Episode 23 — 11 Apr 2026
1. Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
Source: Bleeping Computer
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. According to a joint advisory issued by...
2. Eurail says December data breach impacts 300,000 individuals
Source: Bleeping Computer
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. Eurail is a Netherlands-based company that sells Interrail and Eurail...
3. Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
Source: The Hacker News
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a...
4. Microsoft: Canadian employees targeted in payroll pirate attacks
Source: Bleeping Computer
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. The attackers used malicious Microsoft 365 sign-in pages to steal victims' authentication tokens and session...
5. When attackers already have the keys, MFA is just another door to open
Source: Bleeping Computer
When attackers already have the keys, MFA is just another door to open Sponsored by Token April 9, 2026 10:02 AM 0 The Figure breach exposed 967,200 email records without a single exploit. Understanding what that enables — and why your MFA cannot contain it — is an...
6. GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Source: The Hacker News
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in...
7. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
Source: The Hacker News
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and...
8. CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
Source: Bleeping Computer
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. The two utilities have millions of users who rely on them for tracking the physical health of...
