Security & IT News

LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices.

A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. [...]

Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations and stole COVID-19-related research.

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.

The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in 2025. [...]

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]

US sanctions target Cambodian scam networks tied to crypto fraud and trafficking

The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned. [...]

On Thursday, April 30 at 2:00 PM ET, BleepingComputer will host a live webinar with threat intelligence company Flare and threat intelligence researcher Tammy Harper, exploring how security teams can identify early warning signs of attacks before they escalate into incidents. [...]

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,

This update succeeds TeamPCP Supply Chain Campaign Update 007 , published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linked credentials, Google GTIG's formal designation of the operators as UNC6780 (with their credential stealer named SANDCLOCK), and the lapsed CISA KEV remediation deadline for CVE-2026-33634 with no standalone federal advisory. The Sportradar publication deadline flagged in Update 007 (approximately April 10 to 11) lapsed without a public CipherForce dump, and CipherForce's leak infrastructure has remained offline. Twelve days after Update 007, the technical compromise picture changed sharply across the W17 window (April 20 through April 26). The most significant development of the week was the end of TeamPCP's 26-day supply chain compromise pause, with three concurrent package compromises landing across npm, PyPI, and Docker Hub between April 21 and 22. The Checkmarx KICS Docker Hub repository was compromised on April 22 (claimed by TeamPCP via @pcpcats), the xinference PyPI package was poisoned the same day with a TeamPCP marker that the group publicly denied, and a self-propagating npm worm tracked as CanisterSprawl was identified by Socket and StepSecurity beginning April 21. The KICS Docker compromise then cascaded into a downstream compromise of @bitwarden/cli version 2026.4.0 the same evening when Bitwarden's Dependabot automation pulled the malicious checkmarx/kics:latest image into the Bitwarden CI/CD pipeline. Reporting suggests the campaign has visibly returned to its technical-discovery and active-compromise phase after spending most of April in credential-monetization mode; analysts assess the operators retain full operational capability despite the prior month's monetization failures. Dated event log 2026-04-20: ADT filed a Form 8-K with the SEC disclosing unauthorized access to certain cloud-based environments first identified the same day, with ShinyHunters subsequently posting a leak-site claim of over 10 million records and a 2026-04-27 publication deadline. The intrusion was attributed to a vishing attack against an ADT employee's Okta single sign-on account, which is a different access vector than the Trivy credential trove and therefore is NOT a confirmed TeamPCP supply chain campaign event; it is logged here only because ShinyHunters has been documented in prior updates as part of the TeamPCP-affiliated extortion ecosystem and remained operationally active during the target week. Source: BleepingComputer, https://www.bleepingcomputer.com/news/security/adt-confirms-data-breach-after-shinyhunters-leak-threat/ and Help Net Security, https://www.helpnetsecurity.com/2026/04/27/adt-systems-data-breach/ 2026-04-21: Socket and StepSecurity began identifying a self-propagating npm supply chain worm tracked as CanisterSprawl, embedded across at least 16 malicious package versions across the @automagik, pgserve, @fairwo

Itron confirmed a cyber incident but does not believe it is likely to have a material impact on the company

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]

Dozens of browser extensions openly sell user data via privacy policy disclosures

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same

The American technology giant provides water and energy monitoring and utility meters to hundreds of millions of homes and businesses.

​22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. [...]

Three seconds of audio is all it takes to clone a voice for fraud. Adaptive Security shows how deepfake calls trick employees into sending real money—and why most defenses don't catch them. [...]

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks.

Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing their mailboxes. [...]