CyberNews: 04/04/2026 Edition

Published by Dunateo on 2026-04-04

Today’s roundup

  • LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
  • Hims & Hers warns of data breach after Zendesk support ticket breach
  • Die Linke German political party confirms data stolen by Qilin ransomware
  • China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
  • Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
  • Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
  • European Commission breach exposed data of 30 EU entities, CERT-EU says
  • Hackers Are Posting the Claude Code Leak With Bonus Malware
  • Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
  • Massachusetts emergency communications system impacted by cyberattack

    • Summary

    A report dubbed "BrowserGate" reveals that Microsoft's LinkedIn is discreetly scanning visitors' browsers for over 6,000 installed Chrome extensions and collecting device data via hidden JavaScript. This raises significant privacy concerns regarding corporate data collection practices.

    Telehealth provider Hims & Hers Health confirmed a data breach originating from a third-party customer service platform, Zendesk, where support tickets were stolen. The incident affects personal health information handled through the service.

    The Qilin ransomware group has claimed responsibility for a cyberattack against the German political party Die Linke. The attack caused an IT systems outage and included a threat to leak sensitive data.

    A China-aligned threat actor, TA416, has been targeting European government and diplomatic organizations since mid-2025. The campaign employs PlugX malware and OAuth-based phishing tactics for espionage.

    Microsoft Defender Security Research Team has detailed an increasing trend where threat actors use HTTP cookies as a control channel for PHP-based web shells on Linux servers. These web shells establish persistence via cron jobs to achieve remote code execution.

    The blast radius of TeamPCP's supply chain attacks is expanding, with reports indicating involvement and credit-taking by other prominent hacking groups, ShinyHunters and Lapsus$. This complex situation creates a murky threat landscape for enterprises.

    CERT-EU confirmed that a European Commission cloud breach, attributed to the TeamPCP group, exposed data from at least 30 EU entities, affecting up to 71 Europa web hosting clients. The incident, publicly disclosed on March 27, originated from a stolen AWS API key on March 19 via a Trivy supply chain compromise. The ShinyHunters group subsequently published 350GB of exfiltrated data, including emails and confidential documents.

    Hackers are distributing the leaked Claude AI source code, bundling it with additional malware. Separately, the FBI has stated that a recent hack compromising its wiretap tools poses a significant national security risk.

    Meta has halted collaboration with Mercor, a key data vendor, following a security incident that could have exposed critical data concerning how major AI laboratories train their models. This breach puts AI industry secrets at risk.

    An emergency communications system serving several small towns in northern Massachusetts was impacted by a cyberattack. The incident potentially disrupted critical public safety services for the affected communities.

    Want to dig deeper?

    Cyber Groups

    Mustang Panda TA416, RedDelta, BRONZE PRESIDENT