This Week in Cybersecurity
Issue 17 is a study in supply chain trust exploitation — this week's biggest stories share a common thread: attackers did not need to break anything. They walked in through trusted tools, trusted platforms, and trusted management software.
The headline case is Vercel's breach through a third-party AI coding tool. The attack chain is as instructive as it is alarming: a Vercel employee installed malware disguised as Roblox cheats, an infostealer harvested credentials for a third-party AI coding tool (Context AI), and the attacker used that access to extract Vercel customer credentials downstream. The attacker never needed to touch Vercel's infrastructure directly. As AI coding tools accumulate credentials across cloud platforms, source code hosts, CI/CD systems, and databases, they have quietly become some of the highest-value targets in the developer ecosystem.
Meanwhile, North Korea's Lazarus Group continued its relentless campaign against the cryptocurrency sector, with a $290 million theft from a crypto infrastructure company — KelpDAO — confirmed this week and attributed to DPRK-linked actors. The April 2026 campaign has now touched multiple platforms and the coordination signals state-directed operations rather than opportunistic crime. DPRK crypto theft estimates for 2024 alone exceed $1.5 billion.
On the vulnerability exploitation front, Apache ActiveMQ remains a dangerous soft target: Shadowserver has confirmed over 6,400 internet-facing ActiveMQ servers are vulnerable to an actively exploited high-severity code injection flaw. And MSPs using BeyondTrust Bomgar are grappling with an active campaign targeting CVE-2026-1731, a pre-authentication RCE flaw that lets attackers turn a single compromised RMM server into a multi-tenant ransomware launchpad.
Top Stories
Vercel Breached Through Compromised Third-Party AI Coding Tool
Vercel has released a formal incident statement confirming a security breach in which a limited subset of customer credentials were exposed — and the attack never required the threat actor to directly target Vercel at all. The intrusion traces back to the Context AI breach: a Vercel employee installed malware disguised as Roblox cheat software, which ran an infostealer that harvested session tokens for Context AI, a developer productivity tool. With the stolen session, the attacker accessed Context AI and extracted Vercel credentials the employee had used within the tool's context.
The attack illustrates a compounding supply chain cascade: malware infects an endpoint, which exposes an AI tool session, which exposes cloud platform credentials, which exposes customer data downstream — four layers of compromise from a single workstation infection. Vercel has issued credential resets to affected customers and notified them directly. The broader lesson is structural: AI coding tools are credential aggregators by design, with access to cloud APIs, source repos, and CI/CD systems. Any endpoint infection on a developer machine can now cascade through every service that developer's AI tool touches.
Vercel customers should rotate credentials regardless of notification status, audit active API tokens, and enable two-factor authentication if not already active.
North Korean Hackers Blamed for $290 Million KelpDAO Crypto Theft
A cryptocurrency infrastructure company has formally attributed a $290 million theft to North Korean state-sponsored hackers — the latest confirmed incident in what researchers are characterizing as a coordinated April 2026 campaign by DPRK-linked threat clusters. On-chain fund movement patterns, cross-chain bridging techniques, and infrastructure overlap with prior DPRK-attributed wallets all point to Lazarus Group or affiliated units operating under state direction.
The theft fits a pattern that has made North Korea one of the most prolific financial threat actors in the world. DPRK cyber operations have shifted from direct smart contract exploitation toward targeting off-chain components: developer machines, key management systems, governance structures, and insider access vectors. The $290M incident follows the $280M Drift hack earlier in 2026 — itself a six-month in-person social engineering operation. The UN, FBI, and OFAC have all documented DPRK's crypto funding apparatus, which is estimated to generate $1–2 billion annually to fund the regime's weapons programs.
Organizations in the crypto sector managing significant on-chain liquidity should treat DPRK threat actor profiles as mandatory risk management reading and implement hardware security modules, multi-sig time-locks, and behavioral anomaly monitoring for governance actions.
6,400 Apache ActiveMQ Servers Actively Exploited via Code Injection Flaw
Shadowserver Foundation has confirmed that over 6,400 Apache ActiveMQ servers remain publicly exposed and vulnerable to active exploitation of a high-severity code injection vulnerability. ActiveMQ is one of the most widely deployed enterprise message brokers, commonly found in financial services, healthcare, and critical infrastructure — making the scale of unpatched exposure especially concerning.
The exploitation pattern mirrors 2023's CVE-2023-46604 campaign, which was weaponized within days by HelloKitty ransomware operators, Lazarus Group, and cryptomining botnets. Attackers scan for exposed management ports (8161, 61616), exploit the code injection flaw to achieve remote code execution, and deploy malware payloads — typically ransomware, cryptominers, or remote access tools. Organizations should patch immediately, remove internet exposure of ActiveMQ management interfaces, enforce authentication on admin consoles, and treat any previously exposed instances as potentially compromised pending investigation.
Bomgar RMM CVE-2026-1731 Exploitation Puts MSP Supply Chains at Risk
A significant surge in exploitation of CVE-2026-1731, a critical pre-authentication RCE vulnerability in BeyondTrust Bomgar, is putting managed service providers and their entire client portfolios at risk. Bomgar agents deployed across thousands of endpoints by MSPs make a single compromised Bomgar server a launchpad for simultaneous ransomware deployment across an entire managed client ecosystem — a direct replay of the Kaseya VSA and SolarWinds supply chain attack patterns.
Active campaigns are using unauthenticated exploitation of exposed Bomgar management interfaces, leveraging trusted Bomgar agent connections for lateral movement, and deploying ransomware payloads across hundreds of endpoints simultaneously while extracting credentials from the Bomgar vault. Multiple ransomware groups have been documented using this vector, with some attacks resulting in multi-tenant compromise. MSPs should apply BeyondTrust's patch immediately, restrict Bomgar console access to VPN or IP allowlist, audit logs for unauthorized sessions, and proactively notify downstream clients about potential exposure.
Security Corner
10 CVEs are newly published to the Security Advisories section this week. Key advisories to action immediately:
CVE-2026-5965 — NewSoftOA Critical OS Command Injection (CVSS 9.8) A critical OS command injection flaw in NewSoftOA (by NewSoft) allows unauthenticated local attackers to inject and execute arbitrary OS commands at the privilege level of the server process. With a CVSS of 9.8, no authentication is required and full confidentiality, integrity, and availability compromise is possible. Identify all NewSoftOA deployments, restrict access, apply least-privilege service accounts, and patch immediately upon vendor release. Full advisory →
CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Privileged API Misuse (CISA KEV) Cisco Catalyst SD-WAN Manager contains a high-severity flaw in privileged API file handling that allows an attacker with network access to upload malicious files to the local file system. Added to the CISA Known Exploited Vulnerabilities catalog on April 20, indicating confirmed active exploitation. SD-WAN Manager compromise is high impact — the management plane controls all connected branch sites and WAN policies. Apply Cisco's patch immediately and restrict API access to trusted management networks. Full advisory →
Also published this week:
- CVE-2026-29646 → Advisory →
- CVE-2026-32613 → Advisory →
- CVE-2026-32604 → Advisory →
- CVE-2026-39918 → Advisory →
- CVE-2026-24467 → Advisory →
- CVE-2025-2749 — Kentico Xperience Path Traversal → Advisory →
- CVE-2026-32956 → Advisory →
- CVE-2026-6595 → Advisory →
Quick Takes
-
French Government Agency Confirms Data Breach: A French government agency has confirmed a breach, with a threat actor claiming to be selling the exfiltrated data. Nation-state and criminal actors continue to target government entities as high-value intelligence sources. French authorities are investigating the scope and origin of the compromise. Read more →
-
Former DigitalMint Ransomware Negotiator Pleads Guilty to Extortion: A former employee of DigitalMint, a company that provided cryptocurrency ransomware negotiation services, has pleaded guilty to running a parallel extortion scheme — demanding additional payments from victims while ostensibly working to reduce their ransomware demands. The case is a reminder that even firms positioned as ransomware defenders can pose insider threat risks. Read more →
-
Anthropic MCP Design Flaw Enables RCE, Threatening AI Supply Chain: Security researchers have disclosed a design-level vulnerability in Anthropic's Model Context Protocol (MCP) that enables remote code execution by an attacker who can control a malicious MCP server. Because MCP servers act as trusted bridges between AI agents and local systems, a compromised or malicious MCP server can instruct the connected LLM to execute system commands — representing a significant AI supply chain risk for any organization deploying agent-based AI tooling. Read more →
-
Microsoft Releases Emergency Updates to Fix Windows Server Issues: Microsoft pushed out-of-band emergency updates to address critical Windows Server issues surfaced by recent Patch Tuesday rollout problems. Organizations running affected Windows Server versions should apply these emergency updates promptly, as the underlying issues affect core system stability and may leave patching gaps if left unresolved. Read more →
-
Italian Regulator Fines National Postal Service €15 Million for Data Privacy Violations: Italy's privacy watchdog (Garante) has levied a €15 million fine against the national postal service organization for violations of GDPR data protection requirements. The fine highlights regulators' continued enforcement appetite across all sectors — government-affiliated service organizations are not exempt from data protection obligations. Read more →
-
ZionSiphon Malware Targets Israeli Water Desalination OT Systems: Researchers have detected ZionSiphon, a new malware campaign specifically targeting operational technology systems at Israeli water desalination facilities. Critical infrastructure OT environments remain high-value targets for nation-state actors, and water systems — with their direct public health implications — are among the most sensitive. Read more →
Upcoming
-
KelpDAO / DPRK Attribution Follow-Through: Expect blockchain analytics firms to continue publishing detailed attribution reporting on the April 2026 DPRK crypto campaign in the coming days. Organizations with any on-chain exposure — DeFi protocols, exchanges, custodians — should coordinate with analytics providers to check if any wallet addresses in their ecosystem appear on DPRK-linked watchlists. Rapid coordination with centralized exchanges can still freeze stolen funds before laundering completes.
-
Bomgar / BeyondTrust Patch Readiness: With active multi-tenant ransomware campaigns confirmed against CVE-2026-1731, any MSP still running unpatched Bomgar should treat this as a zero-hour response situation. If patching cannot be completed immediately, removing the Bomgar management console from internet-accessible networks is the highest-priority mitigation. MSPs should also proactively communicate with clients regardless of whether compromise indicators have been found.
-
AI Tool Credential Audit: The Vercel breach via Context AI is a forcing function for a broader organizational review of what credentials AI coding tools hold. Security teams should inventory which AI tools developers use, what OAuth permissions and API tokens those tools hold, and establish a rotation cadence for any long-lived credentials accessible to AI tool integrations. This is now a repeatable attack surface, not a one-off incident.
-
ActiveMQ Exposure Verification: Organizations should run network discovery against ActiveMQ default ports (8161, 61616) to confirm no management interfaces are internet-accessible. Shadowserver's data shows thousands of organizations have not done this check — use their free notification service to see if your IP ranges appear on vulnerable-host lists.
-
Cisco SD-WAN Manager Patching (CISA KEV Deadline): CVE-2026-20122 is on the CISA KEV list, meaning FCEB agencies have a mandated remediation deadline. All organizations — not just federal — should treat CISA KEV entries as priority patches given the confirmed exploitation activity. Check affected Cisco SD-WAN Manager versions and apply available patches on an accelerated schedule.
By the Numbers
| Metric | Value |
|---|---|
| Vercel breach: attack layers in supply chain cascade | 4 |
| KelpDAO theft attributed to DPRK | $290 million |
| Drift Protocol hack (earlier April 2026) | $280 million |
| DPRK estimated 2024 crypto theft total | $1.5 billion+ |
| Apache ActiveMQ exposed & vulnerable servers | 6,400+ |
| CVE-2026-1731 (Bomgar) severity | Critical (pre-auth RCE) |
| CVE-2026-5965 (NewSoftOA) CVSS score | 9.8 Critical |
| CVE-2026-20122 (Cisco SD-WAN) status | CISA KEV — actively exploited |
| Italian GDPR fine (postal service) | €15 million |
| New CVEs published this week | 10 |
CosmicBytez Labs — IT & Cybersecurity Intelligence Hub