Cyber Security News

Start. Stay. Grow.

Curated daily. The latest hacks, breaches, and cyber trends—humanized.

Daily cyber brief

Wednesday, April 29, 2026

Hacking Editorial Brief – April 29, 2026

Active Campaigns and Threat Actor Operations

Brazilian threat group LofyGang has resurfaced after a three-year hiatus, deploying LofyStealer malware disguised as Minecraft hacking tools. The campaign targets gaming users, exfiltrating IBAN banking details and passwords to infrastructure at 24.152.36[.]241. Meanwhile, Iran-linked hacktivist group Handala published personal data on 2,379 U.S. Marines stationed in the Persian Gulf, including names and phone numbers. A newly identified threat actor designated UNC6692 is conducting sophisticated social engineering attacks through Microsoft Teams, combining email bombing tactics with phishing to deploy a custom malware suite called "Snow" that includes browser extensions, tunneling capabilities, and backdoors designed for credential theft and domain takeover. In Italy, Paragon Solutions' "Graphite" spyware has triggered an ongoing investigation after approximately 90 individuals worldwide received Apple threat notifications, though the company reportedly is not cooperating with Italian authorities probing the campaign.

Breaches and Infrastructure Incidents

Vercel confirmed a security breach after an employee's Google Workspace account was compromised, with threat actors escalating access to environment variables and internal deployments. GitHub demonstrated rapid incident response by patching a critical remote code execution vulnerability within two hours of disclosure through its bug bounty program, completing validation, deployment, and forensic investigation with no confirmed exploitation. E-commerce platform eBay suffered widespread disruptions beginning April 26 from a DDoS attack claimed by hacktivist group 313 Team. On the law enforcement front, the FBI announced the extradition to the United States of alleged Chinese hacker Xu Zewei, accused of targeting U.S. universities and COVID-19 vaccine research in a China-linked intrusion campaign.

Sources: TechCrunch · Yahoo · The Hacker News · SAN · BleepingComputer · The Cyber Express · GitHub Blog

Around the Web

Last Updated: N/A

Hacks + Heists

Critical GitHub Vulnerability Patched in Under Two Hours

GitHub responded to a critical remote code execution vulnerability reported through its bug bounty program by validating the finding, deploying a fix,...

Iran-linked hackers publish personal data on U.S. Marines in Mideast

The Iran-linked hacker group Handala published the alleged names and phone numbers of 2379 U.S. Marines stationed in the Persian Gulf.

FBI brings alleged China-linked hacker to US in rare extradition as Patel defends Italy trip

FBI Directo Kash Patel says the FBI arrested alleged Chinese hacker Xu Zewei, accused of targeting U.S. universities and COVID-19 vaccine research ...

Paragon is not collaborating with Italian authorities probing spyware attacks, report says

... hacking campaign that targeted around 90 people around the world with its “Graphite” spyware. The notifications prompted a scandal in Italy that ....

Medical Device Maker Medtronic Says It's Been Hacked - GovInfoSecurity

Medtronic has told federal authorities that cybercriminals hacked its corporate IT systems, but said the incident did not affect the medical ...

Big Cyber

Medtronic says cyberattack on IT network has not disrupted operations

Medical device maker Medtronic confirms cyberattack on corporate IT systems did not affect products or operations.

Major critical infrastructure supplier reports cyberattack

Critical infrastructure supplier Itron reports cyberattack affecting smart meters and energy/water measurement devices.

Report finds cybersecurity workers feel underpaid, undervalued and overstressed ... - TechRadar

Cybersecurity workers are among the most affected by AI impact on jobs · Increased pressure and unsuitably low salaries are putting workers off ...

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

A code reuse vulnerability in OpenSSH introduced 15 years ago could allow attackers to obtain full root shell access to vulnerable servers.

The Cybersecurity Chronicles

‘The Cybersecurity Chronicles: 2024‘ pulls back the curtain on the digital threats that shaped our world last year, revealing the human stories behind the headlines. From art galleries frozen by ransomware to prison tablets hacked with a minus sign, from British Library archivists racing to protect centuries of knowledge to Spotify users meticulously curating their digital identities – these stories illuminate how cybersecurity touches every aspect of modern life.

Author Mark Nole weaves together intimate portraits of the people on all sides of the digital battlefield: the defenders working through sleepless nights to protect critical infrastructure, the victims grappling with stolen identities and lost savings, and even the attackers themselves, operating from nondescript offices with project management software and performance metrics.

Through detailed reporting and narrative storytelling, Nole reveals how 2024 became the year when cybersecurity stopped being just a technical problem and emerged as a fundamentally human challenge. Whether you’re a security professional or simply someone trying to understand our increasingly digital world, these chronicles offer an unprecedented look at how technology shapes – and sometimes betrays – our trust, our privacy, and our lives.

Mark Nole Book Cover for Cybersecurity book

Stay Updated with Cyber Security News

Get the latest cybersecurity headlines, breaking news, and expert insights delivered directly to your inbox. Stay ahead of threats and informed about the digital landscape.

Join thousands of cybersecurity professionals and enthusiasts. No spam, just valuable insights.