Cybersecurity News | Daily Recap [21 Apr 2026]

Daily Recap, the week featured high-profile data breaches at Vercel and ANTS, a Seiko USA Shopify data claim, and misconfigured Perforce servers exposing sensitive data from major organizations. Ransomware, crypto threats, platform abuse, and regulation dominated headlines, including BlackCat/ALPHV and Scattered Spider activity, The Gentlemen using SystemBC, Lazarus/TraderTraitor’s KelpDAO heist, FakeWallet/SparkKitty on the Apple App Store, notable CVEs like SGLang CVE-2026-5760, Google Antigravity RCE risks, BridgeBreak flaws in Silex and Lantronix, and regulatory actions by the FTC and Italy’s data-protection authority.
#Vercel #LummaStealer #Mandiant #ANTS #SeikoUSA #Shopify #Perforce #BlackCat #ALPHV #AngeloMartino #ScatteredSpider #TheGentlemen #SystemBC #Lazarus #TraderTraitor #KelpDAO #rsETH #TornadoCash #FakeWallet #SparkKitty #AppleAppStore #Cisco #Zimbra #TeamCity #ActiveMQ #SGLang #CVE-2026-5760 #GGUF #GoogleAntigravity #BridgeBreak #Silex #Lantronix #Bluesky #Ofcom #Telegram #TeenChat #ChatAvenue #X #Athr #FTC #TakeItDownAct #Grok #PosteItaliane #Postepay #ItalyDataProtectionAuthority

Vercel was breached via a compromised third-party AI tool and Lumma Stealer, with attackers accessing internal environments and a limited set of customer secrets before the company notified users and brought in Mandiant and other experts – Vercel Breach, Lumma Attack, Weekly Recap
French authorities said the ANTS portal breach may have exposed personal data from user accounts, increasing phishing and identity theft risk while investigations continue – ANTS Breach, French Agency
Seiko USA was hit by a website defacement and extortion claim alleging theft of customer data from its Shopify backend, including names, emails, and shipping details – Seiko Deface
Unsecured Perforce servers were found exposing sensitive data from major organizations, underscoring the risk of misconfigured code repositories and file sync systems – Perforce Leak

Former incident response negotiator Angelo Martino pleaded guilty to helping BlackCat/ALPHV operators extort U.S. companies by sharing victim leverage points and insurance limits – BlackCat Guilty
Tyler Robert Buchanan pleaded guilty in the U.S. for roles in Scattered Spider attacks that used SMS phishing, SIM swapping, and Telegram exfiltration to steal cryptocurrency – Spider Plea
The Gentlemen ransomware was reported using SystemBC to support bot-powered attacks and persistence – Gentlemen Ransomware

Lazarus/TraderTraitor-linked attackers stole about $290 million from KelpDAO and related rsETH flows by abusing cross-chain infrastructure, with funds laundered through Tornado Cash and multiple partners investigating – Kelp Theft, KelpDAO Heist
More than two dozen fake crypto apps in the Apple App Store were tied to FakeWallet/SparkKitty, stealing seed phrases and private keys through typosquatting and phishing – FakeWallet Apps, Apple Wallet Apps

CISA added 8 actively exploited vulnerabilities affecting Cisco, Zimbra, and TeamCity to its known exploited catalog – CISA KEV
An actively exploited Apache ActiveMQ flaw was reported to impact about 6,400 servers, highlighting ongoing internet-wide exposure – ActiveMQ Flaw
SGLang CVE-2026-5760 with a CVSS 9.8 score can enable remote code execution through malicious GGUF model files and prompt-injection payloads – SGLang RCE
Researchers disclosed a sandbox-escape bug in Google Antigravity that could turn prompt injection into RCE by abusing file creation and native search tools – Antigravity Flaw
BRIDGE:BREAK flaws in Silex and Lantronix serial-to-IP converters exposed OT and healthcare systems to unauthenticated RCE, firmware tampering, and device takeover – BridgeBreak Flaws

Bluesky said a sophisticated DDoS attack disrupted feeds, notifications, threads, and search, though service stabilized and no user-data compromise was found – Bluesky Outage, Bluesky Attack
Telegram, Teen Chat, Chat Avenue, and X are being probed by Ofcom over CSAM, grooming, and AI-generated explicit content concerns, with fines up to £18 million or 10% of global revenue possible – Ofcom Probe
Athr markets an automated voice-phishing platform that can run callback scams for $4,000 plus a cut of proceeds, using spoofed alerts and AI voice agents to steal credentials and verification codes – ATHR Scam

The FTC is expanding enforcement of the Take It Down Act to target AI-enabled harms like nonconsensual deepfakes and voice-cloning scams, with Grok among potential scrutiny targets – FTC AI Action
Poste Italiane and Postepay were fined more than €12.5 million by Italy’s data protection authority for unlawful processing of millions of users’ data through intrusive app monitoring – Italian Fine, Privacy Penalty
Coverage on stopping fraud at each stage of the customer journey emphasized reducing friction while improving identity and transaction controls – Fraud Controls
AI deployment guidance stressed that successful production rollouts require real-world testing, integration, governance, and performance measurement beyond demos – AI Deployment