Latest Interesting Cybersecurity News – 2026-26-04

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

1. Microsoft open-sources Agent Governance Toolkit to enforce deterministic runtime policies for AI agent actions

Microsoft released the Agent Governance Toolkit (public preview) to sit between AI agent frameworks and the tools/resources agents try to use, enforcing deterministic allow/deny decisions and generating audit evidence before execution. It targets “runtime governance” controls (policy enforcement, identity, sandboxing, and operational guardrails) and claims full coverage of the OWASP Agentic Top 10 via 9,500+ tests, positioning it as an application-layer alternative to prompt-only safety controls.

Key Details

• The toolkit explicitly governs agent actions (tool calls, resource access, inter-agent messages) rather than LLM inputs/outputs, and describes its checks as deterministic (“not probabilistic”).
• Integrations are positioned as framework-agnostic, listing support paths (middleware/adapters/plugins) for stacks such as Semantic Kernel, AutoGen, LangChain/LangGraph, CrewAI, OpenAI Agents SDK, and Google ADK.

Read more at GitHub

2. Microsoft to enable Entra passkey sign-ins from unmanaged Windows PCs, rolling out in late April

Microsoft will roll out Entra passkeys on Windows starting in late April, with general availability expected by mid-June 2026. 

The feature enables phishing-resistant, passwordless authentication to Entra-protected resources — and crucially, it now works on any Windows device, not just company-managed ones. 

Previously, users on personal or shared Windows devices that weren't enrolled in company management had to fall back to passwords. Now they can authenticate using Windows Hello (face, fingerprint, or PIN) from those devices too, with each device storing its own passkey locally.

Next Steps

• If you want to support this, enable “Microsoft Entra ID with passkeys” in Entra Authentication Methods and verify your Conditional Access policies permit the intended device scenarios (corporate-managed, personal, shared).

Read more at BleepingComputer

3. Helpdesk impersonation over Microsoft Teams used to trick users into installing SNOW malware and remote access tools

Microsoft Teams allows anyone to register a tenant with any display name and cold-message your employees — arriving inside Teams looking like internal IT. UNC6692 exploits this by impersonating helpdesk staff, often after deliberately flooding victims with spam to create panic. Employees who comply are walked into installing malware that enables credential theft, browser hijacking, and persistent remote access.

Key Details

• The attack installed SNOWBELT, a malicious Chromium-based browser extension by launching Microsoft Edge in headless mode and loading the extension, then used it to pull additional SNOW components.
• The SNOW toolkit is modular: SNOWBELT (JS backdoor) relays tasks to SNOWBASIN (persistent command execution, file transfer, screenshots) and SNOWGLAZE (Python tunneler creating an authenticated WebSocket tunnel to C2).

Next Steps

• Restrict or disable Teams inbound chats/meetings from external tenants

Read more at BleepingComputer, The Hacker News, BleepingComputer, CSO Online

4. GitHub issue lures can trick developers into authorizing malicious OAuth apps with repo and workflow access

A phishing technique abuses GitHub's own notification infrastructure to deliver convincing security alerts that drive targets to authorize a malicious GitHub OAuth App requesting broad scopes.

Mentioning any GitHub user in an issue on any public repository (including one the attacker creates themselves) automatically triggers an official email notification to their primary address, sent from [email protected]. 

The email contains the issue body, where action links disguised behind a URL shortener lead directly to a malicious app's GitHub OAuth authorization prompt. 

If the victim clicks "Authorize," the attacker's app obtains an access token granting data access and code/workflow modification rights across the victim's GitHub account.

Next Steps

• Be suspicious of Github notification e-mails.

Read more at atsika.ninja

5. Bitwarden CLI npm package version @bitwarden/cli 2026.4.0 found compromised via GitHub Actions supply-chain vector

Socket reported that the Bitwarden ("the best password manager for businesses") CLI npm package was compromised, with malicious code shipped inside the published package and linked to the wider Checkmarx GitHub Actions supply-chain campaign. 

The payload is described as stealing CI/CD and developer credentials (including GitHub and npm tokens and cloud credentials) and using attacker-controlled infrastructure for exfiltration.

Key Details

• Affected npm artifact identified so far: @bitwarden/cli2026.4.0, with the malicious payload located in a package file named bw1.js.
• Exfiltration infrastructure overlaps the Checkmarx campaign, including calls to audit.checkmarx[.]cx/v1/telemetry and an associated IP 94[.]154[.]172[.]43.
• Credential theft targets multiple secret sources (per the analysis), including GitHub Actions tokens (via runner memory scraping and environment variables), npm tokens (.npmrc), SSH keys, and cloud credentials for AWS/Azure/GCP.

Next Steps

• Remove/block @bitwarden/cli2026.4.0 in developer and CI environments and identify any systems that installed it.
• Rotate potentially exposed secrets for affected environments (GitHub tokens, npm tokens, CI/CD secrets, cloud credentials, SSH keys) and review CI logs tied to the compromised workflow execution.

Read more at Socket

6. Apple fixes iOS/iPadOS bug that retained “deleted” notifications, enabling recovery of message content from notification history

Apple released updates to fix CVE-2026-28950, a Notification Services issue where notifications marked for deletion could be unexpectedly retained on the device. The flaw matters because retained notification content (including message previews) can be forensically extracted from a device’s notification history database even after the originating app is removed.

Key Details

• The update follows reporting that the FBI extracted copies of incoming Signal messages from an iPhone via the push notification database, even after the app was deleted.
• Signal stated that after installing the patch, previously preserved notifications will be deleted and future notifications won’t be preserved for deleted applications.

Next Steps

• Deploy iOS 26.4.2 / iPadOS 26.4.2 or iOS 18.7.8 / iPadOS 18.7.8 across impacted fleets (per Apple’s device lists).
• Set Signal (and other messaging app’s) notification previews to “Name only” or “No name or message” (Signal: Profile → Notifications → Show).

Read more at The Hacker News

7. Deepfake-enabled mobile KYC fraud used stolen IDs to open 46 ABN AMRO bank accounts

A fraudster reportedly used stolen identity documents plus deepfake-generated selfies to pass ABN AMRO’s (3rd largest bank in the Netherlands) mobile onboarding facial checks and open 46 accounts. 

The case illustrates how selfie-to-ID face matching can be defeated when the system verifies likeness but not whether a real, live person is present at capture time.

Key Details

• The stolen IDs were gathered via a fake rental listing on Marktplaats and additional harvesting from social media.
• Police and prosecutors cited seizures including multiple debit cards and PINs tied to ABN AMRO accounts, dozens of fake IDs, and chat logs showing the suspect asked ChatGPT how to bypass bank security.

Read more at iProov

8. Florida opens criminal investigation into OpenAI, subpoenas sought over ChatGPT chats tied to FSU shooting

Florida Attorney General James Uthmeier said the state has opened a criminal investigation and issued subpoenas seeking information from OpenAI over whether ChatGPT bears any criminal responsibility for communications with the Florida State University shooter. The probe centers on claims the shooter asked the chatbot questions that could support planning a shooting, raising a novel test of how prosecutors may try to apply criminal liability theories to AI product design and operation.

Read more at SiliconANGLE

9. FIRESTARTER backdoor persists on Cisco ASA/Firepower firewalls after patching, requiring power-cycle and often reimage

CISA and the UK NCSC disclosed FIRESTARTER, a Cisco ASA/Firepower backdoor that can survive firmware updates and normal reboots after the original CVEs were patched, enabling threat actors to retain or regain access without re-exploitation. The malware achieves persistence by embedding itself into the device’s boot process and then hooking core firewall/VPN processing to execute attacker-provided code when triggered by specially crafted traffic.

Key Details

• CISA found FIRESTARTER on a US federal civilian agency Cisco Firepower device after suspicious connections were detected via continuous monitoring; the discovery drove an updated CISA emergency directive for federal agencies.
• Only a hard power cycle (physically removing power) clears the in-memory persistence mechanism; standard reboot/reload commands do not remove it, per CISA and Cisco.

Read more at BleepingComputer, Security Affairs, The Hacker News, SecurityWeek, CyberScoop

10. 73 Open VSX “sleeper” lookalike extensions impersonate popular tools, then activate via updates to pull VSIX malware

Researchers reported 73 new Open VSX Marketplace impersonation extensions linked to the GlassWorm campaign, published as lookalike clones that initially appear benign. At least six have since “activated” via normal extension updates to install malware, using the extension as a thin loader that fetches or runs payloads from outside the visible source code.

Key Details

• Impersonation relies on cloned listings (icons, names, descriptions, README content) so a quick browse can confuse them with legitimate extensions (example cited: a Turkish language pack clone mimicking the real MS-CEINTL publisher).

Next Steps

• Establish a strong process for IDE extension vetting and allowlisting.
• Hunt for and remove the confirmed malicious Open VSX extensions listed in the report (including: outsidestormcommand.monochromator-theme; keyacrosslaud.auto-loop-for-antigravity; krundoven.ironplc-fast-hub; boulderzitunnel.vscode-buddies; cubedivervolt.html-code-validate; winnerdomain17.version-lens-tool).

Read more at Socket, Cybersecurity News

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.