Rutan & Tucker Law Firm Suffers Data Breach by Silentransomgroup Silentransomgroup claims to have breached law firm Rutan & Tucker, LLP and listed the firm on its leak site, indicating a compromise of internal systems. Posted evidence on the actor's directory index appears to include legal case files, confidential internal records, network drive mappings (net drives.png), and a directory tree (RTtree.txt)....

Silentransomgroup claims to have breached Rutan & Tucker, LLP, a historic Costa Mesa law firm with $64M revenue. Leaked data includes legal files, confidential records, and network details. #DataBreach #LawFirm #USA

Qilin Breach: Sea Air, Kolin, INDCAR, PTS, Huonker, Ferguson, SEL, Sterimed, Avitrans, Rusk The Qilin ransomware group claims to have breached networks at ten organizations worldwide, affecting companies in logistics, manufacturing, construction, finance, medical packaging, and a local government. The actor posted an alleged victims list on April 21, 2026, and while specific file directories are not yet published, the reportedly exfiltrated data commonly...

The Qilin ransomware group claims to have breached networks at 10 global organizations across logistics, manufacturing, construction, finance, medical packaging, and local government, exposing sensitive financial and personal data. #RansomwareAttack #DataBreach

Reliance Jio Infocomm Hit By Alleged Trading Data Breach Reliance Jio Infocomm Limited has allegedly been compromised, exposing sensitive internal infrastructure and an alleged real-time algorithmic trading system reportedly in operation since 2016. The leaked data reportedly includes a redis_dump.txt database file, National Stock Exchange (NSE) Futures & Options trading data, system alerts for ShortCovering, LongBuiltUp, and Resistance Levels, and...

Reliance Jio Infocomm reportedly suffered a data breach exposing internal infrastructure and a real-time trading algorithm since 2016. Leaked data includes NSE Futures & Options and detailed trading alerts. #India #DataLeak #TradingSystems

Tencent’s QClaw AI agent app arrives on Windows and macOS Tencent has opened an international beta of QClaw, an AI agent app for Windows and MacOS available to 20,000 users in Canada, Japan, Singapore, South Korea, and the United States, with additional markets planned. Built on the open-source OpenClaw, QClaw integrates leading LLMs and messaging platforms like WhatsApp and Telegram, offers three pre-configured agent sets for daily and work tasks, processes data on-device, and uses a Claw Gateway security layer; it first launched as a public beta in Mainland China with over 80 feature iterations. #QClaw #OpenClaw #Tencent #ClawGateway #WhatsApp #Telegram

Tencent launches QClaw AI agent app beta for Windows and macOS, available to 20,000 users in Canada, Japan, Singapore, South Korea, and the US. Features on-device data processing and integrates WhatsApp and Telegram. #TencentAI #OpenClaw #Canada

Phishing reclaims the top initial access spot, attackers experiment with AI tools Phishing returned to the top initial-access method in Q1 2026, accounting for over a third of engagements where initial access could be determined, according to Cisco Talos. Talos also documented novel abuse of the AI web-builder Softr to host Exchange/OWA credential-harvesting pages, a decline in ToolShell SharePoint exploitation, the first Talos sighting of Crimson Collective using exposed GitHub tokens to access Azure via Microsoft Graph, and persistent MFA and logging gaps enabling attacks. #Softr #CrimsonCollective

Phishing topped initial access methods in Q1 2026, with over a third of engagements. Attackers leveraged AI tool Softr for credential-harvesting pages and exploited MFA gaps. #SoftrAbuse #AzureAccess #USA

OneDrive updates focus on AI, access control, and compliance Microsoft's OneDrive updates expand Copilot-driven intelligence to summarize files, generate new documents from stored content, and surface key insights via Ask Copilot in File Explorer and semantic search. The release also improves accessibility and governance with mobile OCR, Markdown support, OneDrive Sync public preview for up to 1 million items, file-level archiving, and enhanced sharing and admin controls. #OneDrive #Copilot

Microsoft OneDrive updates enhance AI-driven Copilot for file summarization, content generation, and insights via File Explorer. Added features include mobile OCR, Markdown support, and advanced admin controls. #CloudStorage #AIInnovation #USA

APT Profile – Red Menshen Red Menshen is a China-linked APT that uses a kernel-level, BPF-based backdoor called BPFDoor to establish highly stealthy persistence and packet-triggered command activation inside telecommunications and network edge devices. The group focuses on long-term infrastructure-level espionage by exploiting internet-facing devices, using multi-stage post-exploitation toolchains and covert activation mechanisms to collect communications and metadata at scale. #RedMenshen #BPFDoor

Red Menshen, a China-linked APT active since 2021, uses BPFDoor, a kernel-level backdoor, to stealthily infiltrate telecom and network edge devices for long-term espionage and large-scale metadata collection. #RedMenshen #BPFDoor #China

TikTok’s Secret Tracker: The “Featured” Extensions Harvesting Your Data LayerX researchers uncovered a coordinated campaign of at least 12 browser extensions that pose as TikTok downloaders while secretly tracking users and harvesting telemetry. The operation has compromised over 130,000 users on Google Chrome and Microsoft Edge by reusing a single code family, employing long-lived trust-building tactics, and using remote configuration...

Researchers uncovered 12 browser extensions posing as TikTok downloaders that secretly track users and steal data. Over 130K users on Chrome and Edge affected via a single code family and remote updates. #DataHarvest #TikTokApps #USA

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals Google Antigravity, an agent-first IDE powered by Gemini, contained a sandbox-escape vulnerability that allowed remote code execution via an unsanitized parameter and was patched by Google in late February. Researchers also found that a fake google-antigravity(.)com site distributed a trojanized installer deploying PowerShell scripts and a stealer that harvests browser data,...

Google patched a sandbox-escape vulnerability in its agent-first IDE, Antigravity, after researchers found a remote code execution flaw. Fake sites distributing trojanized installers were also uncovered. #GoogleAntigravity #PowerShell #USA

Oracle Patches 450 Vulnerabilities With April 2026 CPU Oracle released 481 security patches in its April 2026 Critical Patch Update covering 28 product families, addressing roughly 450 unique CVEs with more than 300 vulnerabilities that are remotely exploitable without authentication. The update heavily impacted Oracle Communications, Financial Services Applications, and Fusion Middleware, and follows an emergency fix for CVE-2026-21992...

Oracle released 481 patches in the April 2026 CPU, fixing around 450 unique CVEs across 28 products. Over 300 vulnerabilities are remotely exploitable without authentication, heavily impacting Oracle Communications, Financial Services, and Fusion Middleware. #OraclePatches #IdentityManager

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug Microsoft released out-of-band updates to fix a critical ASP.NET Core vulnerability, CVE-2026-40372, that can allow an attacker to escalate privileges to SYSTEM. The flaw was caused by a regression in Microsoft.AspNetCore.DataProtection 10.0.0–10.0.6 on non-Windows systems and is fixed in ASP.NET Core 10.0.7; tokens issued during the vulnerable window remain valid unless...

Microsoft patches critical ASP.NET Core CVE-2026-40372 privilege escalation bug caused by DataProtection regression in versions 10.0.0–10.0.6 on non-Windows systems. Fixed in 10.0.7; key ring rotation needed to invalidate tokens. #CVE202640372 #ASPNet

Microsoft traces Universal Print issues to Graph API code change Microsoft has attributed an ongoing Universal Print sharing issue—causing intermittent "Sharing Print Failed" errors when creating printer shares—to a Microsoft Graph API code change that increased Entra ID directory replication latency and exposed a pre-existing race condition. The company has tagged the problem as incident UP1287359, is deploying a corrective code change, and provided a 13-step mitigation that avoids selecting organization-wide access and adds members manually until the fix is applied. #UniversalPrint #MicrosoftGraphAPI

Microsoft identified “Sharing Print Failed” errors in Universal Print as caused by a Microsoft Graph API code change increasing Entra ID replication latency, exposing a race condition. Fix and mitigation underway. #UniversalPrint #GraphAPI #USA

New GoGra malware for Linux uses Microsoft Graph API for comms Symantec researchers found a Linux variant of the GoGra backdoor that uses hardcoded Azure AD credentials and the Microsoft Graph API to stealthily pull commands from an Outlook mailbox. Developed by the state-linked Harvester group, the backdoor persists via systemd and an XDG autostart entry, decrypts AES-CBC/base64 commands from a "Zomato Pizza" folder (subject "Input"), executes them, returns AES-encrypted results (subject "Output"), and deletes the original command emails. #GoGra #Harvester

A new Linux GoGra backdoor uses hardcoded Azure AD creds and Microsoft Graph API to stealthily fetch commands from an Outlook mailbox. Operates via systemd and XDG autostart. #GoGraMalware #LinuxThreat #MicrosoftGraph

Microsoft releases emergency patches for critical ASP.NET flaw Microsoft released out-of-band security updates to fix a critical privilege escalation bug in the ASP.NET Core Data Protection APIs that allowed forged authentication cookies to grant SYSTEM privileges. Customers are urged to update Microsoft.AspNetCore.DataProtection to 10.0.7, redeploy, and rotate DataProtection keys to invalidate any forged tokens #CVE-2026-40372 #ASPNetCore

Microsoft releases emergency patches for a critical ASP.NET Core flaw (CVE-2026-40372) allowing forged auth cookies to escalate to SYSTEM privileges. Update to 10.0.7 and rotate DataProtection keys. #ASPNetCore #MicrosoftPatch #USA

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Over 1,300 Microsoft SharePoint servers exposed online remain unpatched for a zero-day spoofing vulnerability (CVE-2026-32201) that Microsoft fixed in April 2026 but continues to be exploited in active attacks. Shadowserver reports fewer than 200 systems have been patched, and CISA has added the flaw to its KEV catalog and ordered federal agencies to remediate under BOD 22-01. #CVE-2026-32201 #MicrosoftSharePoint #Shadowserver #CISA

Over 1,300 Microsoft SharePoint servers remain unpatched against zero-day spoofing flaw CVE-2026-32201, affecting Server 2016, 2019, and Subscription Edition. Fewer than 200 patched despite active exploitation. #MicrosoftSharePoint #CISA #USA

Cyber Incident | NSW Government Internal monitoring detected a suspected transfer of a substantial cache of confidential commercial and financial documents affecting multiple NSW Government departments and projects. NSW Treasury reported the matter to NSW Police, who launched Strike Force Civic, led to criminal charges, and now believe the alleged stolen data has been located and secured with no external compromise and no impact to government services. #NSWTreasury #StrikeForceCivic

Internal monitoring uncovered a suspected transfer of confidential commercial and financial documents across multiple NSW Government departments. NSW Police's Strike Force Civic secured the data with no service impact. #NSWTreasury #StrikeForceCivic

Same packet, different magic: Mustang Panda hits India's banking sector and Korea geopolitics A new LOTUSLITE v1.1 backdoor variant was deployed in targeted campaigns against India's banking sector and South Korean/U.S. policy circles, using DLL sideloading via Microsoft-signed binaries and CHM/JavaScript-based loaders. Attribution points to Mustang Panda with moderate confidence based on shared code lineage, residual exports (e.g., KugouMain), and reused Dynu-managed C2 infrastructure. #LOTUSLITE #MustangPanda

Mustang Panda deploys an evolved LOTUSLITE v1.1 backdoor targeting India’s banking sector and Korea-U.S. policy circles using DLL sideloading and advanced evasion tactics like runtime API resolution. #India #MustangPanda #Cyberespionage

Ransomware Negotiator Pleads Guilty to BlackCat Scheme A former ransomware negotiator, Angelo Martino, pleaded guilty to conspiring with the BlackCat/ALPHV group to extort U.S. companies in 2023 by leaking confidential negotiation and insurance details from his incident response firm. Law enforcement has seized roughly $10 million in assets, co-conspirators have also pleaded guilty, and experts urge strict separation of negotiation, payment, and response roles to prevent insider abuse. #BlackCat #ChangeHealthcare

Former ransomware negotiator Angelo Martino pleaded guilty to conspiring with BlackCat/ALPHV to extort US companies by leaking confidential negotiation and insurance info. $10M seized, co-conspirators also guilty. #BlackCat #Ransomware #USA

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware This report describes a worm-enabled npm supply-chain campaign that implanted install-time malware in multiple packages, harvested developer secrets and browser/wallet artifacts, exfiltrated data via an HTTPS webhook and an Internet Computer canister (cjn37-uyaaa-aaaac-qgnva-cai), and attempted self-propagation by republishing compromised packages and targeting PyPI. The activity shows strong tradecraft and code overlap with prior CanisterWorm incidents and is linked to TeamPCP–style supply chain attacks affecting packages tied to Namastex Labs' Automagik ecosystem. #TeamPCP #NamastexLabs

Namastex.ai npm packages compromised by TeamPCP-style CanisterWorm malware. Attack used install-time worms to harvest secrets, exfiltrate data via HTTPS webhook and Internet Computer canister, and targeted PyPI. #SupplyChain #NamastexLabs #USA

Ransom! Kolin Turkey (APR-2026) A ransomware claim targeting Kolin in Turkey is attributed to the threat actor qilin. Details such as attack vector and ransom amount are listed as N/A. #Turkey

Ransomware group qilin claims attack on Kolin Turkey’s manufacturing sector. Details like attack method and ransom remain undisclosed. Incident surfaced April 21, 2026. #Kolin #Ransomware #Turkey

Cybersecurity News | Daily Recap [21 Apr 2026] Daily Recap, the week featured high-profile data breaches at Vercel and ANTS, a Seiko USA Shopify data claim, and misconfigured Perforce servers exposing sensitive data from major organizations. Ransomware, crypto threats, platform abuse, and regulation dominated headlines, including BlackCat/ALPHV and Scattered Spider activity, The Gentlemen using SystemBC, Lazarus/TraderTraitor's KelpDAO heist, FakeWallet/SparkKitty on the Apple App Store, notable CVEs like SGLang CVE-2026-5760, Google Antigravity RCE risks, BridgeBreak flaws in Silex and Lantronix, and regulatory actions by the FTC and Italy's data-protection authority. #Vercel #LummaStealer #Mandiant #ANTS #SeikoUSA #Shopify #Perforce #BlackCat #ALPHV #AngeloMartino #ScatteredSpider #TheGentlemen #SystemBC #Lazarus #TraderTraitor #KelpDAO #rsETH #TornadoCash #FakeWallet #SparkKitty #AppleAppStore #Cisco #Zimbra #TeamCity #ActiveMQ #SGLang #CVE-2026-5760 #GGUF #GoogleAntigravity #BridgeBreak #Silex #Lantronix #Bluesky #Ofcom #Telegram #TeenChat #ChatAvenue #X #Athr #FTC #TakeItDownAct #Grok #PosteItaliane #Postepay #ItalyDataProtectionAuthority

High-profile breaches hit Vercel, ANTS, and Seiko USA Shopify; misconfigured Perforce servers leak data. Ransomware, crypto threats, and regulatory moves from FTC and Italy dominate headlines. #DataBreach #Ransomware #Italy

Uptick in Bomgar RMM Exploitation Huntress observed multiple exploitation waves of vulnerable Bomgar (BeyondTrust Remote Support) instances beginning in February and escalating in April 2026, with at least 10 impacted organizations initially and several incidents leading to LockBit ransomware deployments and mass downstream compromises. The attacks leveraged outdated Bomgar versions vulnerable to CVE-2026-1731, with malicious activity traced to processes like bomgar-scc.exe and artifacts including LB3.exe and PoisonX.sys. #Bomgar #LockBit

Multiple waves of Bomgar RMM exploitation detected since Feb 2026, targeting outdated versions vulnerable to CVE-2026-1731. Incidents led to LockBit ransomware and widespread downstream compromises. #BomgarRMM #LockBitRansomware #USA

Anthropic Mythos just broke the four-minute mile in cyber offense New AI models such as Anthropic's Claude Mythos have rapidly accelerated autonomous discovery and exploitation of zero-day vulnerabilities, producing hundreds of working exploits and collapsing time-to-exploitation to hours or less. Security leaders are urged to act immediately by integrating AI-driven defensive tooling, adopting continuous patching and automated response, and following operational guidance like the CSA's "AI Vulnerability Storm" briefing to become "Mythos-ready" #AnthropicMythos #ProjectGlasswing

Anthropic’s Claude Mythos AI shattered speed records in cyber offense by autonomously creating 181+ exploits for Firefox JS engine, cutting zero-day exploitation time to hours. #AIExploits #ZeroDayRace #USA

Ransom! Industrial Carrocera Arbuciense (APR-2026) Industrial Carrocera Arbuciense is the victim of a ransomware claim attributed to the threat actor qilin, with limited public details available. The incident is associated with Spain as the impacted country, with no further information on methods or ransom demands #Spain

Industrial Carrocera Arbuciense, a Spanish manufacturing firm, fell victim to a ransomware attack linked to the threat actor Qilin. Details on methods or ransom demands remain undisclosed. #Ransomware #Manufacturing #Spain

Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety Tyler Robert Buchanan, a core leader of the Scattered Spider subset of The Com, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft for orchestrating phishing and SIM‑swap attacks that stole more than $8 million in cryptocurrency and harvested thousands of credentials. Arrested in Spain in 2024 and in federal custody since April 2025, Buchanan faces up to 22 years in prison and his plea highlights international law enforcement cooperation against Com-linked criminal networks. #ScatteredSpider #TylerBuchanan

Scottish man Tyler Robert Buchanan pleaded guilty to conspiracy in a massive phishing and SIM-swap scheme linked to Scattered Spider, stealing over $8M in crypto. Arrested in Spain, faces up to 22 years. #ScatteredSpider #Cryptocrime #Spain

Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks Lawmakers debated tougher penalties for ransomware attacks on hospitals, including treating such attacks as terrorism or pursuing homicide charges when deaths occur. The proposals, raised at a House Homeland Security hearing by former FBI cyber official Cynthia Kaiser, come as healthcare sector attacks doubled from 238 in 2024 to 460 in 2025. #Hospitals #FBI

Lawmakers consider labeling hospital ransomware attacks as terrorism and pursuing homicide charges for patient deaths, amid a surge from 238 to 460 attacks in 2025. #HospitalAttack #USLaw #Ransomware

UK regulator to probe Telegram, teen chat sites for potential child safety violations The UK regulator Ofcom has opened investigations into Telegram and two teen chat sites after evidence suggested the platforms may have facilitated the sharing of child sexual abuse material and enabled grooming. Ofcom is probing potential breaches of the Online Safety Act and could impose measures or fines if violations are found; Telegram denies the allegations and the chat sites say they have safety measures in place. #Telegram #Ofcom

UK regulator Ofcom is investigating Telegram and two teen chat sites over possible child safety violations, including sharing of abusive material and grooming risks under the Online Safety Act. #UK #OnlineSafety #ChildProtection

Thunderbird 150 arrives with encrypted message search and OpenPGP improvements Thunderbird 150.0 is released with eight new features, multiple bug fixes, and security patches addressing the email client's underlying web engine, and it supports Windows 10 or later, macOS 10.15 or later, and Linux with GTK+ 3.14 or higher. Notable additions include searchable OpenPGP and S/MIME encrypted message bodies, OpenPGP Unobtrusive Signatures, a PDF viewer with page reorganization, and several accessibility and Exchange-related fixes. #Thunderbird #OpenPGP

Thunderbird 150.0 introduces searchable encrypted message bodies for OpenPGP and S/MIME, Unobtrusive Signatures, a PDF viewer with page reorganization, plus accessibility and Exchange fixes. #EmailSecurity #OpenPGP #Linux

VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes Oracle released VirtualBox 7.2.8 on April 21, 2026, as a maintenance update addressing crashes, networking and clipboard issues, graphics and UEFI problems, and extended Linux kernel compatibility. Fixes include a VMM Guru Meditation error VERR_IEM_IPE_4, a FreeBSD shutdown crash, Windows 11 BSOD and UEFI secure boot certificate issues, Wayland-to-Windows clipboard repairs, and deprecation of the Oracle vboxvideo module for kernels 7.0+; #VirtualBox #VERR_IEM_IPE_4

VirtualBox 7.2.8 released with support for Linux kernel 7.0, fixes for VMM Guru Meditation error VERR_IEM_IPE_4, FreeBSD 16.0 shutdown crash, Windows 11 BSOD, clipboard, graphics, and UEFI issues. #VirtualBoxUpdate #LinuxKernel #USA

Ransom! Rutan & Tucker, LLP (APR-2026) Rutan & Tucker, LLP, a US-based law firm founded in 1909 and headquartered in Costa Mesa, California, reported a ransomware incident attributed to SilentRansomGroup. The firm stated that the incident disrupted operations and potentially exposed data. #UnitedStates

Law firm Rutan & Tucker, LLP, based in Costa Mesa, CA, reportedly targeted by ransomware group SilentRansomGroup on April 21, 2026. Incident details remain unconfirmed. #RansomwareAttack #LawFirmBreach #USA