Vercel Hit by Supply Chain Attack, New Microsoft Defender Zero-Day Disclosed, and Ransomware Surges Globally

Shinyhunters Ransomware Group Claims Attacks on Zara and Aman Resorts, Threatens Data Leak

The Shinyhunters ransomware group has resurfaced, claiming responsibility for cyberattacks against luxury hotel chain Aman Resorts and global fashion retailer Zara. On April 19, 2026, the group alleged it had stolen over 500,000 Salesforce records containing PII from Aman Resorts and compromised Zara's Google BigQuery data, attributing the latter to a vulnerability in the Anodot.com platform. Shinyhunters has issued a 'Pay or Leak' ultimatum to both companies, setting an April 21 deadline to establish contact before the allegedly stolen data is published. These claims, if verified, represent significant data breaches at two major international brands.

ShinyhuntersRansomwareData BreachSalesforceBigQuery +1 more

Ransomware

Threat Actor

Investigation Launched into P3 Global Intel Breach Exposing 8 Million+ Sensitive Law Enforcement Tips

CRITICAL

Law Firm Investigates P3 Global Intel Data Breach Affecting Law Enforcement Tips

The law firm Edelson Lechtzin LLP has initiated an investigation into a massive data breach at P3 Global Intel, a cloud platform used by law enforcement and schools for managing anonymous safety tips. The breach, which reportedly occurred around March 18, 2026, involved a hacker exfiltrating 93 GB of data, including over 8 million sensitive tip records. The compromised information could contain personal details of individuals named in the tips and potentially the informants themselves, placing them at high risk of identity theft, fraud, and physical harm. The law firm is exploring a class action lawsuit to seek remedies for those affected by this severe compromise of sensitive public safety data.

Data BreachLaw EnforcementPIICloud SecurityClass Action +1 more

Investigation Launched into P3 Global Intel Breach Exposing 8 Million+ Sensitive Law Enforcement Tips

Policy and Compliance

Regulatory

Germany Unmasks Key REvil and GandCrab Ransomware Suspects

MEDIUM

German Authorities Identify Suspects Believed to be Key Members of REvil and GandCrab Ransomware Gangs

German law enforcement has publicly identified two Russian nationals, Daniil Shchukin (alias 'UNKN') and Anatoly Kravchuk, as key figures in the notorious REvil and GandCrab ransomware operations. The pair is allegedly responsible for at least 24 attacks, extorting approximately $2.3 million and causing an estimated $40 million in damages. This public identification is part of a wider European effort to dismantle Russian cybercrime networks. While the REvil group was officially dismantled in 2021, many of its members remain at large, and legal proceedings in Russia against such suspects have reportedly stalled, highlighting the challenges of international cybercrime prosecution.

REvilGandCrabRansomwareCybercrimeLaw Enforcement +1 more

Threat Actor

Ransomware

Regulatory

Healthcare Breach: Aligned Orthopedic Partners Exposes SSNs, Medical and Financial Data

CRITICAL

Aligned Orthopedic Partners Discloses Data Breach Exposing Extensive Patient and Financial Data

Aligned Orthopedic Partners has begun notifying patients about a data breach that occurred in late 2025. An unauthorized actor had access to the healthcare provider's corporate email system for a full month, between November 16 and December 16, 2025. An investigation confirmed that a vast amount of sensitive patient data may have been exposed, including names, Social Security numbers, driver's license numbers, financial account details, and extensive Protected Health Information (PHI). The exposed PHI includes medical diagnoses, treatment information, prescriptions, and health insurance data. The company is now offering identity protection services to affected individuals.

Data BreachHealthcareHIPAAPHIPII +1 more

Healthcare Breach: Aligned Orthopedic Partners Exposes SSNs, Medical and Financial Data

Phishing

Regulatory

Sanctioned Crypto Exchange Grinex Halts Operations After $13.74M Hack

Sanctioned Crypto Exchange Grinex Halts Operations After $13.74M Hack, Blames Intelligence Agencies

Grinex, a Kyrgyzstan-based cryptocurrency exchange sanctioned by the U.S. and U.K., is suspending all operations following a hack that resulted in the theft of over $13.74 million. The attack, which occurred around April 15, 2026, saw thieves steal Tether (USDT) and immediately swap it for non-freezable assets like TRX and ETH to launder the funds. Blockchain analytics firms TRM Labs and Chainalysis tracked the 'frantic swapping' of assets to evade freezing. Grinex has controversially blamed the attack on Western intelligence agencies, claiming the sophistication points to a state-level actor aiming to undermine Russia's financial sovereignty. A related exchange, TokenSpot, was also hit in a smaller, simultaneous attack.

CryptocurrencyHackGrinexSanctionsTRM Labs +1 more

Sanctioned Crypto Exchange Grinex Halts Operations After $13.74M Hack

Cyberattack

Threat Intelligence

Ransomware Attacks Surge in Q2 2026, Black Nevas Group Leads Latest Wave

Ransomware Activity Remains High in Q2 2026 With 23 New Victims in 24 Hours

Real-time threat intelligence from PurpleOps indicates that ransomware attacks are continuing at an alarming pace in the second quarter of 2026. A total of 456 victims have been reported for the quarter so far, bringing the year-to-date total to 3,077. In a single 24-hour period, 23 new victims were posted on leak sites, with the Black Nevas ransomware group being the most active, claiming 9 of the attacks. Other active groups included CoinbaseCartel and Blackwater. The attacks were geographically widespread, hitting the United States, India, Turkey, and Germany, and targeted industries such as Manufacturing, Real Estate, and Healthcare, demonstrating the indiscriminate nature of these campaigns.

RansomwareThreat IntelligenceBlack NevasDouble ExtortionCyberattack

Ransomware

Threat Intelligence

Cyberattack

Cybersecurity Consulting Demand Surges as Cybercrime Losses Top $10.5 Trillion

INFORMATIONAL

Cybersecurity Consulting Demand Surges Amidst Rising Threats and Persistent Workforce Gaps

A new report highlights the surging demand for expert cybersecurity consulting services as businesses grapple with an increasingly hostile digital landscape and a persistent global talent shortage. With cybercrime losses estimated to have reached a staggering $10.5 trillion in 2025 and human error remaining a primary cause of breaches, organizations are shifting from a reactive to a proactive security posture. This has fueled the need for specialized expertise in areas like threat modeling, detection engineering, and strategic cyber resilience to ensure business survival and operational continuity in the face of inevitable attacks.

Cybersecurity ConsultingWorkforce GapCyber ResilienceThreat IntelligenceMSSP

4 min read

Cybersecurity Consulting Demand Surges as Cybercrime Losses Top $10.5 Trillion

Policy and Compliance

Security Operations

Threat Intelligence

Updated Articles (1)

Phishing Campaign Abuses Legitimate SimpleHelp RMM Tool via Fake DHL 'Shipment Arrived' Emails

Fake DHL Phishing Emails Drop SimpleHelp Remote Access Tool for Backdoor Access

Update:

New research reveals organized crime groups are leveraging legitimate RMM tools, including SimpleHelp, in a sophisticated campaign targeting the logistics sector. Attackers use phishing with VBS files and PowerShell to deploy multiple RATs like ScreenConnect, Pulseway, and SimpleHelp. A novel 'signing-as-a-service' technique is used for defense evasion. The primary objective is to facilitate physical cargo theft and payment diversion, leading to an estimated $6.6 billion in losses in North America. This significantly broadens the scope and impact of RMM tool abuse previously reported.

April 17, 2026

Updated: April 19, 2026