Critical Infrastructure Under Siege: ZionSiphon & Lotus Wiper Unleashed as Zero-Days and Bank Breaches Rock Global Networks

Kaspersky Identifies 'Lotus Wiper' in Destructive Campaign Against Venezuelan Energy and Utilities

Researchers from Kaspersky have uncovered 'Lotus Wiper,' a new data-wiping malware used in targeted attacks against Venezuela's energy and utilities sector. The malware is purely destructive, designed to render systems inoperable by erasing recovery mechanisms, overwriting drive contents, and deleting files. The attack chain involves batch scripts and the abuse of legitimate Windows utilities, indicating the threat actor's sole intent was to cause maximum disruption without any financial motive.

Wiper MalwareData DestructionVenezuelaEnergy SectorKaspersky +1 more

Destructive 'Lotus Wiper' Malware Strikes Venezuelan Energy Sector

Everest Ransomware Claims Attacks on Citizens and Frost Banks

Everest Ransomware Gang Targets Two Major US Banks, Threatens Data Leak

The Everest ransomware gang has listed two major U.S. financial institutions, Citizens Financial Group and Frost Bank, on its dark web leak site. The group claims to have stolen sensitive customer data, including Social Security numbers and financial details, and has threatened to release it. Citizens Bank confirmed a breach involving a third-party vendor, stating that while some customer information was involved, most of the data was masked. The full impact on Frost Bank remains unconfirmed.

RansomwareEverestBankingFinanceData Breach +1 more

Everest Ransomware Claims Attacks on Citizens and Frost Banks

'BRIDGE:BREAK' Vulnerabilities Expose Thousands of Serial-to-IP Converters

22 'BRIDGE:BREAK' Flaws Expose Lantronix and Silex Serial-to-IP Converters to RCE and Takeover

Researchers at Forescout have discovered 22 vulnerabilities, collectively named 'BRIDGE:BREAK,' in popular serial-to-IP converters from Lantronix and Silex. These devices, which bridge legacy OT/ICS equipment to modern IP networks, are affected by flaws that could lead to remote code execution, authentication bypass, and device takeover. With nearly 20,000 such devices exposed online, the vulnerabilities pose a significant risk to critical industries like manufacturing, healthcare, and energy.

VulnerabilityICSOTForescoutLantronix +2 more

4 min read

'BRIDGE:BREAK' Vulnerabilities Expose Thousands of Serial-to-IP Converters

Ransomware Negotiator Admits to Conspiring with BlackCat Gang

Former Ransomware Negotiator Pleads Guilty to Aiding BlackCat, Betraying Clients

Angelo Martino, a former ransomware negotiator, has pleaded guilty to conspiring with the notorious BlackCat (ALPHV) ransomware gang. Martino abused his position at a crypto brokerage firm, using his insider knowledge of his clients' negotiating strategies and insurance limits to help BlackCat maximize their extortion demands. He also conspired to deploy ransomware against victims, leading to multi-million dollar ransom payments. Law enforcement has seized $10 million in illicit proceeds.

Insider ThreatBlackCatALPHVRansomwareCybercrime +1 more

Ransomware Negotiator Admits to Conspiring with BlackCat Gang

Google Patches Critical Prompt Injection Flaw in Antigravity IDE

Google Patches Code Execution Flaw in Antigravity IDE Enabled by Prompt Injection

Google has patched a critical vulnerability in its Antigravity IDE, an AI-powered development environment. The flaw allowed a prompt injection attack to achieve arbitrary code execution, bypassing the IDE's security sandbox. Researchers found that by injecting a specific flag into a file search tool, an attacker could trick the IDE into executing a malicious binary, highlighting the emerging security challenges in securing agentic AI systems.

AI SecurityPrompt InjectionGoogleVulnerabilityRCE +1 more

4 min read

Google Patches Critical Prompt Injection Flaw in Antigravity IDE

Fake 'TradingClaw' Website Spreads 'Needle Stealer' Malware

MEDIUM

Fake 'TradingClaw' AI Trading Tool Website Used as Lure to Distribute 'Needle Stealer' Malware

A malware campaign is using a sophisticated lure—a fake website for an AI trading tool called 'TradingClaw'—to distribute 'Needle Stealer,' a potent info-stealing malware. The malware aims to harvest sensitive data from victims, including browser data, login sessions, and cryptocurrency wallets. The campaign uses DLL hijacking for evasion and a C2 panel with features planned for more advanced phishing, indicating an evolving threat to users in the financial trading and crypto spaces.

MalwareInfoStealerNeedle StealerCryptocurrencyPhishing +1 more

Fake 'TradingClaw' Website Spreads 'Needle Stealer' Malware

ENISA Updates Framework for National Cybersecurity Assessment

INFORMATIONAL

ENISA Releases NCAF 2.0 to Help EU Member States Assess National Cybersecurity Maturity

The European Union Agency for Cybersecurity (ENISA) has released version 2.0 of its National Capabilities Assessment Framework (NCAF). The updated framework and online tool provide a methodology for EU member states to assess the maturity of their National Cybersecurity Strategies (NCSS). Aligned with the new NIS2 Directive, NCAF 2.0 aims to help national authorities identify strengths, gaps, and priorities, thereby fostering a higher common level of cybersecurity across the EU.

ENISAEUNIS2PolicyCompliance +1 more

4 min read

ENISA Updates Framework for National Cybersecurity Assessment

Updated Articles (5)

Microsoft's Massive April Patch Tuesday Fixes Actively Exploited SharePoint Zero-Day and 164 Other Flaws

CRITICAL

Microsoft Issues Patches for Actively Exploited SharePoint Zero-Day (CVE-2026-32201) in Massive April 2026 Update

The new article focuses exclusively on CVE-2026-32201, providing a detailed breakdown of its attack vector, complexity, and user interaction. It offers more specific hunting hints, such as monitoring `/wsa.asmx` or `/wsb.asmx` endpoints and file modifications, and clarifies that SharePoint Online is not affected. This deeper dive into the single critical vulnerability enhances understanding of its exploitation and detection, without changing the overall severity of the incident.

April 16, 2026

Patch TuesdayZero-DaySharePointRemote Code ExecutionSpoofing +2 more

Microsoft's Massive April Patch Tuesday Fixes Actively Exploited SharePoint Zero-Day and 164 Other Flaws

Actively Exploited Microsoft Defender Zero-Days 'RedSun' and 'UnDefend' Remain Unpatched

CRITICAL

Three Microsoft Defender Zero-Days—BlueHammer, RedSun, and UnDefend—Actively Exploited in the Wild After Researcher's Public Leak

New reports from Huntress confirm that all three Microsoft Defender zero-days (BlueHammer, RedSun, UnDefend) are actively exploited in the wild. While BlueHammer's exploitation was noted by April 10, proof-of-concept exploits for RedSun (LPE) and UnDefend (DoS) were observed being used by threat actors as early as April 16, 2026. This reinforces the immediate threat posed by these unpatched vulnerabilities, allowing attackers to escalate privileges and disable Defender updates on Windows systems.

April 18, 2026

ZeroDayLPEPrivilege EscalationMicrosoft DefenderWindows +1 more

6 min read

Actively Exploited Microsoft Defender Zero-Days 'RedSun' and 'UnDefend' Remain Unpatched

ShinyHunters Breach at Canada Life Exposes Data of 70,000 Customers

Canada Life Confirms Cyberattack by ShinyHunters, 70,000 Individuals Impacted

Further analysis of the Canada Life data breach confirms the incident's timeline, with Canada Life officially acknowledging unauthorized access on April 21, 2026, following ShinyHunters' dark web claims on April 17. The exposed personal information now explicitly includes dates of birth and gender, in addition to names, addresses, and income levels, slightly increasing the risk of identity theft. Technical analysis also highlights the likely role of phishing (T1566) and the lack of Multi-Factor Authentication as key enabling factors, alongside potential data exfiltration from cloud storage (T1530). New detection and mitigation strategies are also suggested.

April 21, 2026

Canada LifeShinyHuntersdata breachextortioninsurance +2 more

6 min read

ShinyHunters Breach at Canada Life Exposes Data of 70,000 Customers

Vercel Hit by Supply Chain Attack; ShinyHunters Claims Responsibility, Demands $2M

Vercel Confirms Supply Chain Attack Originating from Compromised Third-Party AI Tool, Context.ai

Vercel's ongoing investigation into the supply chain attack has confirmed that a limited subset of customer credentials were compromised. In response, Vercel is actively collaborating with industry partners including Microsoft, GitHub, and npm to conduct further checks and ensure comprehensive mitigation. Additionally, law enforcement has been notified regarding the incident. The attacker's sophistication, marked by their operational velocity and detailed understanding of Vercel's systems, continues to be a key aspect of the breach.

April 18, 2026

OAuthSupply ChainCloud SecurityAI SecurityCredential Theft +1 more

6 min read

Vercel Hit by Supply Chain Attack; ShinyHunters Claims Responsibility, Demands $2M

EU Proposes 'Cybersecurity Act 2.0' to Counter Hybrid Threats and Regulate ICT Suppliers

INFORMATIONAL

European Commission Unveils "Cybersecurity Act 2.0" to Bolster EU Resilience

The European Union Agency for Cybersecurity (ENISA) has launched version 2.0 of its National Capabilities Assessment Framework (NCAF). This updated framework and online tool provide a structured methodology for EU member states to evaluate the maturity of their National Cybersecurity Strategies (NCSS). Closely aligned with the NIS2 Directive, NCAF 2.0 assists national authorities in identifying strengths, gaps, and priorities, thereby promoting a consistent and higher level of cybersecurity capability across the EU. While voluntary, it serves as a practical tool for demonstrating progress towards NIS2 requirements, supporting incident response, risk management, and supply chain security.

April 20, 2026