![Cybersecurity News | Daily Recap [23 Apr 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [23 Apr 2026]")
Daily Recap, Microsoft Edge updates disrupted Teams meetings on Windows as engineers review diagnostics while Sean Plankey withdrew from consideration to lead CISA amid workforce losses and budget strain. The recap also highlights AI security advances and a surge in threat activity, including GopherWhisper using Outlook/Slack/Discord for C2, Contagious Interview and related BeaverTail, OtterCookie, and InvisibleFerret campaigns, proxy networks by Chinese actors, and patches such as Defender CVE-2026-33825 and iOS CVE-2026-28950, plus Mirai in D-Link routers, KICS/Docker Hub supply-chain issues, CanisterSprawl, Harvesterβs GoGra backdoor, and Lotus Wiper hits in Venezuela.
#GopherWhisper #ContagiousInterview #BeaverTail #OtterCookie #InvisibleFerret #GoGra #LotusWiper #TuMangaOnline #CISA #Edge #Teams
#GopherWhisper #ContagiousInterview #BeaverTail #OtterCookie #InvisibleFerret #GoGra #LotusWiper #TuMangaOnline #CISA #Edge #Teams
Platform Issues
- Microsoft said a recent Edge update broke meeting joins for some Teams users on Windows, and the current workaround is to restart the client while engineers review diagnostics and service changes β Teams Issue
CISA Leadership
- Sean Plankey withdrew from consideration to lead CISA after a prolonged Senate stall, leaving the agency under acting leadership amid roughly 30% workforce losses and continued budget strain β CISA Pick, CISA Exit
AI Security
- Research and product news highlighted the growing role of AI in security, with Qihoo 360 touting AI-assisted vulnerability discovery, OpenAI releasing Privacy Filter for local PII redaction, and LangWatch launching Scenario for automated AI red-teaming β Qihoo 360, Privacy Filter, Scenario
- Claude Mythos-related analysis also found 271 Firefox flaws, underscoring how AI-assisted scanning may increasingly shift security work toward defenders β Firefox Flaws
Threat Actor Activity
- A new China-linked group called GopherWhisper was seen abusing Outlook, Slack, and Discord for command-and-control and exfiltration, with reports tying the campaign to a Mongolian government intrusion and multiple Go backdoors β GopherWhisper, GopherWhisper II, Mongolia Hit
- North Korean operators expanded the Contagious Interview and crypto-theft playbooks, with Void Dokkaebi spreading malware through developer repos and another campaign stealing more than $12 million using BeaverTail, OtterCookie, and InvisibleFerret β Contagious Interview, Crypto Theft
- Chinese threat actors were also reported using massive proxy networks built from hijacked consumer devices to hide operations, while Dutch intelligence said Chinaβs cyber capabilities are now near parity with the US β Proxy Networks, Dutch Warning
Zero-Days & Patches
- CISA ordered federal agencies to patch a Microsoft Defender zero-day tracked as CVE-2026-33825 (CVSS 7.8) after public exploit details surfaced and attacks were observed in the wild β Defender Zero-Day, CISA Patch
- Apple fixed CVE-2026-28950 in iOS and iPadOS, a logging flaw that could preserve deleted notification data and potentially help recover Signal chats β Apple Patch, iOS Bug
- A Mirai campaign is exploiting CVE-2025-29635 in end-of-life D-Link routers to deploy the tuxnokill variant, while Kyber ransomware reportedly experimented with post-quantum encryption on Windows β Mirai Campaign, Kyber Ransomware
Supply Chain
- Researchers uncovered a supply-chain compromise involving malicious KICS Docker Hub images and related VS Code extensions, which exfiltrated scan data and delivered malware through the Bun runtime β KICS Poisoning
- A separate worm dubbed CanisterSprawl hijacked npm packages and developer tokens to self-propagate, steal secrets, and push poisoned releases across ecosystems including PyPI β npm Worm
Malware & Wipers
- Harvester deployed a Linux GoGra backdoor in South Asia using the Microsoft Graph API and Outlook mailboxes as covert command channels, with indicators pointing to activity in India and Afghanistan β GoGra Backdoor
- Attackers used a destructive wiper named Lotus Wiper against Venezuelaβs energy sector, with another report saying the campaign targeted Venezuelaβs oil and utilities infrastructure β Lotus Wiper, Energy Wiper
Fraud & Privacy
- House Republicans unveiled the Secure Data Act, a federal privacy draft that would expand user opt-outs, data portability, and FTC oversight while drawing criticism over loopholes and weaker state-law protections β Secure Data Act
- The US Supreme Court is set to weigh geofence warrants in Chatrie v. The United States, a case that could reshape how bulk location data is handled under the Fourth Amendment β Geofence Case
Arrests & Disruptions
- France arrested a suspected hacker known as HexDex in connection with about 100 breaches, including a major Compas intrusion that exposed data on roughly 243,000 employees β HexDex Arrest
- Spain dismantled a major manga piracy platform tied to Tu Manga Online, seizing more than $470,000 in hidden crypto wallets and citing over $4.7 million in ad-driven revenue β Tu Manga Online
- A cyberattack on a French government agency triggered a phishing alert, adding to the regionβs recent public-sector incident wave β French Agency