IT SECURITY
April 10, 2026 • 5 min read

ZYMP IT Security — April 10, 2026

This week’s IT security roundup covers critical vulnerabilities and active threats impacting organisations worldwide. From browser zero-days being exploited in the wild to ransomware operations targeting Australian accommodation providers, these developments highlight the evolving nature of cyber threats facing businesses today.

Chrome Zero-Day CVE-2026-5281 Under Active Exploitation

VULNERABILITY

Google has released security updates for Chrome addressing 21 vulnerabilities, including CVE-2026-5281, a zero-day flaw that has been exploited in the wild. The vulnerability is a use-after-free bug in Dawn, an open-source implementation of the WebGPU standard. The flaw allows a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page.

As is customary with such alerts, Google did not provide detailed information about how the vulnerability is being exploited or who may be behind the attacks. This approach is intended to ensure that the majority of users have updated with the fix before additional actors can join exploitation efforts. Users are strongly advised to update Chrome to version 146.0.7680.178 or later immediately.

Source: The Hacker News →

Adobe Data Breach Exposes 13 Million Support Tickets

DATA BREACH

A cyber threat actor known as “Mr. Raccoon” has reportedly infiltrated Adobe’s systems, claiming to have extracted sensitive information including approximately 13 million support tickets containing personal details, around 15,000 employee records, and internal documents. The breach reportedly did not originate directly from Adobe’s network but was instead achieved through a Business Process Outsourcing (BPO) company in India contracted by Adobe.

The attacker is said to have leveraged a Remote Access Tool (RAT) delivered via a malicious email to a BPO employee, then escalated privileges by targeting the employee’s manager through phishing. This incident underscores the increasing risks associated with third-party vendor relationships in cybersecurity. The deployment of the RAT reportedly enabled the attacker to gain webcam access and intercept private communications such as WhatsApp messages.

Source: Cyber Web Spider →

Critical Cisco Smart Software Manager Vulnerability Enables Remote Command Execution

VULNERABILITY

Cisco has released software updates to address a critical vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) that could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root-level privileges. The vulnerability is due to the unintentional exposure of an internal service that was not intended for public access.

An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. Cisco has confirmed that this vulnerability affects SSM On-Prem regardless of software configuration and has stated there are no workarounds that address this vulnerability. Organisations using Cisco SSM On-Prem are advised to apply the available software updates immediately to prevent potential exploitation.

Source: Cisco Security Advisory →

Space Bears Ransomware Group Targets Australian Accommodation Provider

RANSOMWARE

The Space Bears ransomware group has claimed responsibility for a breach of Brooklands of Mornington, a premium accommodation provider located on Australia’s Mornington Peninsula. The resort-style property, known for blending historical charm with modern design, is currently facing a data extortion deadline set by the attackers.

According to the ransomware group, the allegedly compromised data includes personal information of employees and guests, financial documents, and other internal files. This incident highlights the ongoing threat ransomware poses to the hospitality and accommodation sectors, where customer data is particularly sensitive. The organisation has not publicly commented on the extent of the breach or whether they intend to engage with the attackers’ demands.

Source: Volk News →

Iranian APT Actors Target US Critical Infrastructure PLCs

APT THREAT

On April 7, 2026, US federal agencies including the FBI, CISA, NSA, Department of Energy, and Cyber Command jointly warned that Iranian-affiliated APT actors are actively exploiting internet-facing programmable logic controllers (PLCs), primarily Rockwell Automation/Allen-Bradley devices. The campaign has caused operational disruptions across US Government Services, Water and Wastewater Systems, and Energy sectors.

The activity involves malicious interactions with PLC project files through unauthorized access, leading to device disruptions. The authoring agencies identified IP addresses used by the Iranian-affiliated actors to communicate with affected OT devices. This represents a significant escalation in cyber threat activity targeting critical infrastructure operational technology, with potential implications for physical system safety and reliability.

Source: CISA Advisory →

ZY Media Productions

IT • Music • Technology