Daily Digest

ADT Confirms Major Breach by ShinyHunters, Critical OpenSSH Flaw Disclosed, and AI-Driven Threats Reshape Cybersecurity Landscape

April 27, 2026

10 articles (8 new, 2 updated)

30 min read

Summary

This 24-hour period has been marked by significant disclosures and strategic shifts in cybersecurity. Home security giant ADT confirmed a major data breach claimed by the ShinyHunters group, exposing millions of customer records. A 15-year-old critical vulnerability in OpenSSH (CVE-2026-35414) allowing root access was revealed, alongside a massive Microsoft Patch Tuesday addressing 163 CVEs. Meanwhile, the emergence of AI-driven threats like Anthropic's 'Mythos' and new APTs such as GopherWhisper and UNC6692 are forcing a global rethink of defensive strategies, while CISO confidence plummets amid budget cuts and increasing attack sophistication.

Filter by Category

New Articles (8)

Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

CRITICAL

Critical OpenSSH Vulnerability CVE-2026-35414 Grants Root Access Due to Principal Parsing Error

A critical remote code execution vulnerability, CVE-2026-35414, has been discovered in OpenSSH, affecting versions released over the last 15 years. The flaw, which carries a CVSS score of 8.1, resides in the parsing of SSH certificate principal names. An attacker with a valid certificate from a trusted Certificate Authority (CA) can craft a principal name with a comma (e.g., 'deploy,root') to trick the server into granting root-level access. A major concern is that successful exploitation is logged as a legitimate authentication, making detection through log analysis nearly impossible. The vulnerability affects OpenSSH versions prior to 10.3, and administrators are urged to update to the patched version 10.3p1 immediately to prevent full system compromise.

April 27, 2026

5 min read

CVE-2026-35414OpenSSHVulnerabilityRoot AccessRCE +3 more

Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

Utility Tech Giant Itron Discloses Breach of Internal IT Network

MEDIUM

Itron Reports Cyberattack; Unauthorized Party Gained Access to Internal Corporate Systems

Itron, a major American technology provider for energy and water utilities, has disclosed a cybersecurity incident in an SEC filing. The company reported on April 13, 2026, that an unauthorized third party had gained access to a segment of its internal IT systems. Upon discovery, Itron activated its incident response plan, involving external cybersecurity experts and notifying law enforcement. The company stated it has since removed the unauthorized access and has not observed further malicious activity. Crucially, Itron emphasized that customer-hosted systems, which are often part of critical infrastructure, were not affected. While the investigation is ongoing, Itron does not believe the incident will have a material impact on its operations or financial condition.

April 27, 2026

5 min read

ItronCyberattackSECCritical InfrastructureUtilities +2 more

Utility Tech Giant Itron Discloses Breach of Internal IT Network

Trigona Ransomware Evolves, Using Custom Exfiltration Tool for Stealthier Data Theft

HIGH

Trigona Ransomware Affiliates Deploy 'uploader_client.exe' to Bypass Security Detections

Affiliates of the Trigona ransomware group are increasing their sophistication by using a custom-built data exfiltration tool named 'uploader_client.exe'. This move, identified by Symantec's Threat Hunter Team, marks a tactical shift from using common, easily-detected utilities like Rclone. The new command-line tool is designed for speed, precision, and stealth, featuring capabilities like multi-threaded uploads, connection rotation to evade network monitoring, and granular file-type exclusion to focus on high-value data. The tool communicates with a hardcoded, attacker-controlled server and uses a shared key for authentication. This development indicates that Trigona's affiliates are becoming more technically proficient and are investing in custom tooling to improve their operational success and evade detection.

April 27, 2026

5 min read

TrigonaRansomwareRaaSData ExfiltrationCustom Tooling +3 more

Trigona Ransomware Evolves, Using Custom Exfiltration Tool for Stealthier Data Theft

Hackers Impersonate IT on Microsoft Teams to Deploy 'SNOW' Malware

HIGH

Threat Actor UNC6692 Uses Email Bombing and Teams Chats for Sophisticated Social Engineering Attacks

A newly identified threat actor, UNC6692, is conducting sophisticated attacks using a novel social engineering vector. As detailed by Google's Mandiant group, the attackers first create a distraction by flooding a target's inbox with spam emails. They then contact the victim via a Microsoft Teams chat from an external account, impersonating IT help desk staff offering to fix the spam issue. This pretext is used to lure the victim into visiting a phishing page and running a malicious script. This script initiates an infection chain that deploys the 'SNOW' malware ecosystem, which includes a JavaScript-based backdoor (SNOWBELT), a Python tunneler (SNOWGLAZE), and a persistent backdoor (SNOWBASIN). The malware is used for credential theft, data harvesting, and lateral movement.

April 27, 2026

5 min read

UNC6692SNOW malwareMicrosoft TeamsSocial EngineeringPhishing +3 more

Hackers Impersonate IT on Microsoft Teams to Deploy 'SNOW' Malware

State CISO Confidence Plummets as AI Threats Rise and Budgets Fall, Survey Finds

INFORMATIONAL

NASCIO-Deloitte Survey: Only 26% of State CISOs Confident in Ability to Protect Data

Confidence among U.S. state chief information security officers (CISOs) has dropped dramatically, according to the 2026 NASCIO-Deloitte Cybersecurity Study. Only 26% of state CISOs feel 'extremely' or 'very' confident in their ability to protect state systems, a steep decline from 48% in 2022. The primary drivers for this pessimism are the rapid rise of AI-powered cyberattacks and insufficient funding. Many CISOs report that budgets are either stagnant or, in some cases, have been cut, even as threats like AI-driven ransomware and deepfakes become more prevalent. In response, state cyber leaders are shifting their focus to implementing effectiveness metrics to better justify budget requests and demonstrate the value of their security programs.

April 27, 2026

4 min read

CISONASCIODeloitteCybersecurity LeadershipBudget +3 more

State CISO Confidence Plummets as AI Threats Rise and Budgets Fall, Survey Finds

US Cracks Down on Southeast Asia Cyberscam Networks, Sanctions Cambodian Senator

INFORMATIONAL

DOJ and Treasury Target 'Scam Center Kingpin' Kok An in Sweep of Transnational Crime

The U.S. government has launched a major, multi-agency crackdown on transnational cyberscam networks operating from Southeast Asia. The initiative, described as a 'new theater of war' against Chinese organized crime, involves sanctions, criminal charges, and asset seizures. The U.S. Treasury has sanctioned Kok An, a prominent Cambodian senator and businessman, labeling him a 'scam center kingpin,' along with 28 other individuals and companies. Simultaneously, the Department of Justice has filed criminal charges against two Chinese nationals in a related case and is seizing illicit assets and online recruitment channels. These scam operations, often involved in human trafficking, are responsible for billions of dollars in losses for victims worldwide, including nearly $21 billion from Americans in 2025 alone.

April 27, 2026

4 min read

CyberscamPig ButcheringOFACSanctionsDOJ +4 more

US Cracks Down on Southeast Asia Cyberscam Networks, Sanctions Cambodian Senator

Cyber Sovereignty and Supply Chain Risk Become Top Concerns for Critical Infrastructure

INFORMATIONAL

Geopolitical Tensions Force Critical Infrastructure to Focus on 'Trust-Driven Sourcing' and SBOMs

Amid rising geopolitical tensions, the concepts of cyber sovereignty and supply chain security have become paramount for critical infrastructure operators. The recognition that any third-party vendor can be a weak link exploited by adversaries is driving a strategic shift away from cost-based sourcing to 'trust-driven sourcing'. Cyber sovereignty is being defined as the ability to operate and defend systems without reliance on technology beholden to a foreign adversary. This has led to increased regulatory scrutiny and a greater demand for transparency through mechanisms like the Software Bill of Materials (SBOM), which helps illuminate hidden dependencies in the software supply chain. Organizations are now treating supply chain security not as a compliance checkbox, but as a core component of operational resilience and strategic autonomy.

April 27, 2026

4 min read

Supply Chain SecurityCyber SovereigntySBOMCritical InfrastructureOT Security +1 more

Critical Unauthenticated Path Traversal Flaw Found in CrowdStrike LogScale

CRITICAL

CrowdStrike Patches Critical Flaw (CVE-2026-40050) in Self-Hosted LogScale Platform

CrowdStrike has patched a critical, unauthenticated path traversal vulnerability, CVE-2026-40050, in its self-hosted LogScale (formerly Humio) log management platform. The vulnerability, discovered internally by CrowdStrike, could allow a remote, unauthenticated attacker to read arbitrary files from the server's filesystem by exploiting a specific cluster API endpoint. This could lead to the exposure of sensitive data, including configuration files and credentials. Customers of the CrowdStrike-hosted LogScale SaaS are not affected, as the company has already applied mitigations. Self-hosted customers are urged to upgrade to a patched version immediately.

April 27, 2026

4 min read

CrowdStrikeLogScaleHumioCVE-2026-40050Path Traversal +2 more

Critical Unauthenticated Path Traversal Flaw Found in CrowdStrike LogScale

Updated Articles (2)

Microsoft's April Patch Tuesday Fixes 164 Flaws, Including Actively Exploited SharePoint Zero-Day

HIGH

Microsoft's April 2026 Patch Tuesday Addresses 164 CVEs, Including Two Zero-Days and a Critical RDP Flaw

Update:

This update provides a more comprehensive overview of Microsoft's April 2026 Patch Tuesday. It clarifies that a total of 247 CVEs were addressed when including third-party components, alongside 163 Microsoft-specific CVEs. A detailed breakdown by vulnerability type is now available, showing 94 Elevation of Privilege and 20 Remote Code Execution flaws. Additionally, a new Remote Desktop Spoofing vulnerability (CVE-2026-26151) has been highlighted, prompting new security warnings. Deployment priorities have been further refined, emphasizing immediate patching for the actively exploited SharePoint flaw (CVE-2026-32201) within 72 hours and critical RCEs like the IKE service (CVE-2026-33824) within 1-2 weeks.

April 18, 2026

Updated: April 27, 2026

6 min read

Patch TuesdayMicrosoftZeroDaySharePointRDP +2 more

Microsoft's April Patch Tuesday Fixes 164 Flaws, Including Actively Exploited SharePoint Zero-Day

UK's NCSC Unveils 'SilentGlass' Hardware to Block Malware via HDMI and DisplayPort

INFORMATIONAL

NCSC Launches 'SilentGlass,' a First-of-its-Kind Hardware Device to Prevent Cyberattacks Through Monitor Connections

Update:

Further analysis of NCSC's SilentGlass reveals specific technical mechanisms it employs to secure display connections. The device physically severs data-carrying pins beyond video/audio, preventing Hot Plug Detect (HPD) exploitation and I2C/DDC bus hijacking. This detailed explanation clarifies how SilentGlass mitigates advanced threats, including those related to USB-C/Thunderbolt, and aligns its defensive posture with MITRE ATT&CK T1200 (Hardware Additions) by preventing malicious hardware components from affecting host systems. The update provides a more granular understanding of the hardware-level protection offered.

April 24, 2026

Updated: April 27, 2026

4 min read

Hardware SecurityNCSCGCHQData DiodeHDMI +2 more

UK's NCSC Unveils 'SilentGlass' Hardware to Block Malware via HDMI and DisplayPort

📢 Share This Publication

Help others stay informed about cybersecurity threats