CyberPulse

A board-level strategic briefing synthesizing the defining lesson of April 2026: the most consequential attacks did not breach organizational perimeters — they arrived through trusted vendors. A vulnerability scanner was compromised twice, reaching a major password manager's distribution. A WordPress plugin's official update delivered a backdoor to 800K installations. A JavaScript library poisoned AI company build infrastructure. A utility vendor breach created supply chain exposure for electricity, gas, and water utilities worldwide. Supply chain attacks have quadrupled over five years (IBM X-Force). 65% of large organizations cite third-party exposure as their greatest resilience barrier (WEF). Four board-level questions address dependency inventory, vendor incident notification, staged update rollouts with integrity verification, and MSP security posture governance.

A global utility infrastructure vendor disclosed unauthorized access to its corporate IT systems via SEC 8-K filing, creating potential supply chain exposure for electricity, gas, and water utilities running its smart metering and grid management products. A new threat group (UNC6692) is deploying the three-component Snow malware suite — Snowbelt browser extension, Snowglaze tunneler, and Snowbasin backdoor — for deep persistent access via social engineering. Four new KEV additions include a CVSS 9.9 privilege escalation in SimpleHelp remote support software used by managed service providers. A second medical device company disclosed a breach, confirming the sector as a target category. Firefox 150 and Tor 15.0.10 patch CVE-2026-6770 in the shared browser engine.

TeamPCP struck Checkmarx for the second time in a month, poisoning official Docker Hub images (KICS), VS Code extensions, and GitHub Actions — then reaching Bitwarden CLI v2026.4.0 through the compromised pipeline. The attack is a self-propagating worm using stolen GitHub credentials to inject malicious workflows across repositories. Blast radius spans Docker Hub, VS Code, Open VSX, GitHub Actions, npm, and a major password manager. LMDeploy, an AI LLM deployment toolkit, was exploited within 13 hours of disclosure (CVE-2026-33626, CVSS 7.5) — the fourth AI platform exploitation tracked after Langflow, Flowise, and Marimo. A newly documented threat group uses Discord, Slack, and M365 Outlook as covert C2 channels via the Microsoft Graph API. Commercial shipping vessels were seized in the Strait of Hormuz, escalating physical supply chain risk for Gulf enterprises.

A board-level strategic briefing synthesizing the week that confirmed the AI cyber arms race is live. Two frontier AI companies shipped cyber-specialized models within nine days of each other. A twelve-company coalition committed $100M. Mandiant M-Trends reports 22-second adversary handoff times while CrowdStrike tracks 29-minute eCrime breakout — both shrinking. A CVSS 9.8 authentication bypass in the Model Context Protocol proves the AI agent integration layer is being deployed with default-open configurations. AI coding tools correlate with a 4x spike in critical findings — AI is simultaneously finding and creating more vulnerabilities. And automated voice phishing using human operators and AI agents has launched as a platform. Four board-level questions address machine-speed SOC operations, AI agent protocol governance, AI-generated code scrutiny, and social engineering defense updates.

A rival AI company officially launched GPT-5.4-Cyber, a frontier model optimized for defensive cybersecurity, days after Project Glasswing — making the AI cyber arms race live with two competing frontier models now shipping for enterprise security. A critical authentication bypass (CVE-2026-33032, CVSS 9.8) was discovered in the Model Context Protocol (MCP) integration for nginx-ui, allowing any network attacker to invoke all MCP tools without authentication. Patch Tuesday zero-days identified: CVE-2026-32201 (SharePoint spoofing, in KEV, deadline April 28) and CVE-2026-33825 (Defender privilege escalation to SYSTEM, the "BlueHammer" disclosure). A new cybercrime platform ATHR offers fully automated voice phishing using human operators and AI agents. Attackers are exploiting Marimo Python notebooks to deploy NKAbuse malware hosted on Hugging Face Spaces.

Mandiant's M-Trends 2026 reports adversary handoff times have collapsed to 22 seconds. CrowdStrike's Global Threat Report puts average eCrime breakout at 29 minutes. Six new KEV additions today include FortiClient EMS CVE-2026-21643, Adobe Acrobat Reader, Microsoft Exchange, and Windows CLFS — all under active exploitation with an April 27 patch deadline. A major AI company rotated macOS certificates after its build environment consumed the compromised Axios library — the state-linked supply chain attack is reaching AI infrastructure. ViperTunnel, a Python-based backdoor, has been linked to DragonForce ransomware targeting Windows servers. A state-linked espionage group is targeting journalists via Signal/Google/Zoom lures through professional networking platforms. An email provider breach exposed 40M+ records including corporate and diplomatic communication metadata.

Attackers hijacked the update infrastructure for Smart Slider 3 Pro (800K+ WordPress installations) and pushed a fully weaponized remote access toolkit through the official update channel for approximately six hours. Adobe released an emergency patch for CVE-2026-34621 (CVSS 8.6), a prototype pollution flaw in Acrobat Reader under active exploitation via malicious PDFs. The GlassWorm campaign evolved with a Zig-compiled dropper targeting multiple developer IDEs simultaneously. Google shipped Device Bound Session Credentials (DBSC) in Chrome 146, binding session cookies to hardware TPM to block infostealer session replay. Thousands of internet-exposed Rockwell PLCs were confirmed, expanding the OT attack surface quantification.

State-linked actors are actively targeting internet-exposed Rockwell/Allen-Bradley PLCs on critical infrastructure networks, moving the threat from IT management planes into the operational technology layer. A second AI workflow platform — Flowise (CVE-2025-59528, max severity) — is under active exploitation for arbitrary code execution, two weeks after Langflow. Docker Engine CVE-2026-34040 (CVSS 8.8) bypasses authorization plugins via an incomplete fix from 2024. Ponemon Institute research reveals hundreds of "dark matter" applications disconnected from centralized identity in the typical enterprise, creating an unmanaged attack surface now exploited by AI agents. A law enforcement operation disrupted a state-linked campaign hijacking home routers to steal cloud credentials. The FortiClient EMS zero-day KEV deadline is tomorrow.

A state intelligence-linked threat actor is conducting an active password-spraying campaign against Microsoft 365 environments across the Gulf, impacting 300+ organizations in three distinct attack waves on March 3, 13, and 23 — each separated by exactly 10 days. Targets include government, municipalities, technology, transportation, and energy. A state-sponsored actor deployed BRICKSTORM kernel implants and passive backdoors targeting VMware vSphere/vCenter/ESXi for long-term espionage below the guest OS layer. The Coruna iOS exploit kit was confirmed to contain an updated kernel exploit from the Operation Triangulation campaign. Apple expanded DarkSword patches to iOS 18.7.7 for older devices. Malicious npm packages masquerading as Strapi community plugins were identified across four sock puppet accounts.

Fortinet released an emergency out-of-band patch for CVE-2026-35616 (CVSS 9.1), a pre-authentication API access bypass in FortiClient EMS exploited as a zero-day — the second critical FortiClient EMS vulnerability in weeks after CVE-2026-21643. The bloc's cybersecurity service attributed a major continental government cloud breach to TeamPCP, exposing data from 29 additional institutional entities. The $285M Drift Protocol heist was attributed to a state-linked financial theft group after a six-month social engineering operation. Device code phishing exploiting the OAuth 2.0 Device Authorization Grant flow has surged 37x this year, targeting 340+ organizations across five countries.

Cisco patched CVE-2026-20093 (CVSS 9.8) in the Integrated Management Controller — an authentication bypass that allows an unauthenticated attacker to change any user's password, including the administrator, and gain full system control via a single crafted HTTP request. This continues the management plane attack pattern tracked since March across Intune, Cisco FMC, SD-WAN, and FortiClient EMS. A mass exploitation campaign using automated credential harvesting compromised 766 hosts via a web framework vulnerability, exfiltrating database credentials, SSH keys, cloud secrets, and API keys. Ransomware tracking shows 2,726 victims year-to-date through April 3 with 104 in the first three days of April. A state-linked actor publicly announced intent to escalate attacks on technology companies across the region.

Board-level strategic briefing on the defining risk of 2026: AI agents are being deployed across enterprises as autonomous actors with credentials, permissions, and action authority — but without the identity governance applied to human employees. Gartner projects 40% of enterprise applications will embed AI agents by year-end 2026 (up from 5% in 2025). 92% of security leaders are concerned about agent security implications. 48% believe agentic AI will be the top attack vector by year-end. The attack surface spans four layers: endpoints (coding agents), APIs/integrations (tool connectors), platforms (business workflow agents), and identity (credential accumulation). The most dangerous risk is not compromised agents but over-permissioned agents functioning as designed. Four board-level questions address agent inventory, identity lifecycle governance, human-in-the-loop controls, and organizational AI posture clarity.

A board-level strategic briefing synthesizing the three defining risk patterns of March 2026. First: cyber operations are inseparable from geopolitical conflict — the medical technology wiper that destroyed 80,000 devices through weaponized endpoint management demonstrated that trusted infrastructure can become the attack vector. Second: the developer supply chain is the new critical infrastructure — the TeamPCP cascade spread across six platforms from a single compromised vulnerability scanner. Third: AI is creating attack surface faster than organizations can secure it — AI platforms were exploited within hours of disclosure. The World Economic Forum reports 91% of large organizations have changed cybersecurity strategies due to geopolitical volatility, and 87% of leaders see AI vulnerabilities as the fastest-growing cyber risk. This edition provides four board-level questions for Q2 2026 planning.

Google released Chrome updates fixing 21 vulnerabilities including CVE-2026-5281, a zero-day in the WebGPU Dawn component already exploited in the wild and added to the KEV catalog — the third Chrome zero-day cycle in three weeks. Google attributed the Axios npm supply chain compromise to a state-linked threat cluster, confirming that the developer supply chain is now a battleground for both criminal and state-linked operations. Citrix NetScaler CVE-2026-3055 has been added to the KEV catalog after confirmed exploitation. Fortinet FortiClient EMS CVE-2026-21643 is under active exploitation via SQL injection — another management plane target. A critical zero-click Telegram RCE was disclosed.

Today is the KEV remediation deadline for the F5 BIG-IP APM vulnerability CVE-2025-53521 (CVSS 9.3), reclassified from DoS to RCE after confirmed exploitation. A critical flaw in Open VSX's pre-publish scanning pipeline was disclosed — scanner failures were silently interpreted as "no scanners configured," allowing malicious extensions to bypass all vetting and explaining how the GlassWorm campaign evaded detection. Citrix NetScaler CVE-2026-3055 reconnaissance has intensified with attackers targeting the specific vulnerable endpoint. Three new vulnerabilities in LangChain and LangGraph expand the AI framework attack surface. The DarkSword iOS exploit chain has reportedly leaked to GitHub. A senior energy official publicly warned that adversaries may be pre-positioned inside energy infrastructure networks.

The TeamPCP supply chain campaign has triggered a law enforcement high-priority alert and the Trivy vulnerability (CVE-2026-33634) has been added to the KEV catalog. The cascade now spans six platforms — GitHub Actions, Docker Hub, PyPI, npm, VS Code extensions, and cloud communications SDKs — after the Telnyx Python package was compromised using audio steganography to conceal malware in a .WAV file. F5 BIG-IP APM CVE-2025-53521 was reclassified from DoS to RCE (CVSS 9.3) and confirmed exploited. Citrix NetScaler CVE-2026-3055 is seeing active reconnaissance. The Langflow AI platform RCE remains under active exploitation and is now in the KEV catalog. GlassWorm evolved to use Solana dead drops for RAT delivery via a malicious Chrome extension masquerading as Google Docs.

DarkSword, a second nation-state-grade iOS exploit kit, has been disclosed — this one targeting current iOS versions (18.4–18.7) with six vulnerabilities including four zero-days, deployed by three separate operators since November 2025. Unlike Coruna which targeted legacy iOS, DarkSword compromises fully patched modern devices. A critical SharePoint deserialization flaw (CVE-2026-20963) patched in January is now confirmed actively exploited. Formal guidance was issued to harden Microsoft Intune after the medical technology wiper, with the confirmed device count revised to ~80,000. The GlassWorm supply chain campaign escalated across npm, Open VSX, and GitHub simultaneously, now using Solana blockchain for C2 and in-memory-only execution.

Amazon Threat Intelligence confirmed that the Interlock ransomware group exploited CVE-2026-20131 (CVSS 10.0) in Cisco Secure Firewall Management Center as a zero-day for 36 days before Cisco's March 4 patch — gaining unauthenticated root access on enterprise firewalls. Amazon's MadPot honeypot network caught the exploitation and a misconfigured server exposed Interlock's complete attack toolkit. This is the second Cisco management plane zero-day confirmed exploited by a different threat actor in three weeks, reinforcing that the network management layer is the highest-value target. Also covered: GlassWorm supply chain campaign returns across GitHub, npm, and VS Code; Apple's first silent Background Security Improvement for a WebKit flaw; and a critical unpatched telnetd RCE vulnerability (CVE-2026-32746, CVSS 9.8).

Google released emergency Chrome updates for two actively exploited zero-days — CVE-2026-3909 (Skia out-of-bounds write) and CVE-2026-3910 (V8 arbitrary code execution), both CVSS 8.8. The GlassWorm supply chain campaign escalated with 72+ malicious Open VSX extensions discovered targeting developers and AI coding assistants using transitive dependency poisoning. The medical technology wiper incident continues with no restoration timeline as the Intune weaponization is confirmed. And the Coruna iOS exploit kit has been traced to exploits originally developed by a defense contractor — closing the loop on the proliferation story from government-commissioned tools to mass criminal deployment.

A state intelligence-linked hacktivist group deployed wiper malware against a $25 billion medical technology and defense industrial base supplier, causing a global network disruption that sent over 5,000 workers home, triggered an SEC filing, and temporarily disrupted emergency medical communications in at least one state. The group claims to have erased data from 200,000+ devices and exfiltrated 50TB of data, though these claims remain unverified. Multiple threat intelligence firms assess this as the first confirmed significant destructive cyber operation against a major corporation since the conflict began — marking a transition from hacktivist noise to operational destruction targeting healthcare and defense supply chains.

Broadcom's Symantec and Carbon Black confirmed that a state intelligence-linked threat group compromised a bank, an airport, nonprofits, and a defense aerospace software supplier starting in early February 2026 — weeks before the kinetic strikes began on February 28. The group deployed the previously unknown Dindoor backdoor using the Deno JavaScript runtime and attempted data exfiltration via Rclone to cloud storage. Intel 471, Nozomi Networks, CrowdStrike, Flashpoint, and CSIS all documented the broader surge in state-aligned cyber operations targeting financial services, aviation, defense, industrial control systems, and government infrastructure across the conflict zone. The pre-positioning phase is over. The question is whether defenders find the implants before the operators activate them.

IBM's 2026 X-Force Threat Intelligence Index reveals that 56% of the nearly 40,000 vulnerabilities tracked in 2025 required no authentication to exploit — explaining why unauthenticated flaws like the Cisco SD-WAN bypass, the MSHTML zero-day, and the Coruna iOS exploit kit all converged in the same week. Exploitation of public-facing applications surged 44% to become the leading initial access vector. Supply chain compromises nearly quadrupled since 2020. Over 300,000 AI chatbot credentials appeared on dark web marketplaces. Actionable guidance focuses on prioritizing unauthenticated vulnerabilities in patch queues, auditing external attack surfaces, and assessing supply chain exposure across CI/CD and SaaS integrations.

Cisco confirmed active exploitation of two additional SD-WAN Manager vulnerabilities (CVE-2026-20122 and CVE-2026-20128) — bringing the total to four exploited Cisco SD-WAN flaws in eight days. The company also patched two maximum-severity (CVSS 10.0) Secure Firewall Management Center flaws enabling unauthenticated remote code execution as root. Hikvision and Rockwell Automation legacy vulnerabilities were added to the KEV catalog as actively exploited. The network management and OT layer is under simultaneous pressure across SD-WAN, firewall management, IP cameras, and industrial controllers.

This week revealed pre-positioned access across every infrastructure layer simultaneously. Google and iVerify exposed Coruna, a nation-state iOS exploit kit with 23 exploits that proliferated from surveillance to espionage to mass criminal deployment in twelve months. Cisco disclosed a CVSS 10.0 SD-WAN zero-day exploited since 2023 with a three-year dwell time. Akamai traced APT28's exploitation of an MSHTML zero-day a month before Microsoft patched it. Google's Android update addressed 129 CVEs including a Qualcomm zero-day under active exploitation. Radware quantified 149 hacktivist DDoS attacks from 12 groups across 16 nations in 72 hours. VMware Aria Operations was added to the KEV catalog. The connecting pattern: the gap between capability creation and mass deployment is collapsing while the gap between compromise and detection continues to widen.

Google Threat Intelligence Group and iVerify published simultaneous research on Coruna, a nation-state-grade iOS exploit kit containing 23 exploits across five full attack chains targeting iOS 13 through 17.2.1. The kit proliferated from a commercial surveillance vendor to state-linked espionage operations to mass criminal deployment in under twelve months — marking the first observed mass exploitation of mobile devices using nation-state-grade tools. Combined with this week's Cisco SD-WAN three-year dwell time (compliance deadline tonight), APT28's MSHTML zero-day, and a Qualcomm Android zero-day under active exploitation, defenders face a convergence of advanced capabilities being deployed simultaneously across network, desktop, and mobile layers.

Palo Alto Unit 42 published a live threat brief confirming sixty hacktivist groups are now active in coordinated cyber operations, with allied foreign collectives joining the fight. An Electronic Operations Room was established within hours of the strikes to synchronize targeting across the coalition. Check Point Research confirmed that Handala Hack is routing attacks through Starlink IP ranges from inside the nationwide internet blackout, creating a detection blind spot for defenders relying on geographic IP filtering. A national CERT intercepted an OT attack on SCADA systems managing civilian food reserves — representing an escalation from traditional energy targeting to food infrastructure. Actionable guidance covers Starlink ASN blocking, OT exposure hunting, and DDoS preparation for allied foreign convergence.

With conventional military options destroyed in this weekend's coordinated strikes, threat intelligence firms assess that cyber operations are now the sole remaining instrument of asymmetric retaliation — and state-linked cyber units were activated before the kinetic trigger was pulled. This briefing reveals that the wiper malware scenario already happened: a Shamoon 4.0 variant struck Gulf energy infrastructure in January, compromising 15,000 workstations, while port disruptions and rolling blackouts hit weeks before the current escalation. New threat vectors include deepfake social engineering deployed during communications blackouts, with staff receiving fake CEO evacuation messages while internet and news are degraded. CISA is operating at reduced staffing during the most acute threat period in years. Actionable guidance covers wiper preparedness, deepfake countermeasures, OT/ICS hardening, and supply chain contingency planning for simultaneous disruption of the Strait of Hormuz and Red Sea shipping lanes.

Ballistic missiles struck targets across multiple Gulf states this weekend in retaliatory strikes following a coordinated military operation that included the largest cyber operation in recorded history. Gulf-wide airspace closures grounded major airlines, the US Navy declared a maritime warning zone across the Strait of Hormuz, and GPS jamming is disrupting nearly a thousand vessels per day. Behind the hacktivist DDoS claims now targeting Gulf organizations, a state-sponsored espionage campaign running since January is accelerating — abusing legitimate remote management tools for persistent access while OT-focused groups target water and energy infrastructure. This special edition delivers prioritized response actions from P0 through P2 drawn from a TLP:CLEAR joint advisory by CISA, FBI, NSA, and DC3.

North Korea's ScarCruft built Ruby Jumper, a five-component toolchain that breaches air-gapped networks by installing a disguised Ruby runtime, weaponizing USB drives as bidirectional command channels, and deploying full-spectrum surveillance including keylogging, audio, and video capture inside physically isolated environments. Separately, Aeternum C2 is a new botnet that writes encrypted commands to smart contracts on the Polygon blockchain, eliminating all traditional takedown mechanisms — no servers to seize, no domains to sinkhole, and $1 of MATIC funds 150 command transactions. Together with the week's coverage of AI supply chain attacks, government database breaches, vishing recruitment, and cloud-based espionage, a clear pattern emerges: every assumption of isolation — physical, logical, legal, and operational — is being systematically dissolved.

Check Point Research disclosed critical vulnerabilities in Anthropic's Claude Code where simply opening an untrusted repository could silently execute commands on a developer's machine, steal API credentials, and compromise an entire team's workspace — all through configuration files treated as harmless metadata. Separately, Google and Mandiant dismantled GRIDTIDE, a China-linked espionage campaign that used Google Sheets as command-and-control infrastructure to breach 53 organizations across 42 countries, targeting telecoms and governments for surveillance. Both stories reveal the same pattern: trusted, inert-looking data becoming active attack surfaces.

Scattered LAPSUS$ Hunters — the cybercrime supergroup behind over 1.5 billion stolen records and the Jaguar Land Rover ransomware attack — is now recruiting women for voice phishing campaigns targeting IT help desks, paying $500-$1,000 per call with scripts provided. CISA simultaneously issued an emergency directive giving federal agencies 48 hours to patch actively exploited Cisco SD-WAN vulnerabilities, while a former U.S. defense contractor executive was sentenced to 7+ years for selling zero-day exploits to a Russian broker.

A stolen civil servant credential gave an attacker weeks of unrestricted access to FICOBA — France's national bank account registry containing every bank account opened in the country. 1.2 million accounts were browsed, exposing IBANs, names, addresses, and tax IDs. No MFA, no anomaly detection, no rate limiting. The breach creates immediate SEPA direct debit fraud risk across the EU. Phishing campaigns targeting affected customers were already detected within days.

CyberPulse — February 24, 2026: "They Poisoned the Bot That Guards the Code" A supply chain attack on the Cline AI coding assistant used prompt injection against an AI triage bot to steal npm publishing credentials and silently install the OpenClaw autonomous agent on ~4,000 developer machines in an 8-hour window. The first real-world case of prompt injection weaponized into a software supply chain compromise.

A low-skill, Russian-speaking hacker used commercial AI services to breach over 600 enterprise firewalls across 55 countries in five weeks. No zero-days required. Amazon just showed us what the automation of mediocrity looks like at scale.

The Machine Underground

Your AI Read Your Secrets

The Malware That Thinks

Your AI Takes Instructions From Strangers

Your Face Is Not Your Own

The Ghost With Admin Access

The 17 Billion Warning Sign

The Criminal Marketplace Youre Not Monitoring

When Your AI Agent Becomes the Attack Surface

When Cloud Break-Ins Move at AI Speed

The AI You Learned in January No Longer Exists

The Agent Internet Is Already Leaking

The Death of Human Error