CyberNews: 12/04/2026 Edition

Published by Dunateo on 2026-04-12

Today’s roundup

  • Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
  • Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
  • GlassWorm evolves with Zig dropper to infect multiple developer tools
  • CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
  • Over 20,000 crypto fraud victims identified in international crackdown
  • Experts published unpatched Windows zero-day BlueHammer
  • Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium
  • Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
  • CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw
  • EngageLab SDK flaw opens door to private data on 50M Android devices

    • Summary

    Adobe issued emergency patches for a critical, actively exploited RCE flaw (CVE-2026-34621, CVSS 8.6) in Acrobat Reader. Immediate application of updates is advised to prevent malicious code execution.

    Censys reported 5,219 internet-exposed Rockwell Automation PLCs, 74.6% in the U.S., vulnerable to Iranian APTs. These critical infrastructure devices, often with outdated firmware, are targeted via EtherNet/IP to disrupt OT systems like water and energy.

    The GlassWorm campaign now employs a Zig-compiled dropper hidden in a fake OpenVSX extension. This dropper infects multiple IDEs (VS Code, Cursor) and installs a second-stage GlassWorm RAT from GitHub for data theft, using advanced evasion techniques.

    CPUID's website was compromised (April 9-10), distributing the STX Remote Access Trojan (RAT) via trojanized CPU-Z and HWMonitor downloads. Users who downloaded these tools during this period may be infected.

    An international law enforcement operation led by the U.K. NCA identified over 20,000 victims of cryptocurrency fraud across the UK, US, and Canada, highlighting a major cross-border cybercrime issue.

    Security experts have publicly disclosed "BlueHammer," an unpatched Windows zero-day vulnerability. This poses an immediate, significant risk to Windows users, as no patch is currently available.

    A ransomware attack struck ChipSoft, a major EHR software provider, disrupting services for hospitals in the Netherlands and Belgium. This severely impacted patient care and operational continuity in the healthcare sector.

    An RCE vulnerability is being actively exploited in F5 BIG-IP APM instances, with approximately 14,000 instances globally still exposed. This presents a critical risk to organizations using these widely deployed ADC systems.

    Fortinet patched a high-severity, actively exploited vulnerability (CVE-2026-35616) in its FortiClient EMS product. Urgent fixes are released to prevent potential system compromise.

    A critical intent redirection flaw in the EngageLab SDK could expose private data on up to 50 million Android devices, posing a significant privacy and security risk for users.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-34621 High
    CVE-2026-35616 Critical