![Cybersecurity News | Daily Recap [27 Apr 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [27 Apr 2026]")
Daily Recap, BlackFile extortion targets retail and hospitality with seven-figure ransoms using voice phishing, IT-support impersonation, and leaked-data sites, while romance and pig-butchering scams continue to devastate victims. Malware activity includes UNC6692 deploying the SnowBelt browser extension for persistence and credential theft, and fast16—a 20-year-old Lua-based sabotage framework predating Stuxnet—plus espionage links to Xu Zewei and HAFNIUM/Silk Typhoon attacks on Microsoft Exchange. #BlackFile #SnowBelt #UNC6692 #fast16 #Stuxnet #XuZewei #HAFNIUM #SilkTyphoon #MicrosoftExchange #Duo #Itron #Pack2TheRoot #PackageKit #TLSConnect #LuLu #TibetanVote #COVID19VaccineResearch
Extortion & Scams
- BlackFile is using voice phishing, IT-support impersonation, and leaked-data sites to extort retail and hospitality victims for seven-figure ransoms – BlackFile Extortion
- Long-running romance and pig-butchering scams continue to leave victims financially and emotionally devastated, with advocates urging empathy-first support and stronger anti-fraud coordination – Scam Victim Care
- A South Korea matchmaking service, Duo, was fined over £600,000 after an infostealer infection exposed sensitive user data – Duo Fine
Malware & Intrusions
- Mandiant says UNC6692 used email bombing and Microsoft Teams help-desk impersonation to install the SnowBelt browser extension and related tools for persistence and credential theft – SnowBelt Attack, Teams Phish
- Researchers uncovered fast16, a 20-year-old Lua-based sabotage framework built to corrupt scientific and engineering calculations, predating Stuxnet and targeting tools like LS-DYNA 970 – fast16 Malware
- Itron reported unauthorized access to some systems on April 13, said operations continued, and noted no ransom group has been identified – Itron Breach
Espionage & Influence
- Italy extradited alleged Chinese state hacker Xu Zewei to the U.S., where he faces charges tied to HAFNIUM/Silk Typhoon and Microsoft Exchange attacks that allegedly stole COVID-19 vaccine research – Xu Extradition
- A China-linked Spamouflage campaign used fake accounts and AI-generated images to target Tibetan parliament-in-exile elections, but drew little organic engagement – Tibetan Vote
Vulnerabilities & Security Tools
- Pack2TheRoot is a high-severity Linux flaw in PackageKit (CVE-2026-41651) that can grant root access, with fixes already landing in Debian, Ubuntu, and Fedora – Pack2TheRoot
- GMO GlobalSign launched TLS Connect to help SMBs automate TLS certificate discovery, renewal, and compliance as certificate lifespans shrink – TLS Connect
- Aptori expanded its platform with autonomous offensive testing to validate vulnerabilities at runtime and speed remediation in development workflows – Aptori Testing
Identity & Access
- As AI agents and machine identities drive over 90% of authentications, traditional IAM is struggling and vendors are pushing application-centric, runtime authorization models – AI Access Control
Open Source & Privacy
- A roundup of 25 open-source cybersecurity tools highlights free projects for threat detection, secrets scanning, AI-agent governance, cloud auditing, and incident response automation – Open-Source Tools
- LuLu, a free macOS firewall, helps users monitor and block unauthorized outbound app connections with live network activity tracking – LuLu Firewall