Weekly cybersecurity threat intelligence roundup covering major incidents and research for the week of April 13, 2026. Key breaches include a 7.7TB LAPD data exposure, a ransomware attack on Dutch healthcare vendor ChipSoft disrupting hospitals, Qilin ransomware hitting German political party Die Linke, and a $3.6M crypto theft from Bitcoin Depot. AI-specific threats include GrafanaGhost prompt injection attacks, AI agent manipulation frameworks, and malicious third-party API routers hijacking agent tool calls. Critical vulnerabilities include an actively exploited Ivanti Endpoint Manager Mobile RCE (CVSS 9.8), an Adobe Reader zero-day active since December 2025, a Marimo Python notebook RCE, and a Fortinet FortiClient EMS access control flaw. Threat reports highlight 1,995 average weekly attacks per organization in March 2026, 36 malicious npm packages impersonating Strapi plugins, Storm-1175/Medusa ransomware rapid exploitation, and a BITTER APT hack-for-hire campaign targeting journalists and activists.
Sort: