Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [07 Apr 2026]

admin
Cybersecurity News | Daily Recap [07 Apr 2026]

Daily Recap, German authorities say alleged leaders Daniil Shchukin and Anatoly Kravchuk ran GandCrab/REvil operations linked to about 130 extortion cases, more than $40M in damage and over $2.2M in ransoms. Fortinet FortiClient EMS flaws CVE-2026-21643 and CVE-2026-35616 were actively exploited, prompting CISA patch orders after roughly 2,000 EMS instances were exposed online, while Medusa (Storm-1175) continues fast-to-exploit double‑extortion across healthcare, education, finance and professional services. #REvil #Medusa

Ransomware Gangs

  • German authorities say alleged leaders Daniil Shchukin and Anatoly Kravchuk ran the GandCrab/REvil operations linked to ~130 extortion cases, > $40M in damage and > $2.2M in ransoms – REvil Leader, REvil Bosses, REvil Unmask

Fortinet Flaws

  • Two actively exploited FortiClient EMS flaws—including CVE-2026-21643 (SQLi) and CVE-2026-35616 (API bypass)—allow unauthenticated RCE/access and prompted CISA emergency patch orders after ~2,000 EMS instances were found exposed online; apply vendor hotfixes or upgrades immediately – FortiClient EMS, CISA Patch Order

Medusa Activity

  • Medusa (Storm-1175) is a fast-moving RaaS that weaponizes new and zero-day flaws to carry out double‑extortion attacks within hours across healthcare, education, finance and professional services in the US, UK and AustraliaMedusa Fast, Medusa Zero-days

Exploits & 0‑Days

  • PoC leak of the BlueHammer Windows LPE can grant SYSTEM access and researchers warn of full compromise, while a new GPUBreach GPU rowhammer attack enables system takeover via GPU memory corruption – BlueHammer, GPUBreach

Microsoft Changes

  • Microsoft removed the Support and Recovery Assistant (SaRA) and urges admins to migrate to GetHelpCmd.exe as it retires legacy tools, and it implemented a server-side fix resolving a Classic Outlook email delivery bug causing NDRs – SaRA Removed, Classic Outlook Fix

CSAM & EU Law

  • Expiration of the temporary ePrivacy derogation risks a sharp drop in CSAM reports to Europol/NCMEC, but major platforms pledge to continue on‑platform scanning despite the legal gap – CSAM Law, Big Tech Vows

Supply-Chain & NPM

  • Attackers published malicious NPM packages (36+) targeting Strapi/Guardarian to enable Redis code exec, container escape and credential theft, while DPRK-linked actors also social-engineered Node.js maintainers to push malicious packages to NPM—exposing millions—so remove affected packages and rotate credentials – Strapi Packages, Node.js Maintainers

North Korea Ops

  • Multiple DPRK-linked campaigns include using GitHub as C2 (exfiltration to the “motoralis” repo) against South Korea and a six‑month operation by UNC4736 that drained $285M from Drift Protocol in 12 minutes on Solana—funds laundered via USDC/SOL and bridges – GitHub C2, Drift Drain

Credential Attacks & RaaS

  • An Iran-linked three-wave password-spraying campaign hit > 300 Microsoft 365 orgs in Israel and > 25 in the UAE (linked to Gray Sandstorm), and the Pay2Key ransomware resurfaced against a U.S. healthcare target—admins should enforce MFA, conditional access and audit logging – Password Spraying, Password Spraying 2

Fraud & Phishing Trends

  • The FBI IC3 reports cyber-enabled fraud surged to $17.6B in losses with 85% tied to fraud (investment fraud, BEC, tech‑support), while the UAE council warns > 75% of attacks start with phishing and ~3.4 billion phishing messages are sent daily—AI scams and crypto thefts also rose – IC3 Losses, Phishing Stats

Incidents & Disruptions

  • A cyberattack disrupted the Patriot Regional Emergency Communications Center in Massachusetts, taking non‑emergency systems and business lines offline while 9‑1‑1 remained operational and recovery efforts continue – Massachusetts Dispatch

Legal & Privacy

  • The founder of pcTattletale, Bryan Fleming, pleaded guilty to manufacturing/distributing stalkerware and received a fine with no additional prison time, marking the first prosecution of this type since 2014 – Stalkerware Case

AI Threats

  • Google DeepMind maps “AI Agent Traps,” categorizing six classes of web attacks that can manipulate autonomous agents and recommending model hardening, runtime protections and content governance to defend against content‑injection and behavioral-control attacks – AI Agent Traps

Policy & Funding

  • The White House proposes cutting CISA funding by $707M, a move that would reduce resources for federal cybersecurity operations and assistance programs – CISA Funding

Breach Monitoring

  • Analysis warns that simple breach monitoring is insufficient as adversaries use rapid exploitation and multi-stage techniques, urging continuous asset inventory, detection and response improvements – Breach Monitoring

Cybersecurity News | Daily Recap – hendryadrian.com