Microsoft Defender Zero-Day Exploited in the Wild; Vercel Hit by Supply Chain Attack; AI-Discovered Vulnerabilities Surge

Luxury Cosmetics Brand Rituals Confirms Data Breach Affecting 'My Rituals' Loyalty Program Members

Amsterdam-based luxury cosmetics company Rituals has confirmed a data breach impacting members of its 'My Rituals' loyalty program, which has over 40 million members. The company began notifying affected customers on April 22, 2026, after discovering the incident earlier in the month. Compromised data includes full names, addresses, phone numbers, email addresses, dates of birth, and gender. Rituals has assured customers that no passwords or financial information were exposed. The company has contained the breach, reported it to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), and is working with external security specialists to monitor for the data's appearance on the dark web. Customers are advised to be cautious of potential phishing attacks leveraging their stolen personal information.

Data BreachPIIRetailGDPRPhishing +1 more

4 min read

Data Breach

Phishing

UK Biobank Breach: Health Data of 500,000 Volunteers Found for Sale on Alibaba

UK Biobank Suffers Massive Data Breach; De-Identified Health Records of 500,000 Volunteers Leaked by Chinese Research Partners

The UK government has confirmed a severe data breach involving the UK Biobank, where de-identified but confidential health data from all 500,000 of its volunteers was listed for sale on e-commerce platforms owned by Alibaba. The breach originated from three Chinese research institutions that had legitimately downloaded the data for research purposes but subsequently leaked it. The UK government worked with Chinese authorities and Alibaba to remove the listings. While the data did not include direct identifiers like names or full addresses, the incident represents a major breach of trust and a failure of data governance by a trusted research partner. In response, UK Biobank has revoked access for the responsible institutions and temporarily suspended its entire research platform to implement stricter security controls, including restrictions on data downloads.

Data LeakSupply ChainHealthcare DataUK BiobankData Governance +1 more

UK Biobank Breach: Health Data of 500,000 Volunteers Found for Sale on Alibaba

Data Breach

Supply Chain Attack

Policy and Compliance

UK's NCSC Launches 'SilentGlass' Hardware to Block HDMI-Based Cyber Espionage

INFORMATIONAL

NCSC Develops 'SilentGlass' Hardware to Thwart Cyberattacks via HDMI and DisplayPort Connections

The UK's National Cyber Security Centre (NCSC) has developed a new hardware device called 'SilentGlass' to protect against cyberattacks transmitted through video display cables. Unveiled at the CYBERUK conference, the plug-and-play device secures HDMI and DisplayPort connections by ensuring only the video signal is transmitted, actively blocking any malicious or unexpected data. The NCSC highlighted that monitors are an attractive target as they can process and store sensitive data, yet their interfaces are often overlooked as a security boundary. The technology, already deployed in UK government systems, has been licensed to UK firm Goldilock Labs for global manufacturing and distribution in partnership with Sony UK Technology Centre, making high-assurance security available to commercial businesses.

Hardware SecurityNCSCData DiodeCyber EspionageHDMI +1 more

4 min read

UK's NCSC Launches 'SilentGlass' Hardware to Block HDMI-Based Cyber Espionage

Security Operations

Industrial Control Systems

Ransomware Shifts to Infrastructure: 73% of Attacks Exploit VPNs, At-Bay Reports

Akira Ransomware Dominates as Attackers Increasingly Target VPNs and Core Infrastructure, New Report Finds

A new report from cyber insurance provider At-Bay reveals a dramatic shift in ransomware tactics, with attackers increasingly targeting core infrastructure like Virtual Private Networks (VPNs). The report, based on over 6,500 claims, found that a staggering 73% of ransomware incidents in 2025 initiated through a compromised VPN, a figure that has nearly doubled in two years. The Akira ransomware group was a major driver of this trend, accounting for over 40% of claims in At-Bay's dataset and heavily targeting SonicWall VPN appliances. The average ransom demand from Akira was $1.2 million, 50% higher than other groups. The report also highlights that smaller businesses were disproportionately affected and that technical controls like EDR alone were often insufficient, emphasizing the need for 24/7 managed detection and response (MDR).

RansomwareAkiraVPNSonicWallThreat Report +1 more

Ransomware

Vulnerability

CrowdStrike's 'Project QuiltWorks' Unites Industry to Tackle AI-Driven Vulnerability Surge

INFORMATIONAL

CrowdStrike Launches Project QuiltWorks Coalition with OpenAI and Anthropic to Address AI-Discovered Vulnerabilities

CrowdStrike has launched 'Project QuiltWorks,' a new industry coalition designed to address the security risks arising from the accelerated discovery of software vulnerabilities by frontier AI models. Recognizing that models like those from OpenAI and Anthropic can find bugs at an unprecedented rate, the initiative brings together AI developers, cybersecurity leaders, and systems integrators to create a structured approach for remediation. Key partners include OpenAI, Anthropic, Accenture, EY, and IBM Cybersecurity Services. As part of the project, CrowdStrike is also launching a 'Frontier AI Readiness and Resilience Service' to provide expert-led assessments and guided remediation for customers, helping them determine their exposure to these newly found flaws.

AICrowdStrikeOpenAIAnthropicVulnerability Management +1 more

4 min read

CrowdStrike's 'Project QuiltWorks' Unites Industry to Tackle AI-Driven Vulnerability Surge

Security Operations

Policy and Compliance

Major US Cement Producer Taps Aria Cybersecurity to Protect Critical Plant Operations

MEDIUM

Aria Cybersecurity Deploys AZT PROTECT™ Solution to Secure OT Environments for Leading US Cement Producer

Aria Cybersecurity, a business unit of CSPi, has announced an agreement to deploy its AZT PROTECT™ solution to secure the critical operational technology (OT) environments of a major, unnamed US cement producer. The cement industry is considered a high-value target for cyberattacks, including state-sponsored ransomware. The deployment follows successful lab testing and a plant pilot, where the solution demonstrated its ability to 'lock down' critical systems by preventing any unauthorized or malicious executables from running. A key feature for the selection was AZT PROTECT's ability to operate effectively without an internet connection or constant updates, making it ideal for protecting sensitive and often isolated OT systems from threats like unpatched vulnerabilities.

OT SecurityICS SecurityCritical InfrastructureApplication WhitelistingAria Cybersecurity +1 more

Major US Cement Producer Taps Aria Cybersecurity to Protect Critical Plant Operations

Industrial Control Systems

Cyberattack

Security Operations

Updated Articles (4)

Anthropic's 'Mythos' AI Deemed Too Dangerous for Public Release After Finding Novel Exploits

INFORMATIONAL

Anthropic's New AI 'Mythos' Deemed Too Dangerous for Public Release

New information reveals Anthropic's 'Mythos' AI can autonomously discover zero-day vulnerabilities, generate functional exploits, and execute multi-stage cyberattacks, significantly escalating its threat profile. Concerns are heightened by reports of potential unauthorized access to the model through a third-party contractor, raising alarms about the containment and governance of this powerful AI system. This development accelerates the timeline for AI-driven attacks and underscores the urgent need for AI-native defenses. Project Glasswing now includes partners like Goldman Sachs.

April 12, 2026

AIAnthropicMythosArtificial IntelligenceVulnerability Research +2 more

Anthropic's 'Mythos' AI Deemed Too Dangerous for Public Release After Finding Novel Exploits

Policy and Compliance

Other

Actively Exploited Microsoft Defender Zero-Days 'RedSun' and 'UnDefend' Remain Unpatched

CRITICAL

Three Microsoft Defender Zero-Days—BlueHammer, RedSun, and UnDefend—Actively Exploited in the Wild After Researcher's Public Leak

The CISA has added CVE-2026-33825 (BlueHammer), a critical Microsoft Defender privilege escalation vulnerability, to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by May 6, 2026. This confirms active, in-the-wild exploitation. New technical details reveal the exploit leverages a TOCTOU race condition to dump the SAM database for credential access, with initial access often gained via compromised FortiGate SSL VPNs. One observed attack originated from a Russian IP. The specific patch version is 4.18.26050.3011 or later. While the existing article noted BlueHammer was patched, this update highlights its continued critical threat due to confirmed active exploitation and government mandate.

April 18, 2026

ZeroDayLPEPrivilege EscalationMicrosoft DefenderWindows +1 more

6 min read

Actively Exploited Microsoft Defender Zero-Days 'RedSun' and 'UnDefend' Remain Unpatched

Vulnerability

Cyberattack

Threat Actor

Vercel Breach: Supply Chain Attack via AI Tool Exposes Customer Credentials

Vercel Discloses Security Breach Originating from Compromised Third-Party AI Tool, Context.ai

This update provides a more in-depth technical analysis of the Vercel supply chain attack, including expanded MITRE ATT&CK mappings (T1199, T1550.001, T1528, T1069.003, T1530) and new 'Cyber Observables' for hunting OAuth abuse. It also reinforces mitigation strategies with D3FEND techniques (D3-UAP, D3-SPP) for better third-party app governance and secret management. The article emphasizes the importance of using sensitive environment variables and regular OAuth app auditing to prevent similar incidents.

April 19, 2026

Supply Chain AttackOAuthCloud SecurityData BreachEnvironment Variables +1 more

Supply Chain Attack

Data Breach

Cloud Security

Unit 42: Frontier AI Models Can Autonomously Find Zero-Days, Posing Major Threat to Software Security

Fracturing Software Security With Frontier AI Models

Palo Alto Networks' Unit 42 has released new research demonstrating the practical application of AI in offensive cloud operations. Their 'Zealot' multi-agent AI system autonomously executed a multi-stage attack against a Google Cloud Platform (GCP) sandbox. The attack chained an SSRF vulnerability to steal service account credentials from the instance metadata service, then impersonated the account to access and exfiltrate data from Google BigQuery. This research proves that AI can act as a potent 'force multiplier' for existing cloud misconfigurations, shifting the threat of AI-driven attacks from theoretical to a tangible, present-day concern for cloud users. It provides specific TTPs, hunting hints, and mitigation strategies tailored for cloud environments, emphasizing the need for immediate strategic adjustments in defense.

April 20, 2026

AIArtificial IntelligenceZero-DayN-DayVulnerability Research +4 more

8 min read

Unit 42: Frontier AI Models Can Autonomously Find Zero-Days, Posing Major Threat to Software Security