Snowflake is enhancing its open data strategy by adding Iceberg V3 support and a governance portability plan to reduce data movement and improve AI data access. The company is focusing on data autonomy, enabling organizations to access, govern, and analyze data across multiple platforms without proprietary system constraints.
Russian hacking group targets home and small office routers to spy on users | Malwarebytes
A Russian military-linked hacking group, known as APT28, is conducting a widespread cyber espionage campaign by compromising home and small office routers to spy on users and steal sensitive information. The group manipulates DNS settings to redirect traffic through their own servers, enabling them to harvest credentials and intercept cloud traffic, with over 200 organizations and 5,000 consumer devices identified as impacted.
Social engineering attacks on open source developers are escalating - Help Net Security
Social engineering attacks targeting open source developers are escalating, with North Korean hackers recently tricking a maintainer into installing malware by impersonating a company and using a fake software update. OpenSSF warns of similar campaigns using Slack and cloned identities to lure developers into downloading malware or visiting phishing pages, emphasizing the need to verify identities and communication channels.
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption - SecurityWeek
Signature Healthcare in Brockton, Massachusetts, has diverted ambulances and canceled chemotherapy infusion services due to a cyberattack that caused significant disruptions. While inpatient care and walk-in emergency services remain open, the healthcare organization has not confirmed a ransomware attack, and the attackers' motives remain unclear.
Q-Day is Coming: Are Canadian Telecoms Ready for Quantum?
The Humanitek 2026 conference revealed that Canadian telecom networks face an imminent threat from quantum computing, dubbed Q-Day, which could break current encryption. This necessitates a massive hardware update of physical infrastructure, moving beyond software patches to solutions like Quantum Key Distribution (QKD). A key challenge is extending QKD’s effective range beyond 100 kilometers, a race Canada’s tech sector is actively pursuing to ensure data sovereignty and national security.
Iran-Linked Hackers Launch Password Spray Campaign Against Microsoft 365 Tenants in Middle East
An Iran-linked threat actor has launched a password spray campaign targeting Microsoft 365 tenants in the Middle East, primarily focusing on Israel and the UAE. The attackers exploit weak passwords and exposed cloud accounts to gain access to sensitive data and tools, bypassing traditional malware defenses. The campaign involved multiple waves and utilized techniques like Tor exit nodes and commercial VPNs to obscure their origin and activity.
Support platform breach exposes Hims & Hers customer data | Malwarebytes
Telehealth company Hims & Hers is notifying customers of a data breach affecting its customer service platform, where hackers accessed or stole support ticket data between February 4 and February 7. The exposed information may include names and contact details, though medical records were reportedly not compromised, with the ShinyHunters gang suspected to be behind the attack.
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks | CSO Online
Microsoft warns that the Storm-1175 cybercrime group, linked to Medusa ransomware, is accelerating attacks by exploiting vulnerable web-facing systems and sometimes using zero-day flaws, reducing the time from initial access to ransomware deployment to under 24 hours. This rapid pace challenges traditional detection and response models, highlighting the need for proactive attack surface reduction and faster patching of internet-exposed assets.
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems - SecurityWeek
The Medusa ransomware group, operating as a ransomware-as-a-service, has been rapidly exploiting vulnerabilities, including zero-days, to breach over 300 organizations, particularly in critical infrastructure, and employs double extortion tactics. Microsoft highlights their swift operational tempo, often moving from initial access to post-compromise operations within days or hours, and their proficiency in weaponizing newly disclosed vulnerabilities.
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
The Flowise AI Agent Builder is actively being exploited due to a critical CVSS 10.0 remote code execution vulnerability (CVE-2025-59528), affecting over 12,000 exposed instances. This flaw allows attackers to execute arbitrary JavaScript code, leading to potential system compromise and data exfiltration.
Security breach at European Commission impacts 30 EU institutions | DigitalShield
The European Commission experienced a significant security breach impacting at least 30 EU institutions, with the cybercriminal group TeamPCP identified as responsible for the initial intrusion and data theft via compromised AWS credentials. Subsequently, the ShinyHunters group claimed the hack and threatened to leak the stolen data, which included personal contact information and sensitive documents.
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
A disgruntled researcher has leaked the BlueHammer Windows zero-day exploit due to dissatisfaction with Microsoft’s handling of the disclosure, allowing attackers to gain SYSTEM or elevated administrator permissions. While the exploit code has been released publicly, it may contain bugs and is not guaranteed to work reliably on all Windows versions.
teiss - News - Jones Day confirms data breach after hackers leak client files online
Major U.S. law firm Jones Day confirmed a data breach after hackers published unauthorized client files online. The incident involved unauthorized access to client-related files, with hackers leaking materials publicly.
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
The Qilin and Warlock ransomware operations are employing a Bring Your Own Vulnerable Driver (BYOVD) technique to disable over 300 Endpoint Detection and Response (EDR) tools. This method uses vulnerable drivers to gain kernel-level access, allowing them to terminate security processes and evade detection, with Qilin being particularly active and Warlock exploiting unpatched Microsoft SharePoint servers.
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
A critical flaw in Anthropic’s Claude Code AI agent allows security rules to be bypassed by padding commands with harmless subcommands, potentially leading to data exfiltration. Anthropic has released a patch, Claude Code v2.1.90, but users are advised to treat deny rules as unreliable and restrict the AI’s privileges.
Google Wants to Transition to Post-Quantum Cryptography by 2029 - Schneier on Security
Google plans to fully transition to post-quantum cryptography by 2029, a move praised for enhancing crypto-agility regardless of the timeline for useful quantum computers. This initiative aims to bolster security against future quantum computing threats.
North Korean Hackers Pose as Trading Firm to Steal $285M from Drift
North Korean hackers, identified as UNC4736, infiltrated Drift Protocol by posing as a legitimate trading firm for six months, ultimately stealing $285 million. The group used social engineering tactics, including building trust through face-to-face meetings and a $1 million deposit, to trick staff into compromising security and executing the heist.
Hackers Compromised ILSpy WordPress Domain to Deliver Malware
Hackers compromised the ILSpy WordPress domain on April 6, 2026, redirecting developers to a malicious site that prompted them to install a dangerous browser extension to deliver malware. The compromised site was later taken offline, but the incident highlights the ongoing threat of supply chain attacks targeting developers.
Fake Claude Code source downloads actually delivered malware • The Register
Tens of thousands of users downloading the leaked Claude Code source code were exposed to malware, including Vidar and GhostSocks, which steal credentials and proxy network traffic. Malicious GitHub repositories disguised as the legitimate Claude Code source have been used as a lure by attackers to distribute these threats.
Iran allows 15 ships through Strait of Hormuz
Despite ongoing conflict, Iran has allowed 15 ships to pass through the Strait of Hormuz in a 24-hour period, a significant increase though still far below the historical average. Over 40 nations are increasing diplomatic pressure to unblock the strait, while the US President issues threats.
Exclusive: Cuddly toy maker Charlie Bears allegedly hacked - Cyber Daily
The LockBit ransomware operation has allegedly hacked Charlie Bears, a popular cuddly toy maker, listing the company as a victim on its darknet leak site. The leaked data includes employee information, training documents, inventories, and novelty bear passports, with the breach impacting the Australian operation.
Attackers hijack Axios npm account to spread RAT malware
Attackers hijacked the Axios npm account to distribute RAT malware by publishing malicious package updates. Developers who installed compromised versions (1.14.1 and 0.30.4) should assume their systems are compromised, as the malware targets Linux, Windows, and macOS.
No, Iranian hackers didn’t leak a video of the FBI’s Kash Patel dancing - Truth or Fake - France 24
The Truth or Fake show debunks a viral Bollywood dance video falsely linked to a hack of FBI Director Kash Patel’s emails by an Iranian-linked group. The video, unrelated to Patel, has been circulating online since at least 2020.
Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project | TechCrunch
AI recruiting startup Mercor has confirmed a cyberattack linked to a compromise of the open source project LiteLLM, potentially affecting thousands of companies. The extortion hacking group Lapsus$ has claimed responsibility for targeting Mercor and accessing its data, though the exact connection between the two incidents remains unclear.
Rogers and Fido Confirm Data Breach Affecting Customer Information | iPhone in Canada
Rogers and Fido have confirmed a data breach that resulted in unauthorized access to customer information, including names, contact details, and account numbers. The companies stated that more sensitive data like social insurance numbers and financial information were not compromised, but the full scope of affected customers is still under investigation.