Daily Digest

Vercel Supply Chain Attack, Actively Exploited Microsoft Defender Zero-Days, and Iranian Threats to US Infrastructure Dominate Headlines

Vercel Supply Chain Attack, Actively Exploited Microsoft Defender Zero-Days, and Iranian Threats to US Infrastructure Dominate Headlines

April 18, 2026
3 articles (3 new)
10 min read

Summary

This period's cybersecurity landscape is marked by high-stakes incidents, including a sophisticated supply chain attack on Vercel via a third-party AI tool, active exploitation of multiple Microsoft Defender zero-days, and a stark warning from U.S. agencies about escalating Iranian cyberattacks on critical infrastructure. Other major events include a massive Patch Tuesday from Microsoft addressing 164 CVEs, a supply chain compromise of the popular Axios NPM package by North Korean actors, and significant data breaches at McGraw Hill and Amtrak, highlighting persistent threats across software development, cloud services, and public sectors.

Filter by Category

New Articles (3)

Vercel Hit by Supply Chain Attack; ShinyHunters Claims Responsibility, Demands $2M

HIGH

Vercel Confirms Supply Chain Attack Originating from Compromised Third-Party AI Tool, Context.ai

Cloud platform Vercel has confirmed a security breach stemming from a supply chain attack involving the compromise of a third-party AI tool, Context.ai. Attackers exploited a Vercel employee's Google Workspace account via a compromised OAuth token, gaining access to internal systems and non-sensitive environment variables. The threat actor group ShinyHunters has claimed responsibility for the attack, offering stolen Vercel data, including source code and access keys, for $2 million on a hacking forum. Vercel has stated that only a limited subset of customers were affected and has engaged Mandiant for incident response.

April 18, 2026
6 min read
OAuthSupply ChainCloud SecurityAI SecurityCredential Theft +1 more
Vercel Hit by Supply Chain Attack; ShinyHunters Claims Responsibility, Demands $2M

New 'ZionSiphon' Malware Specifically Targets Israeli Water Infrastructure for Sabotage

HIGH

ZionSiphon: New OT Malware Discovered Targeting Israeli Water Treatment and Desalination Facilities

Security researchers have analyzed ZionSiphon, a new malware strain specifically engineered to target Israeli water infrastructure. The malware, which explicitly references Israel's national water company and major desalination plants, combines data exfiltration and reconnaissance features with capabilities designed for sabotage of industrial control systems (ICS). ZionSiphon can propagate via USB drives to infect air-gapped networks and contains logic to tamper with critical processes like chlorine levels and water pressure, highlighting a dangerous trend of politically motivated attacks on critical OT environments.

April 18, 2026
7 min read
MalwareICSOTSCADAIsrael +2 more
New 'ZionSiphon' Malware Specifically Targets Israeli Water Infrastructure for Sabotage

UAC-0247 Espionage Campaign Targets Ukrainian Government and Healthcare with Data-Stealing Malware

HIGH

CERT-UA Warns of UAC-0247 Cyber-Espionage Campaign Targeting Government and Healthcare in Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing cyber-espionage campaign by the threat actor UAC-0247. Active since March 2026, the campaign targets Ukrainian government bodies and healthcare facilities with phishing emails. The attack uses a multi-stage infection chain involving LNK and HTA files to deploy a data-stealing payload that injects into legitimate processes like RuntimeBroker.exe. The malware, similar to the RAVENSHELL backdoor, is designed to exfiltrate data from web browsers and the WhatsApp desktop application.

April 18, 2026
6 min read
EspionageUkraineUAC-0247CERT-UAPhishing +2 more
UAC-0247 Espionage Campaign Targets Ukrainian Government and Healthcare with Data-Stealing Malware

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.