Researchers at Nozomi Networks Labs have uncovered three vulnerabilities in CODESYS Control, a widely used industrial PLC platform, that attackers can chain together to replace legitimate control applications with backdoored versions — ultimately gaining full admin access.

The flaws affect water treatment plants, energy grids, and manufacturing lines. An attacker with valid credentials can steal cryptographic keys, tamper with the boot application, and achieve root execution on restart.

CODESYS has patched all three issues in Runtime version 4.21.0.0 and now enforces mandatory code signing by default. Admins should update immediately and tighten network segmentation.

Source: Cybersecurity News

A critical vulnerability in Microsoft's Entra Agent Identity Platform allowed attackers to hijack powerful service principals across an entire tenant. The Agent ID Administrator role — meant only for managing AI agent identities — had a scoping gap that let users assign themselves ownership of unrelated, high-privileged service principals, generate new credentials, and fully compromise environments. Discovered by Silverfort researchers, the flaw was patched by Microsoft across all cloud environments as of April 2026. Security teams should still audit audit logs for suspicious ownership or credential changes, and treat privileged service principals as critical infrastructure going forward.

Source: Cybersecurity News

What started as a corporate data breach has escalated into a full-blown diplomatic standoff. South Korean e-commerce giant Coupang disclosed in November that a former employee stole an internal security key, exposing data from 33.7 million users. Seoul responded aggressively — raiding headquarters, launching tax audits, and summoning executives. CEO Bom Kim refused to appear.

Now Washington is reportedly threatening to pause high-level defence talks, including nuclear submarine cooperation, unless South Korea backs off Kim. Fifty-four Republican lawmakers called Seoul's response a "whole-of-government assault." Coupang has spent over $11 million lobbying Washington since 2021. Analysts warn the alliance may be approaching a breaking point.

Source: The Guardian

Hackers compromised version 2026.4.0 of Bitwarden's CLI NPM package — downloaded over 250,000 times monthly — injecting malware that systematically steals credentials across AWS, Azure, GitHub, GCP, and more. The malicious code also hijacks victims' GitHub accounts to exfiltrate additional secrets, making stolen data potentially visible to anyone searching GitHub — not just the attackers. Bitwarden confirmed the breach but says no user vault data was exposed. The attack mirrors a recent hit on Checkmarx and shares code with the Shai-Hulud worm campaigns from 2024. Hacking group TeamPCP is suspected, though attribution remains complicated.

Source: SecurityWeek

North Korea's Lazarus Group is running a ClickFix campaign against macOS users in FinTech, crypto, and leadership roles. Attackers reach targets via Telegram — often through a compromised contact's account — with fake Zoom or Google Meet invites. Once on the call, victims are told to run a command to fix connection issues, unknowingly installing malware called macrasv2, which steals credentials, browser sessions, and macOS Keychain data before self-deleting. Security firm Any.Run flagged the campaign on April 21. The fix? Train employees to never run commands to solve connectivity problems — especially on Macs.

Source: Dark Reading

Adobe fixed a critical vulnerability in Acrobat and Reader that attackers have been exploiting since at least November 2025. The flaw, CVE-2026-34621, lets hackers execute code simply by getting victims to open a malicious PDF.

Security researcher Haifei Li discovered the exploit on a threat-sharing platform, where it had been sitting largely undetected since March. The sophisticated attack fingerprints victims' systems, steals sensitive data, and can deploy additional malware.

Adobe confirmed active exploitation and released patches on April 11. The company urges immediate updates, as the vulnerability affects the latest versions and requires no user interaction beyond opening the PDF file.

Source: Dark Reading

ShinyHunters, a cybercriminal group, has breached Rockstar Games' servers and is demanding ransom payment by April 14, 2026, or they'll release stolen company data. This marks the second major attack on the Grand Theft Auto studio in three years.

Rockstar downplayed the breach, stating only "limited" non-material information was accessed through a third-party server, with no impact on players. However, any leak could be damaging given the tight secrecy around Grand Theft Auto VI, which has cost nearly $2 billion over 10 years of development.

The previous 2022 breach by teenager Arion Kurtaj cost Rockstar $5 million in recovery efforts. Grand Theft Auto VI was recently delayed to November 2026.

Source: The Guardian

OpenAI confirmed Friday it was affected by a supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. North Korean hackers compromised an Axios maintainer's account in late March and published malicious packages that were live for just hours before detection.

The attack hit OpenAI's macOS app-signing process, potentially exposing certificates used to sign ChatGPT Desktop and other applications. While OpenAI believes the certificate wasn't compromised, they're revoking it as a precaution and will fully revoke it by May 2026.

Cybersecurity firms found evidence of compromise on 135 machines, with the malicious code executing in 3% of affected environments. The attack is linked to UNC1069, a North Korean group known for cryptocurrency theft.

Source: Security Week

Adobe released an emergency security patch for a critical zero-day vulnerability in Acrobat Reader that hackers are actively exploiting. The flaw, tracked as CVE-2026-34621, allows attackers to execute malicious code by tricking users into opening specially crafted PDF files.

The vulnerability stems from prototype pollution, where attackers can manipulate the application's underlying logic through malicious properties. It affects Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier versions.

Threat actors are disguising malicious PDFs as legitimate business documents like invoices or legal records. Organizations should immediately apply Adobe's security updates and strengthen email filtering to block suspicious PDF attachments before they reach users.

Source: Cybersecurity News

A cyber attack has targeted Northern Ireland's C2K school network, forcing the Education Authority to reset all passwords and lock out students and staff during Easter break. The timing couldn't be worse - over 800 pupils at Methodist College Belfast alone are preparing for GCSE, AS and A-Level exams starting just weeks after the holidays.

Students can't access Google Classroom, OneDrive, emails, or revision materials uploaded by teachers throughout the year. With only two weeks between Easter and study leave, the disruption is piling pressure on exam candidates who planned to use the break for intensive revision.

The EA is investigating whether personal data was compromised and working with authorities including the Information Commissioner's Office. They've apologized for the impact but can't yet confirm when access will be restored.

Source: BBC