Cyber security news April 2026

This posting is here to collect cyber security news in April 2026.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

35 Comments

  1. Tomi Engdahl says:

    Anthropic says its leak-focused DMCA effort unintentionally hit legit GitHub forks
    But the effort to stop the spread of leaked Claude Code client code is an uphill battle.
    https://arstechnica.com/ai/2026/04/anthropic-says-its-leak-focused-dmca-effort-unintentionally-hit-legit-github-forks/

    An Anthropic-backed DMCA effort to remove its recently leaked Claude Code client source code from GitHub this week resulted in the accidental removal of many legitimate forks of its official public code repository. While that overzealous takedown has now been reversed, Anthropic still faces an extreme uphill battle in limiting the spread of its recently leaked code.

    The DMCA notice that GitHub received late Tuesday focuses on a repository containing the leaked source code originally posted by GitHub user nirholas (archived here) and nearly 100 specifically named forks of that repository. In a note appended to that request, though, GitHub said it had acted to take down a network of 8,100 similar forked repositories because “the submitter alleged that all or most of the forks were infringing to the same extent as the parent repository.”

    That expanded takedown affected many repositories that didn’t contain leaked code but instead forked Anthropic’s official public Claude Code repository, which the company shares to encourage public bug reports and fixes. Many coders took to social media to complain about being swept up in the DMCA dragnet despite not sharing any leaked code.

    “I’m sorry that your people shipped your source code, and that your lawyers don’t know how to read a repo,” coder Robert McLaws wrote. “I will be filing a DCMA counter-notice.”

    Reply
  2. Tomi Engdahl says:

    Secret passwords and crypto payments: Inside Iran’s mysterious new ‘tollbooth system’ in the Strait of Hormuz
    Oil prices surged again on Thursday after Donald Trump dashed hopes of a swift resolution to the Middle East war
    https://www.independent.co.uk/news/world/middle-east/iran-oil-tanker-strait-hormuz-tollbooth-crypto-b2950686.html

    Reply
  3. Tomi Engdahl says:

    https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/?fbclid=IwdGRjcAQ-VAZjbGNrBD5T_GV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHn98Oh0zYGnfqq4wjgWQCL-PzcyhlQKjwaEsyzaUmOuRdk8vMOS5vpOYUeOz_aem_y8URbBDhCIfXRqINXpm0iw

    Reply
  4. Tomi Engdahl says:

    https://www.tomshardware.com/tech-industry/artificial-intelligence/iran-claims-it-has-hit-oracle-data-center-in-dubai-amazon-data-center-in-bahrain-country-has-threatened-to-attack-nvidia-intel-and-others-too

    Reply
  5. Tomi Engdahl says:

    Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
    https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html

    Reply
  6. Tomi Engdahl says:

    https://www.helpnetsecurity.com/2026/03/31/hottest-cybersecurity-open-source-tools-of-the-month-march-2026/

    Reply
  7. Tomi Engdahl says:

    https://hackaday.com/2026/03/25/the-most-secure-modern-computer-might-be-a-mac/

    Reply
  8. Tomi Engdahl says:

    Meta has “indefinitely” paused all work with AI recruiting startup Mercor after a breach that attackers claim exposed several terabytes of data.

    Meta suspends work with Mercor after security breach
    https://cybernews.com/tech/meta-suspends-work-with-mercor-after-security-breach/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwVERDUAQ_MC9leHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR4e93JlWYH06LuWsUwhn94x9UVGQ4_AeqmmpAZkX46JNsf0JVG7a7dsuosjlg_aem_shmGkLIS6gy7IJD_7B4aIA

    Meta has “indefinitely” paused all work with AI recruiting startup Mercor after a breach that attackers claim exposed several terabytes of data.

    Two sources confirmed the news to WIRED, adding that the pause is indefinite. Contractors who depended on those Meta projects cannot log hours until, or if, they resume, which could effectively mean they’re out of work. Internal conversations reviewed by WIRED suggest that the company is looking for additional projects for those affected.

    Mercor contractors have reportedly not been told why their Meta projects were being paused.

    Several other AI labs are also re-evaluating their relationship with Mercor as it investigates the incident, said people familiar with the matter.

    The $10 billion AI startup Mercor supplies major AI companies like OpenAI, Meta, and Anthropic with specialized contractors to train and evaluate AI models. However, details about the specific projects and tasks involved are rarely disclosed amid heightened competition between tech giants.

    A spokesperson told WIRED that OpenAI is investigating how its proprietary training data may have been exposed in the breach, adding that no user data has been affected. OpenAI has not paused its projects with Mercor.

    On March 31st, Mercor confirmed the breach in a staff email: “There was a recent security incident that affected our systems along with thousands of other organizations worldwide.”

    The company said it was impacted by a supply chain attack involving LiteLLM, a popular Python library used by AI developers, which was recently infected with credential harvesting malware. An attacker known as TeamPCP took credit for the breach, alleging it accessed 300GB of data from over 500,000 compromised systems.

    Reply
  9. Brian Wood says:

    Man, it’s wild how much the cybersecurity landscape has shifted just in the first few days of April. Seeing those massive supply chain vulnerabilities pop up again makes me realize how fragile our “secure” systems actually are when one small piece of the puzzle goes sideways. It’s a constant cat-and-mouse game where the bad actors only have to be right once, while the rest of us have to be right every single second of the day. Honestly, reading through these updates is a bit of a wake-up call to finally go through and double-check all those “set it and forget it” security settings I haven’t looked at in months.

    Reply
  10. Tomi Engdahl says:

    Russian government hackers broke into thousands of home routers to steal passwords
    https://techcrunch.com/2026/04/07/russian-government-hackers-broke-into-thousands-of-home-routers-to-steal-passwords/

    A group of Russian government hackers have hijacked thousands of home and small business routers around the world as part of an ongoing campaign aimed at redirecting victim’s internet traffic to steal their passwords and access tokens, security researchers and government authorities warned on Tuesday.

    This is the latest tactic by the long-running Russian hacking group known as Fancy Bear, or APT 28, known for its high-profile hacks and spying operations, including the breach of the Democratic National Committee in 2016 and the destructive hack that hit satellite provider Viasat in 2022. Fancy Bear is widely believed to be part of Russia’s intelligence agency GRU.

    The hacking group targeted unpatched routers made by MikroTik and TP-Link using previously disclosed vulnerabilities according to the U.K. government’s cybersecurity unit NCSC and Lumen’s research arm Black Lotus Labs, which released new details of the campaign Tuesday.

    According to the researchers, the hackers were able to spy on large numbers of people over the course of several years by compromising their routers, many of which run outdated software, leaving them vulnerable to remote attacks without their owners’ knowledge.

    Reply
  11. Tomi Engdahl says:

    Kotireitittimen asianmukainen suojaaminen on tärkeä toimenpide taistelussa kybervakoilua vastaan.
    https://www.iltalehti.fi/digiuutiset/a/031cf2c1-103f-4cf8-bf44-f40b1d6dcebf

    Reply
  12. Tomi Engdahl says:

    Mike Cherney / Wall Street Journal:
    A look at a global scramble to protect submarine cables vulnerable to potential sabotage, as new monitoring tech like distributed acoustic sensing is developed

    Inside the Race to Protect Submarine Cables From Sabotage
    U.S. and allies turn to tech, patrols and new routes to defend crucial underwater infrastructure against Russia and China
    https://www.wsj.com/tech/inside-the-race-to-protect-submarine-cables-from-sabotage-c90ba18c?st=LKoi9Z&reflink=desktopwebshare_permalink

    Reply
  13. Tomi Engdahl says:

    Isaac Yee / CNN:
    A hacker claims to have stolen 10PB+ of data, including classified defense docs and missile schematics, from China’s National Supercomputing Center in Tianjin — A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics …
    https://edition.cnn.com/2026/04/08/china/china-supercomputer-hackers-hnk-intl

    Reply
  14. Tomi Engdahl says:

    Thomas L. Friedman / New York Times:
    Mythos Preview’s hacking ability is not a publicity stunt; sources say tech companies privately spoke to Trump officials about the implications for US security

    Anthropic’s Restraint Is a Terrifying Warning Sign
    https://www.nytimes.com/2026/04/07/opinion/anthropic-ai-claude-mythos.html?unlocked_article_code=1.ZVA.Tz7m._0Ovd2LctbWs&smid=re-nytopinion

    Normally right now I would be writing about the geopolitical implications of the war with Iran, and I am sure I will again soon. But I want to interrupt that thought to highlight a stunning advance in artificial intelligence — one that arrived sooner than expected and that will have equally profound geopolitical implications.

    The artificial intelligence company Anthropic announced Tuesday that it was releasing the newest generation of its large language model, dubbed Claude Mythos Preview, but to only a limited consortium of roughly 40 technology companies, including Google, Broadcom, Nvidia, Cisco, Palo Alto Networks, Apple, JPMorganChase, Amazon and Microsoft. Some of its competitors are among these partners because this new A.I. model represents a “step change” in performance that has some critically important positive and negative implications for cybersecurity and America’s national security.

    Reply
  15. Tomi Engdahl says:

    Ryan Gallagher / Bloomberg:
    The UK says Russia-linked hacking group APT28 is hijacking popular internet routers from MikroTik, TP-Link, and others to steal credentials and redirect traffic

    https://www.bloomberg.com/news/articles/2026-04-07/russia-linked-hackers-hijack-routers-to-steal-passwords-uk-says

    Reply
  16. Tomi Engdahl says:

    Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long

    Hackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict.

    https://www.securityweek.com/shaky-ceasefire-unlikely-to-stop-cyberattacks-from-iran-linked-hackers-for-long/

    Reply
  17. Tomi Engdahl says:

    FBI: Cybercrime Losses Neared $21 Billion in 2025

    The FBI received over 1 million complaints of malicious activity in 2025, with investment, BEC, and tech support scams causing the highest losses.

    https://www.securityweek.com/fbi-cybercrime-losses-neared-21-billion-in-2025/

    Reply
  18. Tomi Engdahl says:

    Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption

    Signature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack.

    https://www.securityweek.com/massachusetts-hospital-diverts-ambulances-as-cyberattack-causes-disruption/

    Reply
  19. Tomi Engdahl says:

    The Human IOC: Why Security Professionals Struggle with Social Vetting

    Applying SOC-level rigor to the rumors, politics, and ‘human intel’ can make or break a security team.

    https://www.securityweek.com/the-human-ioc-why-security-professionals-struggle-with-social-vetting/

    Reply
  20. Tomi Engdahl says:

    How to 10x Your Vulnerability Management Program in the Agentic Era

    The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation.

    https://www.securityweek.com/how-to-10x-your-vulnerability-management-program-in-the-agentic-era/

    Reply
  21. Tomi Engdahl says:

    The New Rules of Engagement: Matching Agentic Attack Speed

    The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural

    https://www.securityweek.com/the-new-rules-of-engagement-matching-agentic-attack-speed/

    Reply
  22. Tomi Engdahl says:

    The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust

    Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue.

    https://www.securityweek.com/the-next-cybersecurity-crisis-isnt-breaches-its-data-you-cant-trust/

    There is a perceptible shift in how risk is seen across the organization. Data integrity is no longer only about keeping data safe; it’s also about data trust. Organizations are asking themselves, “Can we trust our data?”

    In a new era shaped by AI-driven decisions, that question is difficult to answer, and it increasingly has operational significance. Even a minuscule change in training data can significantly increase the likelihood of inaccurate or harmful AI outputs. Organizations have built an operational framework where all decision-making, whether financial, operational, or strategic, is governed by data.

    Data distortion, therefore, becomes a very clear and present integrity problem.

    Reply
  23. Tomi Engdahl says:

    Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw

    Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access,

    https://www.securityweek.com/why-agentic-ai-systems-need-better-governance-lessons-from-openclaw/

    Reply
  24. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18761-nyt-data-pysyy-salattuna-myoes-pilvessae

    Ohiolainen Niobium tuo markkinoille uudenlaisen pilvialustan, jossa dataa voidaan käsitellä ilman, että sitä koskaan puretaan salauksesta. The Fog -niminen palvelu on nyt yksityisessä beeta-vaiheessa, ja sen julkinen julkaisu on suunniteltu tämän vuoden toiselle neljännekselle.

    Alusta perustuu Fully Homomorphic Encryption -tekniikkaan, jonka idea on yksinkertainen mutta pitkään käytännössä hankala: laskenta tehdään suoraan salatulla datalla. Näin dataa ei tarvitse missään vaiheessa avata edes palveluntarjoajalle.

    Käytännössä tämä tarkoittaa, että pilvipalvelu ei näe asiakkaan dataa lainkaan. Avaimet pysyvät datan omistajalla, eikä edes palvelun tarjoaja pääse käsiksi sisältöön. Samalla voidaan kuitenkin ajaa sovelluksia, analytiikkaa ja tekoälymalleja normaalisti.

    Niobiumin ratkaisu ei ole pelkkä kiihdytinpiiri, vaan kokonainen alusta. The Fog yhdistää FPGA-pohjaisen laskentakiihdytyksen, kehittäjätyökalut ja pilviympäristön yhdeksi palveluksi. Yrityksen mukaan FHE-laskenta toimii sen mistic Core -kiihdyttimellä jopa kaksinkertaisella suorituskyvyllä verrattuna GPU-pohjaisiin ratkaisuihin.

    Reply
  25. Tomi Engdahl says:

    Venäjällä operaatio Atlantilla – Britannian sotalaivat matkaan
    Kolme venäläistä sukellusvenettä havaittiin merenalaisten kaapelien lähettyvillä.
    https://www.iltalehti.fi/ulkomaat/a/f8618dbf-a684-4dbf-91ce-79774e1fdbec

    Britanniassa epäillään, että sukellusveneoperaation tarkoitus oli vahingoittaa maan merenalaisia kaapeleita, yleisradioyhtiö BBC uutisoi.

    Venäläiset sukellusveneet liikkuivat Britannian aluevesillä yli kuukauden ajan, kertoo uutistoimisto Reuters.

    Britannia lähetti sota-aluksia estämään Venäjän mahdolliset tihutyöt, kertoo Britannian puolustusministeri John Healey.

    – Presidentti Putin, me näemme teidät, Healey sanoi ja varoitti Venäjää, että maan infrastruktuurin vahingoittamispyrkimyksillä olisi vakavat seuraukset.

    UK says Russia ran submarine operation over cables and pipelines
    https://www.bbc.com/news/articles/cre13qn9z7do

    Three Russian submarines conducted a “covert” operation over cables and pipelines in waters north of the UK, Defence Secretary John Healey said.

    A British warship and aircraft were deployed to deter the “malign” activity by Moscow and there was “no evidence” of any damage to UK infrastructure in the Atlantic, he added.

    Addressing Russian President Vladimir Putin directly, Healey said: “We see you. We see your activity over our cables and our pipelines, and you should know that any attempt to damage them will not be tolerated and will have serious consequences.”

    Reply
  26. Tomi Engdahl says:

    Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
    https://www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/?fbclid=IwdGRjcARGAA1leHRuA2FlbQIxMQBzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6sLyx3347xf3idVKMKZt5XbsJnVWdZ6rorP9xpV56mWJI34mRyJsaG55jQ-g_aem_5ayBmYCOWHXtsG8J8wDE-g

    The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation.

    According to a joint advisory issued by multiple U.S. federal agencies on Tuesday, Iranian state-backed hacking groups have been targeting Rockwell Automation/Allen-Bradley PLC devices since March 2026, causing operational disruptions and financial losses.

    “Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel,” the authoring agencies warned.

    “The FBI identified that this activity resulted in the extraction of the device’s project file and data manipulation on HMI and SCADA displays.”

    “Censys data identifies 5,219 internet-exposed hosts globally responding to EtherNet/IP (EIP) and self-identifying as Rockwell Automation/Allen-Bradley devices,” Censys said.

    “The United States accounts for 74.6% of global exposure (3,891 hosts), with a disproportionate share on cellular carrier ASNs indicative of field-deployed devices on cellular modems.”

    ​To defend against these ongoing attacks, network defenders are advised to secure PLCs using a firewall or disconnect them from the Internet, scan logs for signs of malicious activity, and check for suspicious traffic on OT ports (especially when it originates from overseas hosting providers).

    Admins should also enforce multifactor authentication (MFA) for access to OT networks, keep all PLC devices up to date, and disable unused services and authentication methods.

    This ongoing campaign follows similar attacks from nearly three years ago, when a threat group affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) and tracked as CyberAv3ngers targeted vulnerabilities in U.S.-based Unitronics operational technology (OT) systems.

    Reply
  27. Tomi Engdahl says:

    This makes them easy targets for other hackers. Learn more: https://cnews.link/north-korean-hackers-123456-passwords-easy-targets/

    #hack

    Reply
  28. Tomi Engdahl says:

    An amendment to the Crime and Policing Bill will be debated next week

    Tech bosses could face jail for failing to remove revenge porn from websites
    An amendment to the Crime and Policing Bill will be debated next week
    https://www.independent.co.uk/news/uk/politics/revenge-porn-law-labour-jail-b2955232.html?fbclid=IwdGRjcARGA-1jbGNrBEYDy2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHnBpeI40dRuPmRkMKfASPtTEGtTQMD5nuTBRRXUeozxsHgUQYppXfuYbiRZr_aem_FOYu6Q7v6oYmv8ArGf-DWg

    Tech executives could face personal liability, including imprisonment or fines, if their platforms fail to remove revenge porn when it is reported.

    New government proposals would hold bosses accountable if their companies do not comply with Ofcom’s enforcement decisions regarding such content, provided there is no reasonable excuse.

    UK

    Reply
  29. Tomi Engdahl says:

    https://www.facebook.com/share/p/1CgZc4aJmn/

    This research paper, “Hiding an Ear in Plain Sight,” exposes a startling privacy vulnerability in Fiber-to-the-Home (FTTH) networks. While optical fibers are prized for their immunity to electromagnetic interference and low signal loss, the authors demonstrate a critical side channel that allows for acoustic eavesdropping.

    Attackers with access to just one end of a telecom fiber can use commercially available Distributed Acoustic Sensing (DAS) systems to detect sound-induced vibrations along the cable. However, because bare fibers lack sufficient sensitivity to airborne sound, the team introduces a “Sensory Receptor” that dramatically improves acoustic capture.

    Their results show the ability to reconstruct private conversations, identify human activities, and even localize speakers indoors-all through passive monitoring of fiber optic infrastructure. This side-channel attack effectively transforms the backbone of modern internet connectivity into a long-range listening device.

    The paper raises urgent privacy concerns for residential and commercial buildings wired with fiber optics, warning that the very infrastructure enabling high-speed communications may inadvertently expose our most private acoustic environments to undetectable remote surveillance.

    Source: CyberSecurityNews

    Reply
  30. Tomi Engdahl says:

    https://cybersecuritynews.com/fiber-optic-cables-microphones/amp/?fbclid=IwVERDUARGOpFleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6c0_TEilfeSZd4A3l_e3CgGqzmvD6qrL6KAlxh7vlPuDjsjXaMPcX_ZX7F_g_aem_o5pjRLGJkntUzXqUIicGww

    Reply
  31. Tomi Engdahl says:

    Who watches the watchers,
    who hacks the hackers?

    FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’
    The designation suggests the hackers successfully compromised swathes of sensitive data stored directly on FBI systems.
    https://www.politico.com/news/2026/04/01/fbi-hack-surveillance-system-major-incident-00854237?fbclid=IwY2xjawRG9rdleHRuA2FlbQIxMQBzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6lKXDvoiuaadsIeURg3GLQZ_sN14ESWkeQ_SLS57fCLfOIE-aEJxNu6bpfpw_aem_7H1du4TtEWunSzgbCRyenA

    The FBI last week deemed a recent China-linked cyber intrusion into a sensitive agency surveillance system a “major incident,” meaning it poses significant risks to U.S. national security, according to one congressional aide and two U.S. officials with knowledge of the matter.

    The bureau first told Congress on March 4 that it was investigating suspicious activity on an internal agency system that contained “law enforcement sensitive information.” The FBI did not publicly identify who was behind the activity at the time, but POLITICO previously reported that China is suspected.

    Reply
  32. Tomi Engdahl says:

    https://www.igorslab.de/en/warning-cpuid-suspected-of-being-a-virus-suspicious-hwmonitor-downloads-are-causing-alarm/?fbclid=IwdGRjcARG-B9jbGNrBEb4DWV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHlSw8fZlnPVwmZS9whSfLFb20eF2ksmYNPmga8auE7sh8QReky3vGsGbqKc8_aem_JuPE-zNxA8pZYscY03hmDw

    Reply
  33. Tomi Engdahl says:

    Users report that the CPUID website has been compromised: https://cnews.link/cpuid-hwmonitor-hwinfo-cpuz-deliver-malware/

    Reply
  34. Tomi Engdahl says:

    https://kinsta.com/blog/website-downtime-hidden-costs/

    Reply
  35. Tomi Engdahl says:

    Thousands of consumer routers hacked by Russia’s military
    End-of-life routers in homes and small offices hacked in 120 countries.
    https://arstechnica.com/security/2026/04/russias-military-hacks-thousands-of-consumer-routers-to-steal-credentials/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*