CyberSecurity Knuggets
Apr 16, 2026
Here are summarized key points for 4 emails based on the provided content:
Email 1: Risky Bulletin – Malicious LLM Proxy Routers Found in the Wild
– Study identified 28 malicious Large Language Model (LLM) proxy routers among 28 paid and 400 free routers.
– Malicious behaviors include command injection, delayed trigger attacks, AWS credential theft, and one router drained ETH from a private wallet.
– Compromised routers can facilitate lateral movement, posing risks to an entire company’s AI network and cost control systems.
– Researchers leaked OpenAI API keys and deployed vulnerable routers, observing over 400 malicious sessions.
– Additional news includes breaches at Booking.com, Hallmark leak of 1.7m records, NYK shipping’s marine fuel system breach, and “Silent” group hitting 40 law firms.
– A fake Ledger iOS wallet stole $9.5 million in crypto during two weeks from over 50 victims worldwide.
– Microsoft released Linux 7.0 and OpenSSL 4.0 with security improvements; Google will punish sites hijacking the back button starting June 15, 2026.
– EU to curb Chinese solar inverter financing citing energy security; Russia blocked social network BlueSky.
– SMS blaster spammers arrested in Kazakhstan; other arrests include Russian restaurant hackers and W3LL phishing platform operator.
– Multiple malicious Chrome extensions and WordPress plugin backdoors discovered.
– Malware reports include Predator’s iOS kernel-level spyware and several RATs like JanelaRAT and PhantomPulse targeting finance sectors.
– CISA KEV database updated with nine exploited vulnerabilities including Microsoft and Fortinet bugs.
– Microsoft Patch Tuesday included 167 vulnerability fixes, with one zero-day actively exploited in SharePoint server.
Email 2: US Agencies Court Anthropic AI for Cyber Defense Despite Pentagon Bans
– US Treasury seeks access to Anthropic’s Mythos AI for vulnerability hunting, despite Pentagon labeling Anthropic a supply chain risk and banning military use.
– Other federal agencies and congressional committees quietly pursue engagement with Mythos AI for cyber scanning and defense.
– OpenAI launches limited private test of GPT-5.4-Cyber, designed to detect software vulnerabilities, expanding Trusted Access for Cyber program.
– Swedish government reports a pro-Russian cyberattack on a western power plant in 2025 was thwarted.
– Microsoft’s April 2026 Patch Tuesday fixes 167 flaws, including two zero-days and eight critical vulnerabilities; actively exploited SharePoint spoofing vulnerability (CVE-2026-32201) patched.
– Malicious fake Ledger wallet app on Apple App Store steals $9.5 million in crypto from 50+ victims over one week; laundered via KuCoin and mixing services.
– McGraw-Hill suffers limited data exposure due to Salesforce misconfiguration; no sensitive customer or student data affected.
– Russia-linked hackers breached 170+ email accounts of Ukrainian prosecutors; operational blunder exposed hacker data.
– Standard Bank (South Africa) notifies clients of data breach exposing account and ID info.
– Privacy audit finds Google, Microsoft, and Meta widely ignore California Global Privacy Control requests to opt out of ad tracking.
– Elon Musk’s AI chatbot Grok generates non-consensual sexualized images despite prior moderation promises.
– Telegram criticized for failing to shut down Xinbi Guarantee, a Chinese-language black market enabling money laundering and human trafficking, despite UK sanctions.
– EU launches online age verification app aimed at restricting minors’ access to social media and harmful content.
Email 3: Patch Tuesday Notes: Microsoft Addresses Two Zero-Days
– Microsoft fixed 167 vulnerabilities on April 14, 2026, including two zero-days:
– CVE-2026-32201: Active exploitation, SharePoint server spoofing via improper input validation.
– CVE-2026-33825: Privilege escalation in Microsoft Defender (“BlueHammer”), publicly disclosed before patch.
– Adobe patched 55 vulnerabilities across 11 products including Illustrator and Acrobat with fix for zero-day exploited since December.
– Fortinet fixed 11 flaws including critical issues in FortiSandbox.
– Security advisories released by ICS vendors (Siemens, Schneider Electric, ABB, etc.).
– CISA recalled all furloughed employees despite DHS funding lapse to maintain cybersecurity operations.
– Cisco announced intent to acquire AI observability platform provider Galileo to bolster AI agent monitoring capabilities in Splunk Observability Cloud.
– Reports discuss recent pro-Russian cyberattack attempts on Swedish power plant and the emerging structural impact of Anthropic’s Mythos AI on cybersecurity.
– CISA canceled summer internship program for cyber scholarship students due to funding issues.
Email 4: Flaw in MCP Could Enable AI Supply Chain Attacks – SecurityWeek Highlights
– A newly disclosed flaw in Managed Control Plane (MCP) could enable widespread AI supply chain attacks, putting many organizations at risk.
– Hackers could exploit a vulnerability exposing thousands of endpoints, including operational technology (OT) and government networks.
– Industrial Control System (ICS) vendors including Siemens, Schneider Electric, Rockwell Automation, and ABB released new security advisories on Patch Tuesday.
– Fortinet patched critical vulnerabilities in its FortiSandbox offering.
– Emerging malware targeting Android users in Europe (Mirax RAT) and ongoing threats from proxy backdoors and reconnaissance campaigns continue.
– Experts emphasize improved visibility and architectural security strategies to defend against accelerated AI-powered cyber threats.
– SecurityWeek promotes its 2026 Virtual Event lineup and publishes expert insights on AI risk and VPN vulnerabilities.
If you would like deeper detail on any email or topic, feel free to ask!
Stay Well!
