EPISODE · Apr 28, 2026 · 4 MIN
Apr 28, 2026 · #40
from Security Brief Daily · host Security Brief Daily
Episode 40 — 28 Apr 2026 1. Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Source: The Hacker News Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that... 2. PyPI package with 1.1M monthly downloads hacked to push infostealer Source: Bleeping Computer An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, and it extended to the Docker image due to the package's workflow that... 3. American utility firm Itron discloses breach of internal IT network Source: Bleeping Computer Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law... 4. Alleged Silk Typhoon hacker extradited to US for cyberespionage Source: Bleeping Computer A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. According to a DOJ announcement, Xu Zewei is alleged to be a contract hacker for China's... 5. Robinhood account creation flaw abused to send phishing emails Source: Bleeping Computer Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. Starting last night, Robinhood customers began receiving "Your... 6. Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack Source: The Hacker News Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub... 7. Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware Source: The Hacker News Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of... 8. ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More Source: The Hacker News חZË_ՋŚ?ܼ|?>w%2~^:_g\ x>|̿k/;7_Fvfqz#$unRc|D<@?_&\m&Vf/1d ;/vlNN=X٭ f97|[=ܨ<S[;Q|m} }...
What this episode covers
Episode 40 — 28 Apr 2026 1. Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Source: The Hacker News Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that... 2. PyPI package with 1.1M monthly downloads hacked to push infostealer Source: Bleeping Computer An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, and it extended to the Docker image due to the package's workflow that... 3. American utility firm Itron discloses breach of internal IT network Source: Bleeping Computer Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law... 4. Alleged Silk Typhoon hacker extradited to US for cyberespionage Source: Bleeping Computer A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. According to a DOJ announcement, Xu Zewei is alleged to be a contract hacker for China's... 5. Robinhood account creation flaw abused to send phishing emails Source: Bleeping Computer Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. Starting last night, Robinhood customers began receiving "Your... 6. Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack Source: The Hacker News Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub... 7. Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware Source: The Hacker News Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of... 8. ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More Source: The Hacker News חZË_ՋŚ?ܼ|?>w%2~^:_g\ x>|̿k/;7_Fvfqz#$unRc|D<@?_&\m&Vf/1d ;/vlNN=X٭ f97|[=ܨ<S[;Q|m} }...
NOW PLAYING
Apr 28, 2026 · #40
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.