{"id":377888,"date":"2026-04-06T13:09:15","date_gmt":"2026-04-06T13:09:15","guid":{"rendered":"https:\/\/www.newsbeep.com\/il\/377888\/"},"modified":"2026-04-06T13:09:15","modified_gmt":"2026-04-06T13:09:15","slug":"6th-april-threat-intelligence-report","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/il\/377888\/","title":{"rendered":"6th April \u2013 Threat Intelligence Report"},"content":{"rendered":"

For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin.<\/a><\/p>\n

TOP ATTACKS AND BREACHES<\/p>\n

The European Commission, the European Union\u2019s executive body, has confirmed<\/a> a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web Services account and resulted in data theft, while websites and internal systems remained operational.
\nGlobal toys and games manufacturing giant Hasbro has disclosed<\/a> a cyberattack after detecting unauthorized access to its network on March 28. Some systems were taken offline, and the company warned that recovery could take weeks and cause delays.
\nCryptocurrency trading platform Drift Protocol on Solana has\u00a0suffered<\/a> a major breach after an attacker gained enough Security Council approvals to execute pre-signed transactions on April 1. Drift said roughly $280 million was affected, froze platform activity, and stated the incident did not involve a smart contract flaw or seed phrase compromise.
\nLuxury camping providers Roan and Eurocamp have\u00a0experienced<\/a> a data breach that exposed guest names, email addresses, phone numbers, travel destinations, booking dates, and prices. Attackers are using the stolen data in WhatsApp payment scams, while the companies said the flaw was patched and no passwords or payment data were taken.<\/p>\n

AI THREATS<\/p>\n

Check Point Research\u00a0demonstrated<\/a> a hidden outbound channel in ChatGPT\u2019s execution runtime that enabled silent exfiltration of user data. A single malicious prompt or a backdoored GPT could transmit chat content and uploaded files to attackers through DNS.
\nCheck Point warns<\/a> that based on leaked details about Anthropic\u2019s Claude \u201cMythos\u201d, the model will likely accelerate vulnerability discovery, exploit development, and multi-step attack automation. The new capabilities could sharply reduce time to exploit and make advanced offensive techniques more broadly accessible.
\nResearchers\u00a0examined<\/a> six AI agents and found that impersonation and fabricated urgency can push them to disclose data or take harmful actions. In testing, an agent forwarded 124 emails containing personal and financial details, while others deleted files and reassigned admin access.
\nResearchers\u00a0observed<\/a> a flaw in Google Cloud\u2019s Vertex AI Agent Engine that could let attackers extract service agent credentials and pivot into customer projects. The exposed privileges enabled access to storage and Artifact Registry resources, and permissive OAuth scopes also increased the risk of wider Google Workspace exposure.<\/p>\n

VULNERABILITIES AND PATCHES<\/p>\n

Cisco\u00a0released<\/a> urgent fixes for CVE-2026-20093, a critical authentication bypass in its Integrated Management Controller software used across ENCS 5000, Catalyst 8300 uCPE, and UCS C-Series M5 and M6 servers. Remote attackers can reset any account, including Admin, allowing full device takeover.
\nResearchers\u00a0discovered<\/a> CVE-2026-5281, a zero-day memory flaw in Chrome\u2019s WebGPU component, Dawn, that also impacts Edge, Brave, Opera, and other Chromium-based browsers. The vulnerability is being actively exploited and can enable code execution on user systems, prompting inclusion in CISA\u2019s Known Exploited Vulnerabilities catalog.
\nProgress has\u00a0addressed<\/a> two critical ShareFile vulnerabilities, including CVE-2026-2699 with a CVSS score of 9.8, that can be chained for unauthenticated remote code execution. The flaws let attackers reach restricted configuration pages and upload arbitrary files to the server without logging in to affected installations.
\nF5\u00a0reclassified<\/a> CVE-2025-53521, a BIG-IP Access Policy Manager vulnerability, as a critical remote code execution flaw under active exploitation. More than 14,000 internet-exposed systems were still visible online, and the company published indicators of compromise and rebuild guidance for affected devices.<\/p>\n

THREAT INTELLIGENCE REPORTS<\/p>\n

Check Point Research has\u00a0unmasked<\/a> TrueChaos, a campaign exploiting a 0-day vulnerability (CVE-2026-3502) in TrueConf\u2019s on-premises update process to push malicious updates to Southeast Asian government networks. Attackers delivered Havoc payloads through trusted servers, and the activity was assessed with moderate confidence as being affiliated with a Chinese nexus.
\nCheck Point Research have\u00a0outlined<\/a> an Iran-nexus password-spraying campaign against Microsoft 365 in the Middle East, conducted in three waves during March. The activity focused on Israel and the UAE, targeting municipalities and using Tor and VPN infrastructure to evade geofencing and complicate attribution.
\nCheck Point Research have\u00a0uncovered<\/a> coordinated tax-season phishing and malware activity, with hundreds of newly registered tax-themed domains and rising risk levels. In March 2026, one in ten new domains was flagged as risky, while IRS-impersonating sites harvested personal data and Spain-themed emails delivered malware loaders.
\nResearchers\u00a0documented<\/a> a supply chain compromise of the Axios npm package, a widely used HTTP client with millions of monthly downloads, that briefly pushed malicious releases delivering a remote access trojan. The tampered versions used a hidden dependency to fetch a second-stage payload and erase traces after installation.<\/p>\n","protected":false},"excerpt":{"rendered":"For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence…\n","protected":false},"author":2,"featured_media":377889,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[114,85,46],"class_list":{"0":"post-377888","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-business","9":"tag-il","10":"tag-israel"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/posts\/377888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/comments?post=377888"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/posts\/377888\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/media\/377889"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/media?parent=377888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/categories?post=377888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/il\/wp-json\/wp\/v2\/tags?post=377888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}