April 4, 2026

Hello all,

I wish you a Happy Easter and Passover. I pray that it is a peaceful and enjoyable one. If you’ve been affected by the Iran conflict, I truly feel for you. There have been some serious cyber disruptions this past week with Iran damaging Amazon and Oracle datacenters in Bahrain and Dubai, and also threatening Dell, Intel, Nvidia, and more. Thankfully, so far, there have been no new publicized reports of massive successful Iranian cyber warfare.

Headline NEWS:

• Cisco Patches critical defects in Integrated Management Controller (IMC) and Smart Software Manager On-Prem (SSM On-Prem), again. This is getting a bit old. It seems that Cisco is in the news about every week now with more patches. This newly found defect can allow for unauthenticated remote authentication and permission elevation and exists in 5000 Series Enterprise Network Compute Systems, Catalyst 8300 Series Edge uCPE, UCS C-Series M5 and M6 Rack Servers in standalone mode, UCS E-Series Servers M3, and UCS E-Series Servers M6. Thankfully, these vulnerabilities are not known to be under exploitation yet, so patch soon.
• Google Chrome Zero-Day, under active exploitation. Google has released an updated version and customers are advised to update their browsers immediately to mitigate this flaw and 21 other vulnerabilities that were addressed. CISA has ordered all federal agencies to update Chrome by April 15. Expect that other chromium-based browsers will be updating soon as well. I highly recommend that you restart your browser at least once a week to keep up with the pace of updates that are being released.
• Fortinet patched an actively exploited vulnerability in FortiClient EMS. This zero-day is a pre-authentication bypass using the API and can result in privilege escalation. If you use this, apply the hotfix quickly since exploitation has been ongoing since at least March 31. Didn’t we just patch this product a couple of week ago? Why can’t vendors get this right?
• NASA launched the historic Artemis II mission and almost immediately Microsoft Outlook had problems onboard the spacecraft. I wonder if they put in a trouble ticket to their managed service provider? Do they charge by distance? That would have been an interesting service call if it required an onsite. “Hello Artemis, initiating docking procedures now. Please standby while Integris 3 attaches. Transferring technician now…” And I guess someone aboard needs remedial security training, because he exposed his PIN for all the world to see on a live video feed when he unlocked his handheld tablet.

In Ransomware, Malware, and Vulnerabilities News:

• Anthropic accidentally leaked the source code for Claude Code. In a move that is already having some serious knock-on effects, Anthropic messed up big time when they published a JavaScript source map file to the npm registry, which was subsequently cloned thousands of times around GitHub so that it could be scrutinized by others. At least one vulnerability has already been discovered in how subcommands are processed, and dozens of fake “source code” files, that are actually malware, are now publicly available on the internet. If you’re planning to play with the source code, triple check your download or you might get a nasty surprise instead.

In Other News Events of Note and Interest:

• Psychology suggests if you still write things down on paper instead of your phone you aren’t resisting progress. I am one of those seeming luddites that keeps a college ruled notebook on my desk and writes things down that I want to remember or need to do. This article about this topic was excellent validation that my method isn’t madness but instead its rooted squarely in science and makes me a better listener. As the article explains, the process of handwriting is slower, there is no way to record everything said, so you must actively listen, synthesize and summarize in order to capture what is relevant. It forces your brain to do “deep encoding, where you’re not just recording information but actively processing and reorganizing it as you write”, forcing thinking now rather than “record and think later”. So, grab a notebook and pull out a pen or pencil. It may revolutionize your world.

Musings

This Friday NASA launched a historic mission of once again sending astronauts out to the moon and back. It is amazing to think of the primitive technology that was used the first time this was done, 57 years ago when the Apollo 8 crew orbited the moon. Look where we are now. Despite the constant cyber-attacks, real-word chaos and violence, news such as the Artemis II mission remind us that humanity does have its sight set on the stars, and if we defenders continue to do our jobs well, then we can get there!

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
• New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
• Fortinet Patches actively exploited vulnerability in FortiClient EMS
• Apparently you can’t escape Microsoft Outlook issues even in space as Artemis II astronauts ask NASA for help with the software
• NASA astronauts prove that sending an email really is rocket science
• Artemis II Security Breach: Astronaut Enters Tablet PIN On Livestream 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
• FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’
• Commanders now responsible for cybersecurity training after Army cuts online course requirement to once every 5 years
• Iran puts tech firms on notice in Middle East
• Iran says it has struck Oracle data center in Dubai, Amazon data center in Bahrain — country has threatened to attack Nvidia, Intel, and others, too
• Iranian missile blitz takes down AWS data centers in Bahrain and Dubai — Amazon reportedly declares “hard down” status for multiple zones
• Alleged RedLine malware developer extradited to United States
• Vulnerabilities and Exploits
• AXIOS supply chain attack
• Mitigating the Axios npm supply chain compromise
• Hackers compromise Axios npm package to drop cross-platform malware
• North Korean hackers linked to Axios npm package compromise
• Drift loses $280 million North Korean hackers seize Security Council powers
• Claude Code’s source code appears to have leaked: here’s what we know
• Critical Vulnerability in Claude Code Emerges Days After Source Leak
• Fake Claude Code source downloads actually delivered malware
• Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
• Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
• Critical Fortinet FortiClient EMS bug under active attack
• 2026 SonicWall Cyber Protect Report
• Security boffins harvest bumper crop of API keys from web
• Apple issues urgent lock screen warnings for unpatched iPhones and iPads
• US national laboratories lead multi-agency push for solar cybersecurity standards
• Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues
• Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover
• MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell
• OpenAI ChatGPT fixes DNS data smuggling flaw
• Vim Modeline Bypass Vulnerability Let Attackers Execute Arbitrary OS Commands
• AI Is Eliminating the Window To Respond to Cyberattacks
• Claude Code bypasses safety rule if given too many commands
• New Rowhammer attacks give complete control of machines running Nvidia GPUs
• Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
• OpenSSH 10.3 Fixes Shell Injection and Multiple SSH Security Issues
• ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
• Phishing, Malware, and similar
• Apple counters ClickFix attacks with macOS Terminal warning
• Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks
• Cyberattacks are on the rise — here’s how to protect yourself
• New widespread EvilTokens kit: device code phishing as-a-service
• New EvilTokens service fuels Microsoft device code phishing attacks
• Residential proxies evaded IP reputation checks in 78% of 4B sessions
• New CrystalRAT malware adds RAT, stealer and prankware features
• Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
• Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs
• UK manufacturers under cyber fire with 80% reporting attacks
• TeamPCP Breaches Cloud, SaaS Instances with Stolen Credentials
• Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates
• Breaches, Leaks, and Ransomware
• Google Workspace Updates: Ransomware detection and file restoration for Google Drive now generally available
• Employee Data Breaches Surge to Seven-Year High
• Hackers steal EU Commission cloud data
• Second data breach at European Commission this year leaves open questions over resilience
• FBI, DHS investigating cyberattack in southern Indiana, county sheriff’s office says
• OkCupid gave 3 million dating-app photos to facial recognition firm, FTC says
• Stats SA confirms data breach as hackers demand R1.7m ransom
• Healthcare IT Platform CareCloud Probing Potential Data Breach
• Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
• Twin cybersecurity incidents leave AI industry shaken
• Hasbro says it was hacked, and may take ‘several weeks’ to recover
• Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
• Lloyds Data Security Incident Impacts 450,000 Individuals
• Operation Storming Tide: A massive multi-stage intrusion campaign
• Who Runs Cl0p? Inside the Most Elusive Ransomware Operation in the World
• Hims & Hers warns of data breach after Zendesk support ticket breach
• Alleged Adobe breach exposes customer support tickets​
• Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals 

Other News Events of Note and Interest

• Cool Tool: Foxit flags hidden security risks in PDFs with new tool
• What Happens in the Brain When You Experience Art
• What I Learned From Nearly 1,000 Interviews at Amazon
• RSAC 2026 is back, and the certificate automation gap is impossible to ignore
• Transform your headphones into a live personal translator on iOS
• Apple confirms Mac Pro is discontinued after two decades
• How INTERPOL and Fortinet Are Scaling Global Cybercrime Ops
• FCC’s Router Ban Quietly Places an Expiration Date on Home Internet Security
• Your router is about to stop getting security updates – here’s what to do
• Why can’t we have nice routers anymore?
• Which Brands Will Be Hardest Hit by FCC’s Foreign Router Ban? Here’s the List
• Google is now letting users in the US change their Gmail address
• Google Workspace Updates: Introducing guest accounts
• Google partners with Back Market to distribute ChromeOS Flex
• Galaxy Watch users in the US can finally track their blood pressure – if you have a Samsung phone
• Proton just launched a Google Workspace alternative – and it’s fully encrypted
• macOS Tahoe 26.4 breaks Time Machine network backups
• The SMB Cybersecurity Struggle Is Real with Limited Resources
• The LastPass breach settlement is real. Here’s what you should know
• Psychology suggests if you still write things down on paper instead of your phone you aren’t resisting progress
• Financial Services Under Pressure: Supply Chain Risk, Regulation and Operational Resilience
• AI, LLM’s, and Skynet
• Claude Mythos – Archive
• Introducing the OpenAI Safety Bug Bounty program
• Why AI Is A Massive Job-Creation Technology, Despite What You Think
• Anthropic admits Claude Code quotas running out too fast
• Microsoft Launches Copilot Cowork in Frontier Program
• Weaponized Intelligence – Perspectives
• Secretary of the Army sees future of cyber warfare, AI integration at ARCYBER
• Threat actor abuse of AI accelerates from tool to cyberattack surface
• Microsoft
• Browser Choice Alliance slams Microsoft for latest shady Edge tactic
• Microsoft plans 100% native Windows 11 apps in major shift away from web wrappers
• Microsoft confirms Windows 11 update to modernize legacy UI, as Control Panel and other legacy features continue to live
• Microsoft says Copilot ad in GitHub pull request was a bug, not an advertisement
• Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
• Microsoft links Classic Outlook issue to email delivery problems
• Microsoft formally removes a command line tool from Windows 11 25H2, 24H2, 23H2, Windows 10
• Windows 11’s Secure Boot CA-2023 updates are failing across some PCs, exposing a wider firmware problem
• Microsoft has killed the Remote Desktop app, and its replacement’s name isn’t great
• High Volume Email reaches General Availability in Exchange Online
• Download Windows 11 25H2 ISO (offline installer), and always save a copy
• Windows 11 KB5086672 rolls out after Microsoft pulls failed March 2026 optional update
• Microsoft encourages IT admins to use Intune and “shape how Windows Update behaves”
• Microsoft confirms a new Teams feature upgrade for admins is rolling out now
• Microsoft adds useful warning about upcoming mandatory Windows 11/10 update installation
• Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
• What are passkeys and why they matter – Microsoft Support
• Windows 11 gets haptic feedback for mice and trackpads, Xbox mode, and more in new builds
• Microsoft still working to fix Exchange Online mailbox access issues