VECT 2.0 Ransomware Unmasked as Destructive Wiper, CISA Warns of Actively Exploited Windows Flaw
Summary
This cybersecurity brief for April 29, 2026, covers several critical developments. Researchers have discovered that VECT 2.0 ransomware is, in fact, a destructive wiper for files over 128KB, making data recovery impossible even with a ransom payment. In parallel, CISA has added a new, actively exploited Windows vulnerability (CVE-2026-32202) to its KEV catalog, stemming from an incomplete patch for a flaw previously used by APT28. Other major incidents include the ShinyHunters group's widespread ransomware campaign hitting over 40 global companies, Checkmarx confirming data theft in a supply chain attack claimed by Lapsus$, and a significant data breach at Rituals cosmetics affecting millions of customers.
Today New Articles
VECT 2.0 Ransomware Flaw Means Paying the Ransom is Pointless—Large Files are Wiped Forever
Security researchers at Check Point have uncovered a critical design flaw in the VECT 2.0 ransomware that causes it to permanently destroy files larger than 128 KB instead of encrypting them. This bug, present in the Windows, Linux, and ESXi variants, discards...
ShinyHunters Ransomware Spree: Carnival, Zara's Parent, and 40+ Firms Breached in Massive Campaign
The ShinyHunters ransomware group has claimed responsibility for a large-scale attack campaign that has compromised more than 40 organizations worldwide. The victims, listed on the group's data leak site, span the retail, insurance, and hospitality sectors. Hi...
Europol Warns of AI-Powered 'Industrialized Cybercrime' in IOCTA 2026 Report
Europol's 2026 Internet Organised Crime Threat Assessment (IOCTA) highlights a major shift towards the 'industrialization' of cybercrime, significantly accelerated by the use of Artificial Intelligence. The report states that AI is being used to increase the s...
MITRE Warns of New Cyber Risks in AI and Cloud-Connected Medical Devices
A new discussion paper from MITRE warns that the rapid integration of emerging technologies like AI, cloud computing, and post-quantum cryptography into medical devices is creating new and complex cybersecurity risks that could directly impact patient safety....
Ransomware Turf War: 0APT and KryBit Groups Hack Each Other in Public Feud, Leaking Ops Data
A rare public conflict has erupted between two rival ransomware groups, 0APT and KryBit. The feud, which played out between March 28 and April 12, 2026, involved both groups hacking each other and leaking sensitive operational data. 0APT initiated the spat by...
China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits
The China-based threat group Silver Fox has launched a new wave of attacks targeting businesses and individuals across Asia. The group, which has been active since at least 2022, uses fake tax audit notifications and counterfeit software update alerts to deliv...
Entertainment Industry Failing on Security Basics, MPA Report Reveals Widespread Risks
The Motion Picture Association's (MPA) Trusted Partner Network (TPN) has released its first TPN STAR Report, revealing systemic security vulnerabilities across the global entertainment supply chain. The report finds that while most organizations have security...
Article Updates
Open Source Under Siege: Axios, Trivy, and LiteLLM Hit by Supply Chain Attacks
Update:Software security firm Checkmarx has confirmed data exfiltration, including source code, API keys, and employee details, following a sophisticated supply chain attack by TeamPCP. The Lapsus$ group has claimed responsibility for leaking the stolen data. This in...
GlassWorm Campaign Evolves, Uses Zig-Based Dropper to Infect All Developer IDEs
Update:The GlassWorm campaign has launched a new wave involving 73 malicious 'sleeper' extensions on the Open VSX marketplace. Unlike previous iterations, these extensions initially appear benign, remaining dormant to evade detection. They are now engineered as thin...
Rituals Cosmetics Data Breach Exposes Personal Info of 'My Rituals' Members
Update:Rituals Cosmetics has updated the estimated number of affected customers to up to 41 million, an increase from the previously reported 'over 40 million'. The newly disclosed compromised data now includes customers' preferred store locations, in addition to nam...
Germany Accuses Russia of Orchestrating Large-Scale Signal Phishing Attack on Politicians
Update:The sophisticated Signal phishing campaign, initially reported to target German politicians, has now been observed impacting military personnel and journalists, with similar attacks reported in the UK and Netherlands. The attack method involves tricking users...
Microsoft Confirms Windows Shell Flaw (CVE-2026-32202) Is Actively Exploited
Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch the flaw. This update clarifies the vulnerability as an authenticatio...