United States
U.S. organizations
U.S. agencies, including the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), have issued a warning to U.S. organizations that Iranian-affiliated threat actors are exploiting internet-connected programmable logic controllers (PLCs) across U.S. critical infrastructure.
The agencies warned of ongoing cyber exploitation targeting operational technology (OT) devices, including Rockwell Automation and Allen-Bradley PLCs, across multiple critical infrastructure sectors. These activities have already led to disruptions impacting organizations in affected industries.
The threat actors are reportedly focusing primarily on government services and facilities, including local municipalities, as well as water, wastewater and energy systems.
SourceHow it could affect your business
Due to the widespread use of these PLCs and the risk of attackers expanding to other OT devices, organizations should urgently review the tactics, techniques and indicators of compromise (IoCs) outlined in this advisory for signs of current or past activity. Applying recommended security measures can help reduce exposure and strengthen defenses across critical infrastructure environments.
North America
Google Chrome users
Google has confirmed another zero-day vulnerability in its Chrome web browser that is actively being exploited in the wild.
Tracked as CVE-2026-5281, the flaw is a use-after-free vulnerability in Chrome’s Dawn WebGPU implementation. Successful exploitation of this vulnerability could allow a remote attacker who has compromised the renderer process to execute arbitrary code through a crafted HTML page, putting billions of users at risk.
Zero-day vulnerabilities are becoming increasingly frequent in Chrome, with this marking the fourth such flaw patched by Google in the first four months of the year.
SourceHow it could affect your business
If exploited, this vulnerability could lead to data corruption or browser crashes, potentially opening the door to further compromise. Users should navigate to the three-dot menu in Chrome and select Help > About Google Chrome to ensure they are running the latest version. Any pending update will download automatically, and restarting the browser when prompted will apply the fix for CVE-2026-5281.
North America
Microsoft users
Microsoft has revealed that hundreds of organizations across all sectors worldwide are being compromised daily through a large-scale phishing campaign that leverages the device code authentication flow.
The campaign uses AI and automation throughout the attack chain to compromise corporate email accounts and steal data. Threat actors begin by querying Microsoft’s GetCredentialType API to verify whether targeted email addresses are valid and active. They then use AI to craft highly personalized phishing emails tailored to the recipient’s role, often including malicious attachments or links.
To evade detection, attackers avoid linking directly to phishing sites and instead route victims through multiple redirects using compromised legitimate domains and trusted platforms such as Railway, Cloudflare Workers, DigitalOcean and AWS Lambda. The final page mimics a browser window, prompting users to verify their identity via a button that redirects them to Microsoft.com/devicelogin and displays the device code.
SourceHow it could affect your business
Phishing campaigns are becoming increasingly sophisticated, especially with the rise of phishing-as-a-service toolkits that make advanced attacks easier to scale. Organizations must prioritize user awareness and deploy robust phishing defenses to identify and block these evolving threats before credentials and sensitive data are compromised.
North America
Rockstar Games
Rockstar Games, the studio behind popular titles like Grand Theft Auto and Red Dead Redemption, suffered a significant data breach, with more than 78.6 million internal records reportedly leaked online.
Earlier on April 11, the ransomware group ShinyHunters posted a ransom demand on its dark web portal, threatening to release the data if Rockstar did not engage by April 14. Reports indicate the breach originated with Anodot, a cloud cost-monitoring platform used by Rockstar, where attackers extracted authentication tokens and used them to access Rockstar’s Snowflake data warehouse.
The leaked data primarily consists of a large analytics dataset related to Grand Theft Auto Online and Red Dead Online.
SourceHow it could affect your business
Third-party breaches like this show how a compromise in a connected platform can expose an organization’s internal systems and data. To reduce risk, organizations should enforce strict access controls for integrations, monitor token usage and third-party connections closely and limit the scope of access granted to external services.
North America
CPUID
Visitors to the CPUID website, the developer of system diagnostic tools like CPU-Z and HWMonitor, were briefly exposed to malware after attackers compromised part of its backend and replaced legitimate download links with malicious ones.
The issue surfaced when users attempted to download updates for tools such as HWMonitor and CPU-Z, triggering antivirus alerts. Some downloads appeared under unusual file names, indicating that the distribution process had been tampered with.
CPUID later confirmed that a secondary API component was compromised for approximately six hours between April 9 and April 10, causing the website to intermittently serve malicious links. The company stated that its original signed files were not affected.
SourceHow it could affect your business
Supply chain attacks like this can have far-reaching repercussions, as compromising a trusted source can expose a wide range of users and systems in a short time. To reduce risk, organizations should verify software integrity before installation, restrict downloads to trusted sources and continuously monitor systems for unusual behavior following updates.
