Cybersecurity News | Daily Recap [08 Apr 2026]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Exploits

• A critical Flowise remote-code-execution bug (CVE-2025-59528) is being actively exploited via the CustomMCP setting and users are urged to upgrade or remove public exposure to avoid full compromise – Flowise RCE, Flowise RCE
• A high-severity Docker Engine flaw (CVE-2026-34040) lets attackers bypass authorization plugins and create privileged containers with host access; update to 29.3.1 and apply mitigations – Docker Engine
• A critical unauthenticated file-upload in the Ninja Forms File Uploads add-on (CVE-2026-0740) is under active exploitation and site owners must upgrade to the patched 3.3.27 to prevent RCE and site takeover – Ninja Forms

State-linked Campaigns

• APT28/FrostArmada compromised SOHO routers (MikroTik/TP-Link) to hijack DNS and steal Microsoft credentials, and international law enforcement disrupted the botnet and restored DNS – APT28 DNS, APT28 DNS, Router Hijacks
• Iran-linked actors targeted internet-exposed PLCs and OT systems to extract project files and manipulate HMI/SCADA displays, prompting joint U.S. agency warnings to disconnect PLCs from the Internet and apply OT mitigations – PLC Attacks, PLC Attacks

<liProofpoint reports TA416 pivoted globally, reusing delivery chains to deploy evolving PlugX backdoors against government and diplomatic targets across Europe and the Middle East – TA416 PlugX

Healthcare & Disruptions

• A cyberattack on Signature Healthcare in Brockton, Massachusetts forced ambulance diversions, canceled chemotherapy infusions and pharmacy closures while incident response teams investigate and downtime procedures remain active – Mass. Hospital, Mass. Hospital

Data Theft & Breaches

• Stolen authentication tokens from a breached SaaS integrator enabled data-theft attacks against Snowflake customers, with the ShinyHunters group claiming responsibility and extortion demands reported – Snowflake Theft

Botnets & IoT

• The evasive Masjesu DDoS botnet is targeting insecure IoT devices with new evasion techniques to build large attack fleets for volumetric disruption – Masjesu Botnet

AI & Security

• Anthropic unveiled the agentic model Claude Mythos, which autonomously found thousands of zero-days and prompted Project Glasswing and restricted preview access to limit rapid misuse – Claude Mythos
• Analysts warn AI-enabled, agentic attacks require machine-speed defensive approaches and collective agentic defenses as adversaries deploy autonomous agents like GTG-1002 and Claude Code at scale – Agentic Warfare
• Startups and research target the problem space: Trent AI raised $13M to protect AI agents and autonomous workflows, while a webinar highlights identity “dark matter” that lets AI copilots and stale tokens increase enterprise risk – Trent AI, Identity Webinar

Software & Tools

• Microsoft rolled back a server-side Bing update that broke Windows Start Menu search for some Windows 11 23H2 users and is rolling out a server-side fix to resolve the issue automatically for connected devices – Start Menu Fix
• Automated pentesting tools can hit a “PoC Cliff” and leave controls unvalidated; complementary Breach & Attack Simulation helps continuously test detection, prevention, and identity controls – Pentest Limits

Crime Stats & Policy

• The FBI reports U.S. victims lost a record $21 billion to cyber-enabled crime in 2025, with IC3 complaints topping 1 million and AI-related scams accounting for $893 million in reported losses – US Cyber Losses
• About 50 former national-security officials urged Congress to approve a clean 18-month renewal of FISA Section 702 before its expiration, warning delays could hinder intelligence capabilities – FISA Reauthorization

Cybersecurity News | Daily Recap – hendryadrian.com