Cybersecurity News | Daily Recap [16 Apr 2026]

Threats & Malware

• Ukraine says UAC-0247 is intensifying attacks on hospitals and local governments using AGINGFLY, multi-stage loaders, and credential theft tooling to maintain persistence and deploy cryptominers – AgingFly Attack, Ukraine Attacks
• A backdoored EssentialPlugin WordPress suite was used to push malware and spam redirects to thousands of sites through a hidden updater and Ethereum-based C2 – WP Backdoor
• A digitally signed adware package from Dragon Boss Solutions abused its update channel to disable antivirus and run payloads with SYSTEM privileges across 23,500+ hosts in 124 countries – AV-Killing Malware
• Muddy Water is now using CastleRAT and ChainShell in a more professional intrusion chain, including HVNC hijacking and Ethereum-based C2 resolution – Muddy Water

Exploits & Vulnerabilities

• The critical nginx-ui flaw CVE-2026-33032 is being actively exploited to take over exposed servers, with about 2,600+ internet-facing instances and public PoCs available – Nginx-UI Flaw, Nginx Exploit, Server Takeover
• Patch Tuesday fixed critical issues across SAP, Adobe, Microsoft, and Fortinet, including a CVSS 9.9 SQL injection in SAP Business Warehouse and an actively exploited Adobe Acrobat Reader RCE – April Patches
• NIST will now prioritize only select CVE entries, focusing on exploited and federally relevant vulnerabilities as submissions surge beyond manual handling capacity – CVE Limits
• Microsoft is investigating failed installs and BitLocker recovery loops affecting some Windows Server 2025 systems after update KB5082063 – Server Update

Identity & Fraud

• ATHR is selling an AI-driven vishing platform for $4,000 plus commission, automating brand spoofing and voice calls to steal credentials from services like Google and Coinbase – ATHR Vishing
• Two U.S. nationals were jailed for running a DPRK “laptop farm” that helped North Korean IT workers fake identities, infiltrate 100+ companies, and generate over $5 million for Pyongyang – DPRK Laptop Farm
• A teen hacker tied to the PowerSchool breach was sentenced to 4 years in prison after data linked to roughly 60 million students and 10 million teachers was exposed – PowerSchool Case
• Northern Ireland police arrested a teen over a cyberattack on a school network, underscoring continued youth involvement in school-targeted intrusions – School Arrest

Data Breaches

• ShinyHunters leaked data on 13.5 million McGraw Hill accounts after exploiting a Salesforce-hosted page misconfiguration and publishing over 100GB of personal records – McGraw Hill

Cloud, AI & Privacy

• Microsoft paid $2.3 million at Zero Day Quest for 80+ high-impact cloud and AI findings, highlighting its push to harden emerging AI systems – Zero Day Quest
• Capsule Security emerged from stealth with $7 million to provide runtime protection for agentic AI workflows across tools like Copilot Studio, ServiceNow, and Salesforce Agentforce – Capsule Security
• Research found 194 ad services, including Google, Microsoft, and Meta, often ignored Global Privacy Control opt-out signals on California sites – Privacy Opt-Out
• The EU is preparing a privacy-focused age verification app to prove age without exposing identity, as part of broader child protection enforcement – EU Age App

Geopolitics & Infrastructure

• Sweden blamed a pro-Russian group linked to Russian security services for a failed attack on a heating plant, amid similar critical infrastructure incidents across Europe – Sweden Energy

AI SOCs

• Security teams are finding that most AI SOC products mainly speed up triage, while real value comes from reliable end-to-end workflows with auditability and human oversight – AI SOCs

Cybersecurity News | Daily Recap – hendryadrian.com