data. Basic-Fit has notified the Dutch Data Protection Authority and is in the process of informing affected members, who now face a significant risk of targeted phishing campaigns and financial fraud.",[84,85,86,87,88],"PII","GDPR","financial fraud","phishing","Netherlands",[90,91,92],"Data Breach","Phishing","Regulatory","2026-04-13T15:00:00.000Z",false,{"id":96,"slug":97,"headline":98,"title":99,"severity":100,"excerpt":101,"tags":102,"categories":106,"createdAt":93,"updatedAt":93,"readingTime":31,"isUpdate":94},"3cd01b25-763c-4751-9e03-c09468631770","booking-com-notifies-customers-of-reservation-data-breach","Booking.com Warns Customers of Data Breach Exposing Reservation Details and Personal Info","Booking.com Notifies Customers of Data Breach Affecting Reservation Details","medium","Online travel giant Booking.com has confirmed a data breach, notifying an undisclosed number of customers that their personal and reservation data were accessed by unauthorized parties. The compromised information includes names, contact details, addresses, and specific booking details, including any notes shared with accommodation providers. The company has stated that financial data and customer accounts were not compromised. In response, Booking.com has reset the PINs for all affected reservations. While the company claims the issue is 'fully contained,' this incident exposes customers to a significant risk of highly convincing and targeted phishing attacks, as criminals can use the detailed booking information to craft credible scams.",[87,103,104,84,105],"travel industry","supply chain","Booking.com",[90,91,107],"Supply Chain Attack",{"id":109,"slug":110,"headline":111,"title":112,"severity":113,"excerpt":114,"tags":115,"categories":121,"createdAt":93,"updatedAt":93,"readingTime":31,"isUpdate":94},"a8930b97-ec58-4968-be2b-bcbf8da0be8e","three-ransomware-gangs-behind-40-percent-of-march-attacks","Ransomware Market Consolidation: Qilin, Akira, and DragonForce Dominate March 2026 Attacks","Check Point Report: Three Ransomware Gangs Account for 40% of All Attacks in March 2026","informational","The ransomware ecosystem is showing significant consolidation, with a new report from Check Point revealing that just three groups—Qilin, Akira, and DragonForce—were responsible for 40% of all publicly claimed attacks in March 2026. Qilin led the pack, accounting for 20% of incidents, followed by Akira at 12% and DragonForce at 8%. This concentration of power in a few highly active Ransomware-as-a-Service (RaaS) and 'cartel' operations highlights a trend towards more organized and impactful threat groups, even as the total number of active gangs remains high. The report underscores the continued focus on high-value sectors like business services and manufacturing.",[116,117,118,119,120],"RaaS","ransomware trends","market consolidation","threat report","Check Point",[26,51,27],{"id":123,"slug":124,"headline":125,"title":126,"severity":40,"excerpt":127,"tags":128,"categories":135,"createdAt":93,"updatedAt":93,"readingTime":31,"cves":136,"isUpdate":94},"10a6df2b-c9c3-4823-8915-f77d25809ec7","critical-rce-vulnerability-in-apache-activemq-under-active-exploitation","Critical 13-Year-Old RCE Flaw in Apache ActiveMQ (CVE-2026-34197) Actively Exploited","Unauthenticated RCE Possible in Apache ActiveMQ by Chaining New and Old Vulnerabilities","A critical remote code execution (RCE) vulnerability, CVE-2026-34197, has been discovered in Apache ActiveMQ Classic and is under active exploitation. The flaw, which has reportedly existed for 13 years, allows an authenticated attacker to execute arbitrary code by abusing the Jolokia JMX-HTTP bridge. The risk is severely amplified as this flaw can be chained with a separate vulnerability, CVE-2024-32114, which removes authentication requirements from the API endpoint, allowing for unauthenticated RCE. Apache has released patches, and administrators are urged to update immediately to versions 6.2.3 or 5.19.4 to prevent system compromise.",[129,130,131,132,133,134],"RCE","Apache","ActiveMQ","Jolokia","zero-day","CVE-2026-34197",[52,71,28],[134,137],"CVE-2024-32114",{"id":139,"slug":140,"headline":141,"title":142,"severity":40,"excerpt":143,"tags":144,"categories":150,"createdAt":93,"updatedAt":93,"readingTime":152,"isUpdate":94},"f22878ff-c26f-4a0e-bd79-2227abc3a293","los-angeles-police-department-reports-major-data-breach-of-storage-system","Massive 7.7TB Data Breach Hits LAPD, Exposing Sensitive Officer and Internal Affairs Files","Los Angeles Police Department Reports Major Data Breach of Storage System","The Los Angeles Police Department (LAPD) has suffered a colossal data breach involving a digital storage system used by the L.A. City Attorney's Office. The breach exposed an enormous 7.7 terabytes of data, encompassing over 337,000 files. The compromised information is highly sensitive, including unredacted personal information of LAPD officers, confidential personnel records, and internal affairs materials. The exposure of this data poses a grave risk to officer safety, the integrity of ongoing investigations, and public trust. The cause of the breach and the responsible threat actor are currently unknown.",[145,146,147,84,148,149],"data breach","LAPD","law enforcement","insider threat","misconfiguration",[90,92,151],"Security Operations",4,{"id":154,"slug":155,"headline":156,"title":157,"severity":15,"excerpt":158,"tags":159,"categories":165,"createdAt":93,"updatedAt":93,"readingTime":152,"isUpdate":94},"1202ccc6-1b58-480e-8f73-90afc8901a30","bitcoin-depot-discloses-cyberattack-resulting-in-3-6m-cryptocurrency-theft","Bitcoin Depot Loses $3.6M in Crypto After Attackers Steal Settlement Account Credentials","Cyberattack on Bitcoin Depot Results in Theft of Over 50 BTC Worth $3.6 Million","Bitcoin Depot, a major US operator of cryptocurrency ATMs, has disclosed a cyberattack that resulted in the theft of more than 50 Bitcoin (BTC), valued at over $3.6 million. According to the company, threat actors managed to steal credentials linked to its digital asset settlement accounts. Using these credentials, the attackers transferred the cryptocurrency out of the company's wallets. Bitcoin Depot stated it was able to block the attackers' access, preventing further losses. The incident highlights the persistent and lucrative nature of targeting cryptocurrency firms, where a single credential compromise can lead to immediate and irreversible financial loss.",[160,161,162,163,164],"cryptocurrency","Bitcoin","theft","credential stuffing","fintech",[28,90,53],1776260666154]