[{"data":1,"prerenderedAt":182},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-23":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-23","Microsoft Defender Zero-Day Exploited in the Wild; Vercel Hit by Supply Chain Attack; AI-Discovered Vulnerabilities Surge","This edition covers a critical period marked by the active exploitation of a Microsoft Defender zero-day vulnerability (CVE-2026-33825), granting attackers SYSTEM-level access. A sophisticated supply chain attack compromised the Vercel platform via a third-party AI tool, exposing internal systems. Concurrently, the cybersecurity landscape is grappling with the emergence of AI models like Anthropic's 'Mythos,' capable of autonomously discovering and exploiting zero-days, prompting industry-wide defensive coalitions. Other major incidents include significant data breaches at Rituals Cosmetics and the UK Biobank, and a new wiper malware targeting Venezuela's energy sector.","2026-04-23",10,[10,35,60,79,95,111,125,141,155,167],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":25,"createdAt":29,"updatedAt":30,"readingTime":31,"isUpdate":32,"updateSummary":33,"updateContent":34},"fda90804-187b-43f6-a27d-489af6ae377b","anthropics-new-ai-mythos-deemed-too-dangerous-for-public-release","Anthropic's 'Mythos' AI Deemed Too Dangerous for Public Release After Finding Novel Exploits","Anthropic's New AI 'Mythos' Deemed Too Dangerous for Public Release","informational","AI safety company Anthropic has made the unprecedented decision to withhold its new AI model, Claude Mythos Preview, from public release, judging it too dangerous due to its powerful capabilities in cybersecurity. Reports on April 11, 2026, reveal that Mythos can quickly and easily discover high-severity, unknown vulnerabilities in major operating systems and browsers with simple prompts. Citing the risk of democratizing advanced hacking capabilities, Anthropic is instead sharing the model with a select group of 11 tech giants, including Google, Apple, and Microsoft, under a new initiative called 'Project Glasswing.' The goal is for these companies to use Mythos to proactively find and patch critical flaws in global digital infrastructure before such AI tools are weaponized by malicious actors.",[18,19,20,21,22,23,24],"AI","Anthropic","Mythos","Artificial Intelligence","Vulnerability Research","Zero-Day","Responsible AI",[26,27,28],"Threat Intelligence","Policy and Compliance","Other","2026-04-12T15:00:00.000Z","2026-04-23T12:00:00.000Z",5,true,"New reports detail Anthropic's Mythos AI's autonomous attack capabilities and raise concerns over potential unauthorized access via a third-party contractor.","New information reveals Anthropic's 'Mythos' AI can autonomously discover zero-day vulnerabilities, generate functional exploits, and execute multi-stage cyberattacks, significantly escalating its threat profile. Concerns are heightened by reports of potential unauthorized access to the model through a third-party contractor, raising alarms about the containment and governance of this powerful AI system. This development accelerates the timeline for AI-driven attacks and underscores the urgent need for AI-native defenses. Project Glasswing now includes partners like Goldman Sachs.",{"id":36,"slug":37,"headline":38,"title":39,"severity":40,"excerpt":41,"tags":42,"categories":49,"createdAt":53,"updatedAt":30,"readingTime":54,"cves":55,"cvssScore":57,"isUpdate":32,"updateSummary":58,"updateContent":59},"f99f732c-7f63-4c69-b958-b9a8e61d1398","microsoft-defender-zero-days-actively-exploited-after-public-leak","Actively Exploited Microsoft Defender Zero-Days 'RedSun' and 'UnDefend' Remain Unpatched","Three Microsoft Defender Zero-Days—BlueHammer, RedSun, and UnDefend—Actively Exploited in the Wild After Researcher's Public Leak","critical","Threat actors are actively exploiting three zero-day vulnerabilities in Microsoft Defender, collectively known as BlueHammer, RedSun, and UnDefend. The exploits were publicly released by a security researcher in protest of Microsoft's disclosure process. While Microsoft patched BlueHammer (CVE-2026-33825) in its April Patch Tuesday, the RedSun privilege escalation and UnDefend denial-of-service flaws remain unpatched, leaving fully updated Windows 10, 11, and Server systems vulnerable. Security firm Huntress Labs has observed targeted, hands-on-keyboard attacks leveraging these exploits to gain SYSTEM-level privileges.",[43,44,45,46,47,48],"ZeroDay","LPE","Privilege Escalation","Microsoft Defender","Windows","Unpatched",[50,51,52],"Vulnerability","Cyberattack","Threat Actor","2026-04-18T15:00:00.000Z",6,[56],"CVE-2026-33825",7.8,"CISA adds CVE-2026-33825 (BlueHammer) to KEV catalog, mandating patch. Detailed exploit chain for SAM dump revealed, with initial access via FortiGate VPNs.","The CISA has added CVE-2026-33825 (BlueHammer), a critical Microsoft Defender privilege escalation vulnerability, to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by May 6, 2026. This confirms active, in-the-wild exploitation. New technical details reveal the exploit leverages a TOCTOU race condition to dump the SAM database for credential access, with initial access often gained via compromised FortiGate SSL VPNs. One observed attack originated from a Russian IP. The specific patch version is 4.18.26050.3011 or later. While the existing article noted BlueHammer was patched, this update highlights its continued critical threat due to confirmed active exploitation and government mandate.",{"id":61,"slug":62,"headline":63,"title":64,"severity":65,"excerpt":66,"tags":67,"categories":74,"createdAt":75,"updatedAt":76,"readingTime":31,"isUpdate":32,"updateSummary":77,"updateContent":78},"03ca5a55-5420-46fe-aebb-286d1b6b7bca","vercel-security-breach-linked-to-compromised-third-party-ai-tool","Vercel Breach: Supply Chain Attack via AI Tool Exposes Customer Credentials","Vercel Discloses Security Breach Originating from Compromised Third-Party AI Tool, Context.ai","high","Web infrastructure provider Vercel has confirmed a significant security incident where a threat actor gained unauthorized access to internal systems by compromising a third-party AI tool, Context.ai. The attack, which began with a hijacked Google Workspace OAuth application, allowed the actor to pivot into Vercel's environment and access a limited subset of customer environment variables. Vercel has stated that variables marked as 'sensitive' were not accessed, but urges all customers to rotate any credentials stored in non-sensitive variables as a precaution. The incident highlights the growing risk of sophisticated supply chain attacks that exploit trust relationships and OAuth integrations to bypass traditional security perimeters.",[68,69,70,71,72,73],"Supply Chain Attack","OAuth","Cloud Security","Data Breach","Environment Variables","Credential Rotation",[68,71,70],"2026-04-19T15:00:00.000Z","2026-04-23T00:00:00.000Z","New technical analysis, hunting hints, and enhanced mitigation strategies for the Vercel supply chain attack.","This update provides a more in-depth technical analysis of the Vercel supply chain attack, including expanded MITRE ATT&CK mappings (T1199, T1550.001, T1528, T1069.003, T1530) and new 'Cyber Observables' for hunting OAuth abuse. It also reinforces mitigation strategies with D3FEND techniques (D3-UAP, D3-SPP) for better third-party app governance and secret management. The article emphasizes the importance of using sensitive environment variables and regular OAuth app auditing to prevent similar incidents.",{"id":80,"slug":81,"headline":82,"title":83,"severity":65,"excerpt":84,"tags":85,"categories":90,"createdAt":91,"updatedAt":76,"readingTime":92,"isUpdate":32,"updateSummary":93,"updateContent":94},"a2e1f942-aac2-443e-a212-5384daa1aefd","fracturing-software-security-with-frontier-ai-models","Unit 42: Frontier AI Models Can Autonomously Find Zero-Days, Posing Major Threat to Software Security","Fracturing Software Security With Frontier AI Models","Palo Alto Networks' Unit 42 has conducted hands-on research with frontier AI models, revealing their alarming capability to act as autonomous security researchers. These models can independently identify zero-day vulnerabilities and complex exploit chains, posing a significant and immediate risk to the software ecosystem, especially open-source software (OSS). The research indicates that these AIs dramatically lower the barrier for unskilled attackers and accelerate the vulnerability-to-exploitation timeline from N-days to N-hours. Unit 42 predicts a surge in large-scale, AI-driven supply chain attacks and urges defenders to adopt an aggressive, prevention-first security posture to counter the unprecedented speed and scale of these emerging threats.",[18,21,23,86,22,87,88,68,89],"N-Day","Exploit Development","Open Source Security","Threat Landscape",[26,68,52],"2026-04-20T15:00:00.000Z",8,"Unit 42 demonstrates autonomous AI cloud attacks with 'Zealot' PoC, exploiting misconfigurations for data exfiltration.","Palo Alto Networks' Unit 42 has released new research demonstrating the practical application of AI in offensive cloud operations. Their 'Zealot' multi-agent AI system autonomously executed a multi-stage attack against a Google Cloud Platform (GCP) sandbox. The attack chained an SSRF vulnerability to steal service account credentials from the instance metadata service, then impersonated the account to access and exfiltrate data from Google BigQuery. This research proves that AI can act as a potent 'force multiplier' for existing cloud misconfigurations, shifting the threat of AI-driven attacks from theoretical to a tangible, present-day concern for cloud users. It provides specific TTPs, hunting hints, and mitigation strategies tailored for cloud environments, emphasizing the need for immediate strategic adjustments in defense.",{"id":96,"slug":97,"headline":98,"title":99,"severity":65,"excerpt":100,"tags":101,"categories":107,"createdAt":108,"updatedAt":108,"readingTime":109,"isUpdate":110},"c868d9f1-932e-46fc-ac88-4cf2a0bc1bab","rituals-cosmetics-discloses-customer-loyalty-program-data-breach","Rituals Cosmetics Data Breach Exposes Personal Info of 'My Rituals' Members","Luxury Cosmetics Brand Rituals Confirms Data Breach Affecting 'My Rituals' Loyalty Program Members","Amsterdam-based luxury cosmetics company Rituals has confirmed a data breach impacting members of its 'My Rituals' loyalty program, which has over 40 million members. The company began notifying affected customers on April 22, 2026, after discovering the incident earlier in the month. Compromised data includes full names, addresses, phone numbers, email addresses, dates of birth, and gender. Rituals has assured customers that no passwords or financial information were exposed. The company has contained the breach, reported it to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), and is working with external security specialists to monitor for the data's appearance on the dark web. Customers are advised to be cautious of potential phishing attacks leveraging their stolen personal information.",[71,102,103,104,105,106],"PII","Retail","GDPR","Phishing","Customer Data",[71,105],"2026-04-23T15:00:00.000Z",4,false,{"id":112,"slug":113,"headline":114,"title":115,"severity":65,"excerpt":116,"tags":117,"categories":124,"createdAt":108,"updatedAt":108,"readingTime":31,"isUpdate":110},"fe441e43-882e-4532-bffe-8d88a554868e","uk-biobank-data-of-500000-volunteers-leaked-and-sold-online","UK Biobank Breach: Health Data of 500,000 Volunteers Found for Sale on Alibaba","UK Biobank Suffers Massive Data Breach; De-Identified Health Records of 500,000 Volunteers Leaked by Chinese Research Partners","The UK government has confirmed a severe data breach involving the UK Biobank, where de-identified but confidential health data from all 500,000 of its volunteers was listed for sale on e-commerce platforms owned by Alibaba. The breach originated from three Chinese research institutions that had legitimately downloaded the data for research purposes but subsequently leaked it. The UK government worked with Chinese authorities and Alibaba to remove the listings. While the data did not include direct identifiers like names or full addresses, the incident represents a major breach of trust and a failure of data governance by a trusted research partner. In response, UK Biobank has revoked access for the responsible institutions and temporarily suspended its entire research platform to implement stricter security controls, including restrictions on data downloads.",[118,119,120,121,122,123],"Data Leak","Supply Chain","Healthcare Data","UK Biobank","Data Governance","Third-Party Risk",[71,68,27],{"id":126,"slug":127,"headline":128,"title":129,"severity":15,"excerpt":130,"tags":131,"categories":138,"createdAt":108,"updatedAt":108,"readingTime":109,"isUpdate":110},"28934a64-d6c1-441a-99a7-3b756c54839b","ncsc-unveils-silentglass-to-secure-hdmi-displayport-connections","UK's NCSC Launches 'SilentGlass' Hardware to Block HDMI-Based Cyber Espionage","NCSC Develops 'SilentGlass' Hardware to Thwart Cyberattacks via HDMI and DisplayPort Connections","The UK's National Cyber Security Centre (NCSC) has developed a new hardware device called 'SilentGlass' to protect against cyberattacks transmitted through video display cables. Unveiled at the CYBERUK conference, the plug-and-play device secures HDMI and DisplayPort connections by ensuring only the video signal is transmitted, actively blocking any malicious or unexpected data. The NCSC highlighted that monitors are an attractive target as they can process and store sensitive data, yet their interfaces are often overlooked as a security boundary. The technology, already deployed in UK government systems, has been licensed to UK firm Goldilock Labs for global manufacturing and distribution in partnership with Sony UK Technology Centre, making high-assurance security available to commercial businesses.",[132,133,134,135,136,137],"Hardware Security","NCSC","Data Diode","Cyber Espionage","HDMI","DisplayPort",[139,26,140],"Security Operations","Industrial Control Systems",{"id":142,"slug":143,"headline":144,"title":145,"severity":65,"excerpt":146,"tags":147,"categories":154,"createdAt":108,"updatedAt":108,"readingTime":31,"isUpdate":110},"62f74ab1-a764-4364-aac1-0002a5ca5ab8","ransomware-trends-report-shows-shift-to-vpn-infrastructure-exploitation","Ransomware Shifts to Infrastructure: 73% of Attacks Exploit VPNs, At-Bay Reports","Akira Ransomware Dominates as Attackers Increasingly Target VPNs and Core Infrastructure, New Report Finds","A new report from cyber insurance provider At-Bay reveals a dramatic shift in ransomware tactics, with attackers increasingly targeting core infrastructure like Virtual Private Networks (VPNs). The report, based on over 6,500 claims, found that a staggering 73% of ransomware incidents in 2025 initiated through a compromised VPN, a figure that has nearly doubled in two years. The Akira ransomware group was a major driver of this trend, accounting for over 40% of claims in At-Bay's dataset and heavily targeting SonicWall VPN appliances. The average ransom demand from Akira was $1.2 million, 50% higher than other groups. The report also highlights that smaller businesses were disproportionately affected and that technical controls like EDR alone were often insufficient, emphasizing the need for 24/7 managed detection and response (MDR).",[148,149,150,151,152,153],"Ransomware","Akira","VPN","SonicWall","Threat Report","Cyber Insurance",[148,26,50],{"id":156,"slug":157,"headline":158,"title":159,"severity":15,"excerpt":160,"tags":161,"categories":166,"createdAt":108,"updatedAt":108,"readingTime":109,"isUpdate":110},"a9f26cbe-33c6-4080-81ec-f20c449fd54f","crowdstrike-launches-project-quiltworks-to-combat-ai-discovered-vulnerabilities","CrowdStrike's 'Project QuiltWorks' Unites Industry to Tackle AI-Driven Vulnerability Surge","CrowdStrike Launches Project QuiltWorks Coalition with OpenAI and Anthropic to Address AI-Discovered Vulnerabilities","CrowdStrike has launched 'Project QuiltWorks,' a new industry coalition designed to address the security risks arising from the accelerated discovery of software vulnerabilities by frontier AI models. Recognizing that models like those from OpenAI and Anthropic can find bugs at an unprecedented rate, the initiative brings together AI developers, cybersecurity leaders, and systems integrators to create a structured approach for remediation. Key partners include OpenAI, Anthropic, Accenture, EY, and IBM Cybersecurity Services. As part of the project, CrowdStrike is also launching a 'Frontier AI Readiness and Resilience Service' to provide expert-led assessments and guided remediation for customers, helping them determine their exposure to these newly found flaws.",[18,162,163,19,164,165],"CrowdStrike","OpenAI","Vulnerability Management","AI Security",[26,139,27],{"id":168,"slug":169,"headline":170,"title":171,"severity":172,"excerpt":173,"tags":174,"categories":181,"createdAt":108,"updatedAt":108,"readingTime":31,"isUpdate":110},"cdb53034-46e0-444c-93ff-9782bb1b5b18","aria-cybersecurity-to-protect-critical-infrastructure-at-major-us-cement-producer","Major US Cement Producer Taps Aria Cybersecurity to Protect Critical Plant Operations","Aria Cybersecurity Deploys AZT PROTECT™ Solution to Secure OT Environments for Leading US Cement Producer","medium","Aria Cybersecurity, a business unit of CSPi, has announced an agreement to deploy its AZT PROTECT™ solution to secure the critical operational technology (OT) environments of a major, unnamed US cement producer. The cement industry is considered a high-value target for cyberattacks, including state-sponsored ransomware. The deployment follows successful lab testing and a plant pilot, where the solution demonstrated its ability to 'lock down' critical systems by preventing any unauthorized or malicious executables from running. A key feature for the selection was AZT PROTECT's ability to operate effectively without an internet connection or constant updates, making it ideal for protecting sensitive and often isolated OT systems from threats like unpatched vulnerabilities.",[175,176,177,178,179,180],"OT Security","ICS Security","Critical Infrastructure","Application Whitelisting","Aria Cybersecurity","Manufacturing",[140,51,139],1776956899115]