Latest Internet & Cybersecurity News
DragonForce Ransomware Hits Vietnam Fortress Tools JSC
DragonForce Ransomware attacked and published data from Vietnam Fortress Tools JSC, highlighting ongoing ransomware threats to manufacturing sectors. This incident is part of broader weekly intelligence on cyber-attacks and breaches reported on April 17, 2026. Organizations are advised to monitor for similar exposures in Windows OS and network shares.
NBLOCK Ransomware Emerges on Underground Forums
CYFIRMA identified NBLOCK Ransomware, a file-encrypting malware using AES-256 that appends ".NBLock" to files on local and network storage. It targets Windows systems and was discovered via threat discovery processes. Victims face data inaccessibility without decryption keys, emphasizing ransomware trends across industries.
Gunra Ransomware Targets Multiple Countries and Sectors
Gunra, a double-extortion group since April 2025 using Conti code, hit victims in Brazil, South Korea, US, Spain, and Canada from April 2025 to 2026. It focuses on professional services, healthcare, consumer goods, manufacturing, and finance with advanced encryption. This underscores evolving ransomware sophistication and geographic spread.
Iranian Cyber Actors Target US Railroads' PLCs
Federal Railroad Administration warned of Iranian state-affiliated hackers scanning internet-connected programmable logic controllers (PLCs) in US rail systems on April 16, 2026. Compromise could disrupt services or train safety; SMART Union urges vigilance for suspicious activity. Rail workers should secure devices and report anomalies.
Iran Persists Cyber Threats Despite US Ceasefire
Iranian APTs, including IRGC-linked Handala, continue targeting US critical infrastructure despite a ceasefire pause announcement. US agencies urge high alert as threats compromise systems actively. Geopolitical tensions fuel persistent cyber risks.
Chinese Supercomputer in Tianjin Breached for 10 Petabytes
Hacker 'FlamingChina' claimed exfiltration of over 10 petabytes of sensitive data from National Supercomputing Center in Tianjin. This massive breach exposes state-run high-performance computing vulnerabilities. Implications for national security and data integrity are severe.
Cisco Patches Critical Webex and ISE Vulnerabilities
Cisco addressed critical bugs in Webex and Identity Services Engine (ISE), with ISE flaws potentially granting attackers network control. Experts note ISE exploits offer 'keys to the kingdom' despite Webex drawing headlines. Immediate patching is critical to prevent takeovers.
Nginx-ui MCP Authentication Flaw Actively Exploited
A missing authentication flaw in Nginx-ui MCP allows same-network attackers to alter configurations, enabling full system takeover. This vulnerability is under active exploitation. Organizations using nginx-ui must apply fixes urgently.
OpenAI macOS App Hit by Axios Supply Chain Attack
OpenAI's macOS app-signing process suffered an Axios supply chain attack, prompting certificate revocation and rotation. This incident highlights risks in software distribution ecosystems. Users should update apps to mitigate persistence risks.
Quantum 'Harvest Now, Decrypt Later' Threat Underway
Vanderbilt Quantum Forum panelists warn of ongoing 'harvest now, decrypt later' strategy where adversaries collect encrypted data for future quantum decryption. Urgent migration to post-quantum cryptography is needed despite legacy system challenges. Cross-sector collaboration is essential for readiness.
Compromised DVRs Proliferate in the Wild
SANS Internet Storm Center reports on compromised DVRs detectable across networks, posing risks for botnets and surveillance breaches. Handler Jesse La Grew highlights this in the top story for April 16, 2026. Threat level remains green, but scanning is advised.
Vishing Attacks Bypass Okta MFA for SSO Access
Attackers use vishing to target Okta, bypassing multi-factor authentication and gaining broad single sign-on data access. This tactic enables persistent unauthorized entry. Enhanced verification protocols are recommended.