// News Desk

The News Desk.

A short editorial column built off the morning cyber briefing. Each post picks a story off the daily feeds and adds the defender-side take — the bit the news write-up usually leaves to the reader. Roughly daily, sometimes less.

23 posts · newest first

03 MAY 2026 · vulnerability · ransomware · 3 min

cPanel CVE-2026-41940 mass-exploited — 44,000 servers hit by 'Sorry' ransomware An auth-bypass flaw in cPanel and WHM, exploited as a zero-day since February, has now been turned into a mass ransomware campaign. Shadowserver counts 44,000 compromised IPs.
02 MAY 2026 · nation state · crypto · 4 min

76% of stolen crypto in 2026 is now in North Korea Three heists, eighteen days, $575M to Pyongyang. TRM Labs says 76% of stolen crypto in 2026 is now funding North Korea, and AI is collapsing the social-engineering ramp.
30 APR 2026 · policy · financial services · 5 min

Japan's FSA scrambles over Anthropic's Mythos. Practitioners say the panic is overblown. Japan's finance minister, central-bank governor and the three megabank presidents have stood up an emergency working group on Anthropic's Mythos. The practitioner read is calmer.
30 APR 2026 · fraud · identity · 4 min

Lviv arrests three over 610,000-account Roblox hijack ring. The infostealer pipeline is the story. Ukrainian prosecutors and the SBU have arrested three people in Lviv over a year-long Roblox account-takeover ring. The supply chain underneath is the same one that drove Snowflake.
30 APR 2026 · commentary · technology · 4 min

Anthropic ships Claude Security. Act 2 of the Frankenstein-reflex playbook. Three months after Mythos, Anthropic launches the defender product. Eleven named partners endorse it; zero independent voices are quoted in the launch piece.
29 APR 2026 · identity · commentary · 5 min

Chris Inglis on Snowden, 13 years on: the insider-threat lessons NSA learned in public Chris Inglis was NSA Deputy Director when Snowden walked out with the documents. His Dark Reading interview lays out three insider-threat failure modes still worth flagging in 2026.
29 APR 2026 · ransomware · commentary · 4 min

0APT vs KryBit: when ransomware gangs leak each other, defenders read the receipts Two ransomware-as-a-service gangs leaked each other's infrastructure. KryBit's dump of 0APT exposed access logs proving its January 190-victim list was entirely fabricated, plus a rare baseline of RaaS economics.
29 APR 2026 · ransomware · identity · 5 min

The insurance data CISOs can take to the board: misconfigured MFA loses more than no MFA at all Resilience's manufacturing cyber-insurance claims data shows misconfigured MFA drove 26% of losses — more than triple the loss from no MFA at all. Three numbers CISOs can take to the board.
28 APR 2026 · fraud · brand impersonation · 3 min

FTC: $2.1bn lost to social-media scams in 2025 The headline is the bait. The brand-impersonation detail underneath is what enterprise security teams and retail banks should actually be reading.
27 APR 2026 · nation state · vulnerability · 3 min

APT28 turns an incomplete Windows patch into a zero-click attack Russia's GRU exploited a Windows flaw that Microsoft thought it had fixed. The 'patch the patch' problem keeps shipping defenders a worse version of what they paid for.
27 APR 2026 · phishing · fraud · 3 min

Toronto SMS-blaster arrests: a fake cell tower in a city centre Three men arrested for operating a fake cellular base station in central Toronto, sending phishing SMS to nearby phones. Physical-layer attacks on telco are real and operating.
27 APR 2026 · supply chain · technology · 3 min

GlassWorm returns: 73 'sleeper' extensions on OpenVSX, malicious only after install Extensions that pass scanning at install and turn malicious after an update. The model where you scan the artefact once and stop watching is finally broken.
27 APR 2026 · supply chain · data breach · 3 min

Checkmarx confirms its GitHub repo data is on the dark web The March supply-chain attack on Checkmarx has produced its second-order disclosure. The interesting question is what their customers' build pipelines were exposed to.
27 APR 2026 · supply chain · cloud · 3 min

PyPI hijack: elementary-data turned into an infostealer at 1.1M downloads a month Maintainer-account compromise turned a popular data-engineering package into a credential vacuum. The blast radius starts at 1.1M downloads a month and ends in cloud.
27 APR 2026 · phishing · identity · 3 min

Robinhood's account-creation flow turned into a phishing pipe Threat actors injected phishing content into Robinhood's own transactional emails. The trust-the-sender heuristic that customers were trained on for two decades doesn't survive this.
27 APR 2026 · nation state · commentary · 3 min

Silk Typhoon: alleged Chinese MSS contractor extradited from Italy to face US charges Italy hands over a named individual linked to one of China's most prolific espionage clusters. Western prosecutors are starting to pick off contractors. The threat-model arithmetic shifts.
27 APR 2026 · supply chain · commentary · 3 min

TeamPCP supply-chain campaign: 26-day pause, three concurrent compromises, then back to work A campaign that goes quiet then re-fires across three ecosystems at once. Defenders' mental model needs to include intermittency, not just persistence.
24 APR 2026 · vulnerability · commentary · 3 min

CISA KEV adds Samsung MagicINFO and SimpleHelp — quiet flaws in noisy estates Four CVEs joined the Known Exploited list. None are flashy. All sit in software that lives quietly inside large enterprise estates and almost never gets patched.
23 APR 2026 · vulnerability · commentary · 3 min

Apple patches an exploited iOS notification flaw — zero-click is back on the menu iOS 26.4.2 fixes a single Notification Services vulnerability (CVE-2026-28950), already exploited in the wild. Patch high-value targets first.
23 APR 2026 · identity · policy · 3 min

NCSC: passkeys are the future. The cover for banks to move has just shifted The UK's lead cyber agency has formally said passkeys should be the default consumer authentication method. That changes the regulatory arithmetic for FS firms still on SMS OTP.
21 APR 2026 · phishing · identity · 3 min

Scattered Spider's 'Tylerb' pleads guilty — twelve firms, eight million in crypto Tyler Buchanan admits wire fraud and aggravated identity theft. The plea writes down the kill chain that the Twilio, LastPass and DoorDash reports paraphrased out.
14 APR 2026 · vulnerability · technology · 4 min

Patch Tuesday April 2026: 167 fixes, a SharePoint zero-day, and a Defender bug nicknamed BlueHammer Microsoft's biggest single Patch Tuesday in years lands a SharePoint zero-day already in the wild and a Defender privilege-escalation flaw with a leaked exploit.
07 APR 2026 · nation state · cloud · 4 min

Russia's APT28 hijacks 18,000 home routers to harvest Office 365 tokens Forest Blizzard turned end-of-life MikroTik and TP-Link boxes into DNS pivots, ran AiTM against Outlook on the web, and stole post-MFA OAuth tokens at scale.