Cybersecurity News | Daily Recap [28 Apr 2026]

Cloud & Enterprise

• Microsoft will block legacy TLS 1.0 and TLS 1.1 for POP/IMAP in Exchange Online starting July 2026, while a separate outage forced some iPhone Mail users to reauthenticate after an Outlook.com service degradation. – TLS Update, Outlook Outage
• Microsoft also said new Remote Desktop warning dialogs may render incorrectly after the April 2026 updates, with overlapping text and hidden buttons on some multi-monitor setups. – RDP Warning

State-Sponsored & Espionage

• Xu Zewei, an alleged China-linked hacker tied to Silk Typhoon/HAFNIUM, was extradited from Italy to the U.S. over attacks that abused Microsoft Exchange zero-days against about 13,000 organizations and targeted COVID-19 research. – Xu Extradition, Pandemic Charges, Exchange Espionage
• Germany suspects Russia behind a Signal phishing campaign that hit around 300 officials, using a fake security chatbot to link victim accounts to attacker devices. – Signal Phish
• The U.S. Supreme Court signaled geofence location-data sweeps likely require a warrant, as justices debated whether Google-held data falls under the Fourth Amendment. – Geofence Warrant, Chatrie Case

Vulnerabilities & Exploits

• PhantomRPC exposes a new Windows local privilege escalation path that can trick services like TermService and DHCP Client into handing over System access, and there is no patch yet. – PhantomRPC
• An incomplete Windows patch left a zero-click chain exploitable via malicious LNK and HTML files, with APT28 abusing flaws tracked as CVE-2026-21513, CVE-2026-21510, and CVE-2026-32202. – Zero-Click Chain
• OpenSSH versions spanning 15 years were found vulnerable to CVE-2026-35414, a flaw that can grant full root shell access and was fixed in OpenSSH 10.3. – OpenSSH Root

Phishing & Social Engineering

• Robinhood confirmed attackers abused its account creation flow and Gmail aliasing tricks to inject malicious HTML into legitimate emails, making fake device-alert links appear inside real Robinhood notifications without a platform breach. – Robinhood Phish, Device Flaw
• Canada arrested three men behind an SMS blaster operation in Toronto, where rogue base stations pushed phishing texts that impersonated trusted organizations. – SMS Blaster
• UNC6692 is combining social engineering, malware, and cloud abuse in a multi-stage campaign that targets help desks and remote access workflows. – UNC6692

Ransomware, Data Theft & Extortion

• Medtronic confirmed a breach after ShinyHunters claimed theft of more than 9 million records, though the company says products and patient safety were unaffected. – Medtronic Breach, Medtronic Leak
• ADT said ShinyHunters breached corporate systems and exposed data affecting an estimated 5.5 million people, including names, phone numbers, and addresses. – ADT Breach
• Checkmarx confirmed repository data from its March 23 incident was posted on the dark web, with claims tied to LAPSUS$, TeamPCP, and downstream supply-chain impact. – Checkmarx Leak
• A California man was sentenced to 70 months for laundering cryptocurrency stolen by the Social Engineering Enterprise, which allegedly siphoned roughly $260 million. – Crypto Launderer

Supply Chain & Malware

• A backdoored PyPI release of elementary-data and a malicious Docker image were used to steal developer secrets and crypto wallets from a package with 1.1M monthly downloads. – PyPI Infostealer
• GlassWorm returned through 73 OpenVSX “sleeper” extensions, with 6 already activated to deliver malware to developers. – GlassWorm
• fast16, a Lua-based framework predating Stuxnet, and other attacks against browser extensions, supply chains, and remote tools highlighted an active week of malware and backdoor activity. – Weekly Recap

Privacy, Regulation & Fraud

• U.S. states issued a record $3.45 billion in privacy fines in 2025, driven by stronger laws like CCPA enforcement and increased scrutiny of AI and automation. – Privacy Fines
• The FTC said social-media scams caused over $2.1 billion in losses in 2025, with Facebook accounting for the most reports. – FTC Scams
• Tennessee became the second U.S. state to ban cryptocurrency ATMs on July 1, aiming to curb scam-driven cash-to-crypto fraud. – Crypto ATM Ban

Threat Intel & Defense

• Spectrum Security emerged from stealth with $19 million to automate upstream detection across SIEM, data lakes, and EDR platforms. – Spectrum Funding
• Google researchers reported a 32% rise in malicious AI prompt-injection incidents between November 2025 and February 2026, though most attacks remained low sophistication. – Prompt Injection
• Anthropic’s Mythos preview may speed vulnerability discovery, but teams still need closed-loop remediation and risk prioritization to avoid backlogs. – Mythos Risk
• Flare Systems and BleepingComputer will host a webinar on turning dark web and Telegram signals into actionable threat intelligence. – Threat Intel Webinar
• Airia and SecurityWeek are hosting a webinar on governed AI adoption to manage Shadow AI risks and oversight. – AI Governance

Education & Public Sector

• U.S. senators are pressing Navigate360 over a reported breach of its P3 Global Intel tip line, after hackers claimed to steal about 93 GB of sensitive student data. – Student Data

Cybersecurity News | Daily Recap – hendryadrian.com