EPISODE · Apr 11, 2026 · 5 MIN
Apr 11, 2026 · #23
from Security Brief Daily · host Security Brief Daily
Episode 23 — 11 Apr 2026 1. Nearly 4,000 US industrial devices exposed to Iranian cyberattacks Source: Bleeping Computer The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. According to a joint advisory issued by... 2. Eurail says December data breach impacts 300,000 individuals Source: Bleeping Computer Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. Eurail is a Netherlands-based company that sells Interrail and Eurail... 3. Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure Source: The Hacker News A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a... 4. Microsoft: Canadian employees targeted in payroll pirate attacks Source: Bleeping Computer A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. The attackers used malicious Microsoft 365 sign-in pages to steal victims' authentication tokens and session... 5. When attackers already have the keys, MFA is just another door to open Source: Bleeping Computer When attackers already have the keys, MFA is just another door to open Sponsored by Token April 9, 2026 10:02 AM 0 The Figure breach exposed 967,200 email records without a single exploit. Understanding what that enables — and why your MFA cannot contain it — is an... 6. GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs Source: The Hacker News Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in... 7. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region Source: The Hacker News An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and... 8. CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads Source: Bleeping Computer Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. The two utilities have millions of users who rely on them for tracking the physical health of...
What this episode covers
Episode 23 — 11 Apr 2026 1. Nearly 4,000 US industrial devices exposed to Iranian cyberattacks Source: Bleeping Computer The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. According to a joint advisory issued by... 2. Eurail says December data breach impacts 300,000 individuals Source: Bleeping Computer Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. Eurail is a Netherlands-based company that sells Interrail and Eurail... 3. Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure Source: The Hacker News A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a... 4. Microsoft: Canadian employees targeted in payroll pirate attacks Source: Bleeping Computer A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. The attackers used malicious Microsoft 365 sign-in pages to steal victims' authentication tokens and session... 5. When attackers already have the keys, MFA is just another door to open Source: Bleeping Computer When attackers already have the keys, MFA is just another door to open Sponsored by Token April 9, 2026 10:02 AM 0 The Figure breach exposed 967,200 email records without a single exploit. Understanding what that enables — and why your MFA cannot contain it — is an... 6. GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs Source: The Hacker News Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in... 7. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region Source: The Hacker News An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and... 8. CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads Source: Bleeping Computer Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. The two utilities have millions of users who rely on them for tracking the physical health of...
NOW PLAYING
Apr 11, 2026 · #23
No transcript for this episode yet