Apr 07, 2026

Email 1 Summary:

– Cambodia has passed a new law targeting cyber scam compounds.

– The law introduces severe penalties for operators and workers: 5 to 10 years prison and fines up to $250,000.

– If torture, kidnapping, or deaths occur, penalties increase up to life imprisonment and $500,000+ fines.

– Individuals acting voluntarily in scams may face up to 10 years and heavy fines.

– Recruiters, trainers, and data sellers linked to scams face penalties including prison and fines.

– Cambodia is intensifying crackdowns, having raided over 190 compounds and freed over 110,000 foreign workers.

– High-profile arrests and extraditions of scam syndicate leaders have occurred.

– This new law aims to deter the country’s sprawling cyber scam ecosystem and improve its international reputation.

Email 2 Summary:

– German authorities identified Daniil Maksimovich Shchukin (“UNKN”) as leader of ransomware groups GandCrab and REvil.

– Shchukin and an associate extorted nearly €2 million causing over €35 million in damage between 2019-2021.

– Meta has paused collaboration with data contractor Mercor due to a major security breach affecting AI training data.

– Northern Ireland Education Authority is restoring access to a school IT system affected by a recent cyberattack.

– Bryan Fleming, a convicted spyware maker, avoided jail time after pleading guilty.

– North Korean group UNC4736 (AppleJeus) stole $270 million from Drift Protocol through a sophisticated 6-month infiltration.

– Compliance startup Delve was dropped by Y Combinator due to allegations of fabricated certifications.

– White House budget proposal includes a $700 million cut to CISA, the nation’s cyberdefense agency.

– Multiple other cyber incidents noted including Syrian government social media hacks, attacks against German political party Die Linke, and LinkedIn’s browser extension scanning controversy.

– Fortinet issued an emergency patch for actively exploited zero-day in FortiClient EMS.

Email 3 Summary:

– Fortinet released an urgent patch for a critical, actively exploited vulnerability in FortiClient Enterprise Management Server (CVE-2026-35616).

– The flaw allows unauthenticated attackers to execute code remotely.

– Researchers at Defused discovered the vulnerability; attacks observed in the wild.

– Cambodia’s new law targets scam compound operators with prison sentences ranging from 5 years up to life imprisonment, and significant fines.

– Scam compound crackdowns aim to improve Cambodia’s tourism and economic reputation.

– Scammers increasingly send traffic violation texts embedding QR codes that lead to phishing sites harvesting payment info, targeting multiple US states.

– Harvard warns of active cyberattacks impersonating IT staff to steal credentials.

– SANS 2026 report highlights cybersecurity skills shortages, posing risks to critical infrastructure.

– Various selected readings and industry news included.

Email 4 Summary:

– Fortinet issued emergency fixes for several exploited zero-day vulnerabilities, including the FortiClient EMS flaw actively exploited in the wild.

– Google DeepMind researchers mapped web attacks targeting AI agents.

– Other news includes malicious NPM packages targeting Guardarian users, attacks on Node.js maintainers linked to North Korea, and large-scale crypto thefts.

– AI Risk Summit announced, featuring talks on emerging AI security governance.

– Significant cybersecurity issues highlighted such as deepfake defense, data integrity as leadership issue, and emergent agentic AI governance needs.

– Additional coverage of recent cyber threats, attacks, and industry events provided by SecurityWeek.

Stay Well!