Article Read Time
1. North Korean Hackers Flood Developer Ecosystems with 1,700 Malicious Packages
North Korea-linked threat actors operating under the “Contagious Interview” campaign have distributed over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist, the most expansive software supply chain poisoning operation attributed to the group to date. The packages impersonate legitimate developer tooling and function as malware loaders, delivering infostealers and remote access trojans (RATs) as second-stage payloads. Security Alliance (SEAL) also revealed it blocked 164 domains impersonating Microsoft Teams and Zoom that were linked to UNC1069 (also tracked as BlueNoroff/Sapphire Sleet) between February and April 7, 2026.
Source: The Hacker News — N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
2. Smart Slider 3 Pro Hijacked in Supply Chain Attack, Backdoor Pushed to 1M+ Sites
Unknown threat actors compromised the update infrastructure of Nextend’s Smart Slider 3 Pro plugin, used by over one million WordPress and Joomla websites, and pushed a weaponized version (3.5.1.35) on April 7, 2026. The malicious update was live for approximately 6 hours before detection, during which it installed multiple backdoors capable of unauthenticated remote code execution, automated credential theft, and the creation of a persistent rogue admin account. Data exfiltrated to attackers included site URLs, database names, WordPress admin credentials, and lists of installed persistence mechanisms. Users still on the compromised version should update to 3.5.1.36 or later immediately.
Source: The Hacker News — Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
3. Chrome Zero-Day CVE-2026-5281 Actively Exploited — Google Issues Emergency Patch
Google confirmed active in-the-wild exploitation of CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chrome’s open-source WebGPU implementation. A remote attacker who had already compromised the renderer process could leverage the flaw to execute arbitrary code via a crafted HTML page. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on April 1, mandating remediation for federal agencies by April 15. This is Chrome’s fourth actively weaponized zero-day of 2026. Users should update to version 146.0.7680.177/178 on Windows and macOS, or 146.0.7680.177 on Linux.
Source: The Hacker News — New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation
4. Italian Spyware Firm SIO Caught Deploying Fake WhatsApp App Against 200 Targets
Meta’s WhatsApp security team has notified approximately 200 users, most of whom are in Italy, that they were targeted by a counterfeit iOS version of WhatsApp built by Italian surveillance firm SIO through its subsidiary ASIGINT. The fake app was distributed via third-party channels outside official app stores and functioned as a full commercial spyware implant designed for law enforcement and intelligence clients. WhatsApp has attributed the operation to SIO and announced plans to pursue legal action. The incident adds to a growing pattern of European-developed government spyware being turned against domestic civilians and journalists.
Source: The Hacker News — WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
5. AI Browser Extensions Found to Pose Significantly Elevated Security Risks
New security research has found that AI-powered browser extensions are 60% more likely to contain vulnerabilities than the average extension, 3 times more likely to access user cookies, and 2.5 times more likely to execute remote scripts within the browser environment. The findings come as AI extensions have proliferated rapidly across Chrome and Edge, often with broad permissions granted by users who underestimate the access they’re authorizing. Security researchers are urging organizations to audit installed extensions and apply least-privilege policies, treating AI extensions as a distinct high-risk category within their browser security posture.
Source: SharkStriker — April 2026 Data Breaches: 15+ Major Incidents & Latest Updates