Apple Patches Critical iOS Privacy Flaw; New Kyber Ransomware Emerges with Post-Quantum Encryption

Publication Date: April 24, 2026

Summary

This cybersecurity brief for April 24, 2026, covers several major developments. Apple has released an emergency patch for an iOS vulnerability (CVE-2026-28950) that allowed the FBI to recover deleted Signal message notifications. A new ransomware group, Kyber, is deploying post-quantum cryptography in attacks against Windows systems. International agencies have issued a joint warning about China-linked threat actors using large-scale botnets for covert operations. Other significant events include the discovery of the GopherWhisper APT targeting Mongolia, a data breach involving UK Biobank records, and new campaigns from Tropic Trooper and Mustang Panda.

Today New Articles

Apple Rushes Fix for iOS Flaw That Let FBI Recover Deleted Signal Messages

Apple has issued an emergency security update for iOS and iPadOS to address a significant privacy vulnerability, CVE-2026-28950. The flaw caused the operating system to improperly retain notifications from secure messaging apps like Signal, even after the mess...

Kyber Ransomware Debuts with Post-Quantum Encryption, Targeting Windows and ESXi

A new ransomware operation named 'Kyber' is targeting both Windows and VMware ESXi environments, but with a notable difference in its encryption schemes. Security firm Rapid7 discovered that the Rust-based Windows variant uses a hybrid encryption method employ...

Ten Nations Warn of China-Linked Threat Actors Using Covert SOHO Botnets for Espionage

An international coalition of cybersecurity agencies from ten nations, including the U.S. NSA, CISA, and FBI, has issued a joint advisory on the evolving tactics of China-nexus threat actors. The advisory warns that these groups are increasingly leveraging lar...

Tropic Trooper APT Targets Chinese Speakers with Trojanized PDF Reader, Uses GitHub for C2

The cyber-espionage group Tropic Trooper (also known as APT23 or Pirate Panda) has been linked to a new campaign targeting Chinese-speaking individuals in Taiwan, South Korea, and Japan. According to Zscaler's ThreatLabz, the attack, first seen in March 2026,...

NATO's Locked Shields 2026 Cyber Exercise Tests 4,000 Defenders Against 8,000 Live-Fire Attacks

The world's largest and most complex live-fire cyber defense exercise, Locked Shields 2026, has concluded in Tallinn, Estonia. Organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the exercise involved over 4,000 participants from 41...

Celerium Launches 'DIB CyberDome' to Automate CMMC Compliance for Defense SMBs

Celerium has launched the DIB CyberDome, a cybersecurity platform tailored for the thousands of small and mid-sized businesses (SMBs) in the U.S. Defense Industrial Base (DIB). The platform is designed to help these contractors meet the complex requirements of...

OpenAI Launches GPT-5.4-Cyber, a Specialized AI Model for Defensive Cybersecurity

OpenAI has introduced GPT-5.4-Cyber, a specialized version of its latest large language model fine-tuned for defensive cybersecurity tasks. The model features fewer restrictions than its public counterpart, enabling security professionals to perform complex op...

New 'GopherWhisper' APT Group Linked to China Targets Mongolian Government

ESET researchers have uncovered a previously unknown, China-aligned APT group named 'GopherWhisper.' Active since at least November 2023, the group was discovered targeting a Mongolian governmental institution with a sophisticated, Go-based malware toolkit. Th...

Mirai Botnet Exploits Critical Flaw in Discontinued D-Link Routers for DDoS Attacks

A new variant of the Mirai botnet is actively exploiting a year-old, high-severity command injection vulnerability (CVE-2025-29635, CVSS 8.8) affecting discontinued D-Link DIR-823X routers. According to Akamai, attackers are using the flaw to achieve remote co...