Explore the Latest in AI and Cyber

About Us   |   Contact Us

Top 10 Cybersecurity Stories This Week: LMDeploy AI Exploited in 13 Hours, CPUID Supply Chain Attack, Anthropic Mythos 27-Year OpenBSD Bug

Apr 24, 2026 | AI, Fresh Ink, Security

April 24, 2026 | ITBriefcase.net
Why it matters:
LMDeploy AI toolkit CVE-2026-33626 (CVSS 7.5) exploited within 12 hours 31 minutes of GitHub advisory publication April 21, demonstrating AI infrastructure vulnerabilities weaponized faster than traditional patch cycles, with Sysdig honeypots capturing systematic port scanning targeting AWS Instance Metadata Service, Redis, MySQL via Server-Side Request Forgery enabling cloud credential theft—highlighting collapsing exploit window where “Patch Tuesday” cadences insufficient for AI-serving infrastructure protection. CPUID supply chain attack April 9-10 compromised official download infrastructure serving trojanized CPU-Z and HWMonitor installers containing STX RAT remote access trojan to 150+ victims across retail, manufacturing, consulting, telecommunications, agriculture sectors in Brazil, Russia, China through 19-hour window (15:00 UTC Apr 9 – 10:00 UTC Apr 10), demonstrating watering hole attacks targeting IT administrator/technician tool distribution channels enabling privileged access compromise. Anthropic Project Glasswing utilizing Claude Mythos AI model discovered 27-year-old vulnerability in OpenBSD (historically considered most secure operating system) alongside vulnerabilities across every major OS and browser surviving decades of human audits, aggressive fuzzing, open-source scrutiny—demonstrating AI capabilities surpassing human security researchers in vulnerability discovery and validating concerns about offensive cybersecurity applications necessitating restricted model access. McGraw-Hill 45 million Salesforce records breach exposed personally identifiable information through ShinyHunters exploitation of Salesforce environment misconfigurations, while SongTrivia 2.9 million user accounts leaked authentication tokens, emails, avatars, passwords on breach forums, and Grinex cryptocurrency exchange suffered $13 million loss from state-sponsored attack forcing operational suspension. Operation PowerOFF international law enforcement disrupted 53 DDoS-for-hire domains, arrested 4 individuals, exposed 3 million criminal accounts demonstrating 75,000+ cybercriminals utilized commercial distributed denial-of-service operations, while ransomware negotiator Angelo Martino pleaded guilty to BlackCat collaboration highlighting insider threat from cybercrime facilitators.
The bottom line:
Organizations must accelerate vulnerability patching from monthly “Patch Tuesday” cycles to hours/days matching AI-discovered exploitation timelines, implement egress filtering and network segmentation for AI inference servers preventing SSRF attacks on cloud metadata services, audit software supply chains for trojanized downloads from trusted sources (verify cryptographic signatures, hash validation), deploy privileged access management preventing IT administrator account compromise enabling enterprise-wide lateral movement, implement Salesforce security hardening beyond default configurations, and prepare for AI-accelerated threat landscape where advisory publication to weaponized exploit compressed to 12-13 hours. The convergence of AI vulnerability exploitation acceleration (LMDeploy 12.5 hours, Marimo 10 hours), supply chain trust abuse (CPUID official infrastructure serving malware), AI offensive capabilities surpassing humans (Mythos finding 27-year OpenBSD bug), enterprise SaaS misconfiguration exploitation (McGraw-Hill 45M Salesforce records), and cybercrime facilitator insider threats (ransomware negotiator guilty plea) demands comprehensive security transformation including AI-speed patch deployment, zero-trust architecture assuming software distribution compromise, behavior-based detection not relying on signatures/IOCs, cloud-native security (IMDSv2, IAM role constraints), and executive recognition that traditional security approaches fundamentally insufficient for 2026 threat landscape.

Story 1: LMDeploy CVE-2026-33626—AI Toolkit SSRF Exploited Within 13 Hours of Disclosure

Impact: CRITICAL CVE: CVE-2026-33626 (CVSS 7.5) Vulnerability Type: Server-Side Request Forgery (SSRF) Disclosure Date: April 21, 2026 (GitHub Advisory GHSA-6w67-hwm5-92mq) First Exploitation Detected: April 22, 2026 at 03:35 UTC (12 hours 31 minutes post-disclosure) Threat Intelligence Source: Sysdig Threat Research Team honeypot telemetry

Summary

Critical Server-Side Request Forgery vulnerability in LMDeploy open-source toolkit for deploying large language models exploited in wild 12 hours 31 minutes after GitHub advisory publication—without any public proof-of-concept exploit code availability—demonstrating threat actors rapidly converting security advisories directly into working exploits. Sysdig honeypot fleet detected first exploitation attempt April 22 at 03:35 UTC originating from IP 103.116.72.119 (Kowloon Bay, Hong Kong). Attacker conducted sophisticated eight-minute session using LMDeploy’s vision-language image loader as generic HTTP SSRF primitive executing 10+ separate requests across three phases targeting:
  • AWS Instance Metadata Service (IMDS) at 169.254.169.254 for IAM credential theft
  • Redis (port 6379), MySQL (port 3306), HTTP admin interface (port 8080)
  • Out-of-band DNS callback to requestrepo[.]com verifying SSRF external reachability
  • Localhost port scanning (127.0.0.1) systematically probing internal services
CVE-2026-33626 affects all LMDeploy versions with vision-language support (0.12.0 and prior). Vulnerability stems from load_image() function in lmdeploy/vl/utils.py fetching arbitrary URLs without validating internal/private IP addresses, allowing attackers accessing cloud metadata services, internal networks, sensitive resources. Sysdig analysis states: “CVE-2026-33626 fits a pattern we have observed repeatedly in the AI-infrastructure space over the past six months: critical vulnerabilities in inference servers, model gateways, and agent orchestration tools are being weaponized within hours of advisory publication, regardless of the size or extent of their install base.” LMDeploy has 7,798 GitHub stars (order of magnitude less than mainstream projects like vLLM or Ollama) yet attackers prioritized rapid exploitation demonstrating systematic monitoring of security advisories for AI infrastructure targeting.

Technical Details

LMDeploy Platform: Toolkit for compressing, deploying, serving large language models and vision-language models (VLMs) developed by Shanghai AI Laboratory’s InternLM project. Provides OpenAI-compatible API for hosting models including:
  • InternVL2
  • internlm-xcomposer2
  • Qwen2-VL
  • Other vision-language and text LLMs
Vulnerability Mechanism: Root Cause: Unsafe URL handling in vision-language image loading Vulnerable Code Location: lmdeploy/vl/utils.py Vulnerable Function: load_image() Flaw: Function fetches arbitrary URLs from image_url field without:
  • Hostname validation
  • IP range validation (RFC1918 private, link-local, loopback)
  • Scheme validation
  • Access control enforcement
Attack Flow:
  1. Attacker Input: Crafts malicious request to LMDeploy vision-language endpoint with specially crafted image_url parameter
  2. SSRF Trigger: load_image() function processes URL without validation
  3. Internal Request: LMDeploy server makes HTTP request to attacker-specified URL
  4. Privilege Escalation: Request executes with privileges of model-serving process
  5. Data Exfiltration: Attacker receives response containing sensitive data from internal/cloud resources
Exploitation Observed in Wild: Timeline:
  • April 21, 2026, ~15:00 UTC: GitHub publishes GHSA-6w67-hwm5-92mq advisory
  • April 22, 2026, 03:35 UTC: First exploitation detected (12 hours 31 minutes later)
  • April 22-23: Continued exploitation attempts observed
Attacker Session Breakdown (8-minute duration): Phase 1 – AWS Metadata Service Targeting: 
GET http://169.254.169.254/latest/meta-data/iam/security-credentials/
Attempts to steal AWS IAM temporary credentials from Instance Metadata Service. Successful IMDS fetch compromises entire AWS account as vision-LLM nodes typically run with broad IAM roles:
  • S3 access for model artifacts and training datasets
  • Cross-account assume-role permissions
  • Database and service credentials
Phase 2 – Internal Service Port Scanning: 
http://127.0.0.1:6379  (Redis - prompt caching)
http://127.0.0.1:3306  (MySQL - metering/logging)
http://127.0.0.1:8080  (HTTP administrative interface)
Three localhost probes in 36 seconds demonstrates scripted port sweep using SSRF as probe primitive. Attacker treating vision-LLM endpoint as generic HTTP GET reaching addresses external network cannot access. Inference Deployment Topology:
  • Redis: Prompt caching, session management
  • MySQL/Postgres: Metering, usage tracking, audit logs
  • HTTP Control Planes: Administrative interfaces, health checks, model loading
Phase 3 – Out-of-Band Validation: 
DNS callback to requestrepo[.]com
Verifies SSRF vulnerability allows arbitrary external host access and establishes covert channel for data exfiltration. Model Switching Behavior: Attacker alternated between vision-language models (internlm-xcomposer2, OpenGVLab/InternVL2-8B) potentially to:
  • Circumvent rate limiting per model
  • Evade detection systems tracking single-model abuse patterns
  • Test vulnerability across different model implementations
Why AI Infrastructure Particularly Vulnerable: IAM Credentials Exposure: Vision-LLM GPU instances typically configured with broad cloud permissions. Single successful IMDS request can provide:
  • S3 bucket access (model storage)
  • Database credentials
  • Service-to-service authentication tokens
  • Ability to assume cross-account roles
In-Cluster Data Stores: AI inference deployments commonly include:
  • Redis for prompt/response caching
  • MySQL/Postgres for usage metering
  • Internal HTTP APIs for model management
  • Prometheus/Grafana monitoring endpoints
Model-Level Denial of Service: Attackers probing distributed serving architecture (distserve, P2P communication) indicating potential for:
  • Disrupting model inference processes
  • Corrupting cached responses
  • Manipulating model serving topology
Collapsing Exploit Window: Sysdig emphasizes: “Twelve hours and 31 minutes from publication to the first observed exploitation of LMDeploy is short enough that ‘patch Tuesday’ cadences and monthly scans are not a sufficient control.” Advisory-to-Exploit Conversion: GitHub advisory provided:
  • Vulnerable function name (load_image())
  • File location (lmdeploy/vl/utils.py)
  • Missing validation check description
  • Affected code pattern
With capable code-generation AI models, any advisory naming vulnerable function and showing missing check becomes turnkey exploit. Ironically, CVE-2026-33626 targets LLM-serving framework—yet same acceleration applies across entire CVE landscape. Comparison to Recent AI Infrastructure Exploits:
  • LMDeploy CVE-2026-33626: 12.5 hours to exploitation
  • Marimo CVE-2026-39987: 10 hours to exploitation
  • Both demonstrate sub-24-hour weaponization windows
  • Neither required public PoC—attackers built exploits from advisories

Comprehensive Action Steps

  1. Emergency LMDeploy Patching (IMMEDIATE):
    • Upgrade all LMDeploy deployments to version 0.12.3 or later
    • Version 0.12.3 introduces stricter URL safety checks blocking:
      • Link-local addresses (169.254.0.0/16)
      • Loopback addresses (127.0.0.0/8)
      • Private RFC1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
    • Prioritize internet-facing LMDeploy instances first
    • Test in non-production before production deployment
  2. AWS Metadata Service Hardening:
    • Implement IMDSv2 with token requirements on all EC2 instances
    • IMDSv2 requires HTTP PUT request to obtain token before metadata access
    • Prevents SSRF-based metadata theft as attackers cannot forge PUT requests
    • Configure via: 
      aws ec2 modify-instance-metadata-options \  --instance-id i-xxxx \  --http-tokens required \  --http-put-response-hop-limit 1
  3. Network Egress Filtering:
    • Restrict outbound connections from GPU/inference nodes to:
      • Object storage endpoints (S3, Azure Blob, GCS)
      • Logging/monitoring endpoints
      • Model registry endpoints
    • Block access to:
      • 169.254.169.254 (AWS IMDS)
      • 127.0.0.0/8 (localhost)
      • 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 (private networks)
    • Implement egress firewall rules or network security groups
  4. AI Infrastructure Inventory:
    • Catalog all AI/ML inference infrastructure:
      • LMDeploy
      • vLLM
      • Text Generation Inference (TGI)
      • Ray Serve
      • Ollama
      • Custom model-serving frameworks
    • Many deployed outside standard security review processes
    • Often not covered by CVE scanning until post-disclosure
  5. Vision-LLM Endpoint Security:
    • Treat vision-LLM image loaders as SSRF candidates by default
    • Review all endpoints accepting URLs (image_url, document_url, etc.)
    • Implement allowlist of permitted domains for external fetches
    • Consider proxy-based URL fetching with validation layer
    • Deploy web application firewall with SSRF detection rules
  6. Incident Response Investigation:
    • Review logs for exploitation indicators April 21-24:
      • Unusual outbound connections from AI inference nodes
      • Access to 169.254.169.254 from unexpected processes
      • Port scanning behavior (rapid connection attempts to 3306, 6379, 8080)
      • DNS queries to requestrepo[.]com or similar testing domains
    • Check IAM CloudTrail for credential usage from unexpected sources
    • Audit S3 access logs for unauthorized bucket enumeration
  7. IOC Hunting:
    • Source IP: 103.116.72.119 (Kowloon Bay, Hong Kong)
    • Target Ports: 6379 (Redis), 3306 (MySQL), 8080 (HTTP admin)
    • OOB Callback: requestrepo[.]com
    • IMDS Access: HTTP requests to 169.254.169.254
    • Search SIEM/EDR for these indicators
  8. AI Security Monitoring:
    • Implement behavioral analytics for AI inference endpoints:
      • Baseline normal request patterns (model types, request rates, latency)
      • Alert on anomalies (unusual models, rapid model switching, port scanning)
    • Monitor internal network connections from GPU nodes
    • Deploy honeypot AI endpoints to detect reconnaissance
  9. Vulnerability Management Process Acceleration:
    • Establish sub-24-hour patch SLA for AI infrastructure critical CVEs
    • Automated scanning for AI/ML framework vulnerabilities
    • Subscribe to:
      • GitHub Security Advisories for AI projects
      • CNCF security announcements
      • AI/ML-specific threat intelligence feeds
    • Assign dedicated security engineer to AI infrastructure
  10. Developer Education:
    • Train developers on SSRF vulnerabilities in AI/ML contexts
    • Review code for unsafe URL handling patterns
    • Implement security code review for vision/multimodal model endpoints
    • Use static analysis tools detecting SSRF vulnerabilities
    • Establish secure coding guidelines for AI inference services
  11. Cloud IAM Role Constraints:
    • Apply least-privilege to GPU instance IAM roles
    • Separate model-loading permissions from runtime inference permissions
    • Use AWS STS temporary credentials with short expiration
    • Implement IAM permission boundaries preventing privilege escalation
    • Audit IAM roles quarterly for excessive permissions
  12. Agent/RAG Security:
    • Extend SSRF protections to:
      • RAG (Retrieval-Augmented Generation) document fetchers
      • Agent tool-use endpoints
      • Multi-modal model image/video loaders
    • These are all SSRF candidates requiring explicit egress filtering

Key Takeaways

  • LMDeploy SSRF exploited 12.5 hours after advisory without public PoC
  • Attackers systematically monitor AI infrastructure security advisories
  • “Patch Tuesday” monthly cycles insufficient for AI-serving infrastructure
  • Advisory publication to weaponized exploit compressed to hours
  • Vision-LLM endpoints are generic HTTP SSRF primitives by default
  • AWS IMDS access from inference nodes compromises cloud account
  • IMDSv2 with token requirements prevents SSRF-based metadata theft
  • AI infrastructure frequently deployed outside standard security review
  • Behavioral analytics essential—signature-based detection arrives too late
Sources:
  • Sysdig Threat Research Team CVE-2026-33626 analysis
  • GitHub Security Advisory GHSA-6w67-hwm5-92mq
  • LMDeploy project maintainers
  • The Hacker News, CyberPress, Vulert coverage

Story 2: CPUID Supply Chain Attack—CPU-Z & HWMonitor Trojanized with STX RAT, 150+ Victims

Impact: CRITICAL Attack Duration: April 9, 15:00 UTC – April 10, 10:00 UTC (~19 hours) Malware: STX RAT (Remote Access Trojan with infostealer capabilities) Victims: 150+ confirmed downloads, multiple organizations Sectors Affected: Retail, Manufacturing, Consulting, Telecommunications, Agriculture Geographic Distribution: Primarily Brazil, Russia, China

Summary

CPUID official download infrastructure compromised April 9-10, 2026 for approximately 19 hours serving trojanized installers of CPU-Z and HWMonitor containing STX RAT remote access trojan. Attackers compromised secondary API causing download links on cpuid.com to redirect to malicious Cloudflare R2 storage hosting weaponized executables. Trojanized packages contained legitimate CPUID digitally-signed binaries bundled with malicious cryptbase.dll exploiting DLL search order hijacking. When users launched CPU-Z or HWMonitor, Windows loaded attacker’s DLL before system DLL, executing five-stage in-memory attack chain deploying STX RAT entirely in memory without disk artifacts. 150+ confirmed victims including IT professionals, system administrators, data center engineers, OEM hardware vendors across retail, manufacturing, consulting, telecommunications, agriculture sectors. CPUID’s tools (CPU-Z, HWMonitor, PerfMonitor) are de facto standard for hardware diagnostics with tens of millions users worldwide. Attack infrastructure linked to March 2026 fake FileZilla campaign (same C2 domain supp0v3[.]com), with campaign infrastructure dating to November 2025 indicating planned, sustained operation. CPUID author Samuel Demeulemeester confirmed compromise April 9-10 stating “secondary feature (basically a side API) was compromised for approximately six hours” causing main website to randomly display malicious links. Kaspersky confirmed end of compromise window April 10 at 10:00 UTC. Signed original CPUID files not compromised—attack exploited download infrastructure redirection rather than software signing compromise.

Technical Details

CPUID Platform: French software company developing free hardware diagnostic utilities:
  • CPU-Z: Processor information utility (codename, process, package, cache levels)
  • HWMonitor: Hardware monitoring reading PC health sensors (voltage, temperature, fan speed)
  • HWMonitor Pro: Professional version with extended features
  • PerfMonitor: Performance monitoring utility
  • PowerMAX: Stress testing tool
User Base:
  • IT professionals conducting diagnostics
  • System administrators
  • Data center engineers
  • OEM hardware vendors (pre-installation testing)
  • Security researchers
  • Corporate IT departments
  • Portable (ZIP) versions carried on USB drives for production machine diagnostics
Attack Timeline:
  • July 2025: Earliest known STX RAT sample (“superbad.exe”) communicating with C2 95.216.51[.]236
  • November 2025: Campaign infrastructure registration (supp0v3[.]com C2 domain)
  • March 2026: Fake FileZilla campaign using same infrastructure
  • April 9, 15:00 UTC: CPUID API compromise begins
  • April 9-10: Download links redirect to malicious Cloudflare R2 buckets
  • April 10, ~10:00 UTC: CPUID identifies and remediates breach (19-hour window)
  • April 10: Kaspersky confirms compromise window ended
  • April 13: CPUID publicly acknowledges incident via Samuel Demeulemeester
Compromise Mechanism: Entry Point: Secondary API breach (not primary CPUID infrastructure) Attack Vector: API compromise enabled modification of download links on main cpuid.com website Redirection: Download URLs replaced with links to attacker-controlled Cloudflare R2 object storage buckets Hosting Infrastructure: 
Malicious domains observed:
- cl0udflare-r2.[various].com
- download[.]cpuid-monitor[.]com
- [Various Cloudflare R2 bucket URLs]
Malicious Packages Distributed:
  • CPU-Z v2.19 (trojanized)
  • HWMonitor v1.63 (trojanized, Russian-language Inno Setup installer)
  • HWMonitor Pro (trojanized)
  • PerfMonitor (trojanized)
  • PowerMAX (trojanized)
Package Contents:
  • Legitimate CPUID digitally-signed binaries (to avoid suspicion)
  • Malicious cryptbase.dll (sideloaded DLL)
DLL Search Order Hijacking: Technique: DLL sideloading via cryptbase.dll Normal Windows Behavior:
  1. Application (HWMonitor_x64.exe or CPU-Z) requires cryptbase.dll
  2. Windows searches for DLL in order:
    • Application directory (current folder)
    • System directory (C:\Windows\System32)
    • Windows directory
    • PATH directories
Attack Exploitation:
  1. Trojanized package places malicious cryptbase.dll in application directory
  2. User launches HWMonitor_x64.exe or CPU-Z
  3. Windows DLL search order loads cryptbase.dll from application directory FIRST
  4. Malicious DLL executes before legitimate system DLL
Note: Only 64-bit versions affected (HWMonitor_x64.exe) Five-Stage In-Memory Attack Chain: Stage 1 – Initial Shellcode: Malicious cryptbase.dll contains shellcode loader using reflective PE loading technique. Shellcode executes without writing to disk. Stage 2 – Reflective PE Loader: Shellcode locates entry point of reflective PE loader, maps PE into memory, unpacks subsequent stage through resource section decryption. Decryption Method:
  • XOR decryption combined with bitwise manipulation
  • XOR key: 53 F4 49 91 8C E5 D9 9B 3A CE 62 5F 80 40 7B 30
Stage 3 – In-Memory DLL: Reflectively loaded DLL unpacks Stage 4 PE using same XOR decryption and bitwise manipulation routine. Stage 4 – Intermediate Payload: Extracts final Stage 5 payload (core malware binary). Stage 5 – STX RAT: Final Payload Hash: 
52862b538459c8faaf89cf2b5d79c2f0030f79f80a68f93d65ec91f046f05be6
STX RAT Capabilities (per eSentire analysis): Remote Control:
  • Full remote shell access
  • Command execution
  • Process management
Follow-On Payload Execution:
  • In-memory execution of EXE/DLL
  • PowerShell execution
  • Shellcode injection
Post-Exploitation:
  • Reverse proxy/tunneling
  • Desktop interaction and control
  • Keylogging
  • Screenshot capture
Credential Harvesting:
  • Browser credential theft (Chrome, Firefox, Edge)
  • Windows Credential Manager extraction
  • Password database access
Data Exfiltration:
  • File system access
  • Document theft
  • Configuration extraction
C2 Communication: Primary C2 Domain: welcome[.]supp0v3[.]com C2 Communication Method: Transmits JSON-formatted victim metadata: 
{
  "campaign": "tbs/tbs2/tbs3/snip",
  "referrer": "CPZ/monitor3",
  "victim_id": "[unique identifier]",
  "hostname": "[computer name]",
  "username": "[current user]",
  "os": "[Windows version]"
}
Campaign Tags:
  • tbs, tbs2, tbs3, snip: Distinct campaign identifiers
  • Referrer CPZ: CPU-Z infections
  • Referrer monitor3: HWMonitor infections
Indicates multi-campaign infrastructure with campaign tracking and victim profiling. Infrastructure Attribution: C2 Backend: ai.supp0v3[.]com (subdomain exposed backend server) TLS Certificate: Stolen/self-signed VK.com (VKontakte) wildcard certificate
  • Certificate locality: Saint Petersburg, Russia
  • Suggests Russian-nexus threat actor
Hosting Provider: Global Connectivity Solutions (frequently used for malicious hosting/bulletproof hosting) Prior Campaign Connection: March 2026 fake FileZilla campaign:
  • Same C2 domain (supp0v3[.]com)
  • Same infrastructure
  • Same threat actor
Operational Security Assessment: Kaspersky: “The gravest mistake attackers made was to reuse the same infection chain involving STX RAT, and the same domain names for C2 communication, from the previous attack related to fake FileZilla installers. The overall malware development/deployment and operational security capabilities of the threat actor behind this attack are quite low, which, in turn, made it possible to detect the watering hole compromise as soon as it started.” Attribution Conclusion: Breakglass Intelligence assesses: Russian-speaking threat actor, financially motivated OR initial access broker

Comprehensive Action Steps

  1. Immediate Download Audit (HIGHEST PRIORITY):
    • Identify any CPUID tool downloads April 9-10, 2026:
      • Check browser download history for cpuid.com
      • Review IT ticketing systems for diagnostic tool installations
      • Search endpoint deployment records for CPU-Z/HWMonitor
      • Query software asset management systems
    • Compromise window: April 9, 15:00 UTC – April 10, 10:00 UTC (~19 hours)
    • Flag ANY endpoint with CPUID tools installed during this window
  2. Cryptbase.dll Hunt:
    • Search for cryptbase.dll in non-system directories: 
      Get-ChildItem -Path C:\ -Filter cryptbase.dll -Recurse -ErrorAction SilentlyContinue | Where-Object {$_.FullName -notlike "*\Windows\System32\*" -and               $_.FullName -notlike "*\Windows\SysWOW64\*"}
    • Legitimate location: C:\Windows\System32\cryptbase.dll ONLY
    • ANY instance outside system directories = confirmed IOC
  3. STX RAT IOC Detection: File Hashes: 
    52862b538459c8faaf89cf2b5d79c2f0030f79f80a68f93d65ec91f046f05be6 (Stage 5)
    Network IOCs:
    • C2 Domain: welcome[.]supp0v3[.]com
    • C2 IP: 95.216.51[.]236
    • Backend: ai.supp0v3[.]com
    DNS Queries:
    • Search DNS logs for supp0v3[.]com lookups
    • Check firewall logs for connections to 95.216.51[.]236
  4. Memory Forensics:
    • STX RAT executes entirely in memory across five stages
    • Memory dump analysis required for infected systems: 
      # Dump memory for analysisGet-Process | Where-Object {$_.Name -like "*HWMonitor*" -or $_.Name -like "*CPU-Z*"} | Select-Object Id, ProcessName, StartTime
    • Engage incident response team for memory forensics
  5. Persistence Mechanism Hunt: Check Scheduled Tasks: 
    Get-ScheduledTask | Where-Object {$_.Actions.Execute -like "*cryptbase*" -or 
                                   $_.Date -ge "2026-04-09" -and 
                                   $_.Date -le "2026-04-11"}
    Check Registry Run Keys: 
    $RunKeys = @(
  "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
  "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",
  "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
  "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
)
foreach ($key in $RunKeys) {
  Get-ItemProperty $key | Select-Object PSPath, *
}
    Check Startup Folders:
    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    • C:\Users[username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  6. PowerShell Log Analysis: 
    Get-WinEvent -FilterHashtable @{
  LogName='Microsoft-Windows-PowerShell/Operational'; 
  ID=4104; 
  StartTime='2026-04-09'; 
  EndTime='2026-04-11'
} -MaxEvents 100 | 
Where-Object {$_.Message -like "*Invoke-Expression*" -or 
              $_.Message -like "*IEX*" -or 
              $_.Message -like "*downloadstring*"} | 
Select-Object TimeCreated, Message | Format-List
  7. Credential Rotation:
    • Assume compromised: Any password, token, key accessible from infected machine
    • Priority rotation:
      • Domain administrative credentials
      • Email account passwords
      • VPN credentials
      • Database passwords
      • API keys and tokens
      • SSH private keys
      • Browser-saved passwords
    • STX RAT harvests browser credentials—rotate all saved passwords
  8. Lateral Movement Investigation:
    • Review authentication logs for unusual access patterns from infected systems:
      • RDP connections to other systems
      • SMB/CIFS file sharing to network resources
      • PowerShell remoting to other endpoints
      • Service account usage from workstation
    • Check for evidence of privilege escalation
    • Audit Active Directory for new user/group creations
  9. System Remediation:
    • Isolated Networks: Disconnect infected systems from network immediately
    • Forensic Imaging: Create disk image before remediation for investigation
    • Reimaging Preferred: Given STX RAT’s memory-resident, multi-stage design, reimaging from known-good media safest approach
    • Cleanup Alternative (if reimaging impossible):
      • Remove malicious cryptbase.dll
      • Delete persistence mechanisms (scheduled tasks, registry keys)
      • Clear browser credential stores
      • Run full antivirus/EDR scan
      • Monitor for 72 hours post-cleanup
  10. Software Download Controls:
    • Implement organizational policy: diagnostic tools approved through IT only
    • Establish software allowlist for production environments
    • Require cryptographic signature verification before installation
    • Hash validation against known-good sources
    • Consider blocking cpuid.com temporarily while incident investigated
    • Redownload clean copies from cpuid.com (compromise remediated April 10)
  11. Supply Chain Security:
    • CPUID represents “watering hole” supply chain attack
    • Attackers compromise trusted resource visitors already use regularly
    • Hardware diagnostic utilities disproportionately downloaded by IT admins
    • Privileged account compromise from IT tools enables enterprise-wide lateral movement
    • Establish supply chain risk assessment for critical IT utilities
  12. Vendor Communication:
    • Contact CPUID for official IOCs and remediation guidance
    • Report infection to appropriate authorities:
      • Local law enforcement
      • FBI IC3 (Internet Crime Complaint Center)
      • CISA (if federal agency or critical infrastructure)
    • Engage cyber insurance provider if applicable
    • Consider legal counsel for data breach notification requirements

Key Takeaways

  • CPUID official infrastructure compromised serving trojanized CPU-Z/HWMonitor
  • 19-hour window (April 9 15:00 – April 10 10:00 UTC) affected 150+ victims
  • DLL sideloading via cryptbase.dll enabled five-stage in-memory STX RAT deployment
  • Attack targeted IT professionals, system admins with privileged access
  • Same threat actor as March 2026 fake FileZilla campaign
  • Campaign infrastructure dates to November 2025 indicating sustained operation
  • Watering hole attack on trusted diagnostic tool distribution
  • Legitimate software distribution cannot be assumed safe without verification
Sources:
  • CPUID author Samuel Demeulemeester acknowledgment
  • Cyderes Howler Cell technical analysis
  • Kaspersky threat intelligence
  • eSentire STX RAT documentation
  • BleepingComputer, Tom’s Hardware, Help Net Security coverage
  • Breakglass Intelligence attribution assessment
  • Rescana, Fyntralink, LayerLogix analysis

Story 3: Anthropic Project Glasswing—Claude Mythos AI Discovers 27-Year OpenBSD Vulnerability

Impact: CRITICAL (Transformative AI Security Implications) Announcement: April 23, 2026 AI Model: Claude Mythos Preview (restricted access) Partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks

Summary

Anthropic announced Project Glasswing initiative utilizing Claude Mythos AI model discovering vulnerabilities across every major operating system and browser—including 27-year-old vulnerability in OpenBSD, historically considered one of world’s most secure operating systems. Vulnerabilities survived decades of human audits, aggressive fuzzing, and open-source scrutiny. Discovery validates Anthropic’s decision restricting Mythos public release due to offensive cybersecurity capabilities “surpassing all but the most skilled humans at finding and exploiting software vulnerabilities.” Model restricted to 12 major partners for securing critical software before adversaries can exploit AI-discovered vulnerabilities. The Hacker News reports Mythos findings reinforce concerns that AI is accelerating vulnerability discovery faster than traditional patch cycles can address, creating fundamental security asymmetry where defenders must compete against AI-enabled attackers.

Key Takeaways:

  • AI discovering vulnerabilities in decades-old, heavily audited code (27-year OpenBSD bug)
  • Validates AI offensive capabilities requiring restricted model access
  • 12 major organizations using Mythos to secure critical infrastructure
  • Demonstrates AI capabilities surpassing human security researchers
  • Accelerates vulnerability discovery timelines requiring faster patch deployment

Story 4: McGraw-Hill 45 Million Salesforce Records Breach—ShinyHunters Exploits Misconfiguration

Impact: CRITICAL Threat Actor: ShinyHunters ransomware/extortion group Records Exposed: 45 million Salesforce records Data Types: Personally identifiable information (PII)

Summary

McGraw-Hill identified unauthorized access to systems with investigation revealing hackers exploited misconfigurations in Salesforce environment accessing 45 million internal Salesforce records containing personally identifiable information. ShinyHunters claimed responsibility for attack demonstrating threat actor pivoting from ransomware operations to data extortion campaigns targeting enterprise SaaS platforms. Incident highlights Salesforce security requiring hardening beyond default configurations, with enterprises responsible for proper access controls, data classification, and security monitoring of SaaS environments. McGraw-Hill breach follows pattern of ShinyHunters targeting high-value data repositories for extortion.

Action Steps:

  • Audit Salesforce permissions and sharing settings
  • Implement Salesforce Shield for event monitoring and encryption
  • Review external application OAuth grants
  • Enable multi-factor authentication for all Salesforce users
  • Deploy data loss prevention monitoring Salesforce API access
  • Conduct regular Salesforce security assessments

Story 5: SongTrivia 2.9 Million User Accounts Leaked—Authentication Tokens Exposed on Breach Forums

Impact: HIGH Victims: 2.9 million user accounts Data Exposed: Authentication tokens, email addresses, avatars, names, passwords, usernames

Summary

SongTrivia Inc. (Seattle-based interactive entertainment company) reported ransomware attack resulting in exposure of data from 2.9 million user accounts. Leaked data published on breach forums includes authentication tokens enabling account takeover, email addresses for phishing campaigns, and passwords potentially reused across services. Discovery occurred after data published on breach forum rather than proactive detection, highlighting need for dark web monitoring and breach detection programs beyond perimeter security.

Action Steps:

  • Force password resets for all 2.9 million affected accounts
  • Revoke all outstanding authentication tokens and session cookies
  • Implement credential stuffing defenses (rate limiting, CAPTCHA)
  • Monitor dark web for organizational data exposure
  • Deploy compromised credential detection services
  • Notify affected users of breach per regulatory requirements

Story 6: Grinex Cryptocurrency Exchange $13M Loss—State-Sponsored Attack Forces Suspension

Impact: CRITICAL Financial Loss: $13 million+ Threat Actor: State-sponsored group (nation not specified) Operational Status: Suspended operations

Summary

Grinex (Kyrgyzstan-based cryptocurrency exchange facilitating transactions for Russian market) became victim of state-sponsored cyberattack resulting in $13+ million financial loss forcing complete operational suspension. Attack demonstrates nation-state targeting of cryptocurrency infrastructure, particularly exchanges serving sanctioned regions. Users unable to access funds during suspension period creating secondary financial impact beyond direct theft. Incident highlights cryptocurrency exchange security requiring nation-state-level defenses.

Action Steps:

  • Implement hot/cold wallet separation (majority of funds in offline cold storage)
  • Deploy multi-signature wallet requirements for large transfers
  • Establish geographic access restrictions for administrative functions
  • Implement real-time transaction monitoring for anomaly detection
  • Conduct penetration testing simulating nation-state attacks
  • Establish incident response procedures for exchange compromise

Story 7: Operation PowerOFF—53 DDoS Domains Seized, 75,000 Cybercriminals Exposed

Impact: HIGH (Law Enforcement Success) Domains Seized: 53 DDoS-for-hire services Arrests: 4 individuals Criminal Accounts: 3 million exposed Users: 75,000+ cybercriminals

Summary

International law enforcement operation PowerOFF took down 53 domains associated with commercial distributed denial-of-service operations, arrested 4 individuals, and obtained access to 3 million criminal account records exposing 75,000+ cybercriminals utilizing DDoS-for-hire services. Operation disrupted commercial DDoS ecosystem lowering barrier for cybercrime by providing attack infrastructure as service. Seizure of customer databases enables follow-on investigations of DDoS purchasers.

Key Takeaways:

  • DDoS-for-hire commercialization enables low-skill attackers
  • 75,000+ criminals purchasing DDoS services demonstrates market size
  • Law enforcement disrupting cybercrime infrastructure providers
  • Customer database seizures enable downstream prosecutions
  • Demonstrates international cooperation in cybercrime enforcement

Story 8: Ransomware Negotiator Guilty Plea—Angelo Martino Collaborated with BlackCat

Impact: MEDIUM (Insider Threat) Individual: Angelo Martino (Florida) Threat Actor: BlackCat (ALPHV) ransomware group Role: Ransomware negotiator

Summary

Angelo Martino pleaded guilty to collaborating with BlackCat (ALPHV) cybercrime group while operating as ransomware negotiator. Case highlights insider threat from cybercrime facilitators occupying liminal space between victims and attackers. Ransomware negotiators ostensibly assist victims in ransom payment processes but Martino case demonstrates potential for corrupt negotiators actively colluding with threat actors. Guilty plea establishes legal precedent for prosecuting ransomware ecosystem facilitators beyond direct attackers.

Key Takeaways:

  • Ransomware negotiators can be compromised insiders
  • Cybercrime facilitators face prosecution alongside direct attackers
  • Organizations should vet incident response providers carefully
  • Insider threats extend to third-party service providers
  • Legal frameworks expanding to target entire ransomware ecosystem

Story 9: Cisco Four Critical Vulnerabilities—Identity Services, Webex Code Execution

Impact: HIGH Vendor: Cisco Patches Released: April 16, 2026 Severity: 4 Critical vulnerabilities

Summary

Cisco announced patches addressing four critical security flaws in Identity Services and Webex platforms enabling remote code execution. Vulnerabilities affect authentication infrastructure and collaboration platforms creating enterprise-wide exposure if exploited. Organizations using Cisco Identity Services or Webex must prioritize emergency patching as exploitation enables authentication bypass and arbitrary code execution on critical infrastructure.

Action Steps:

  • Deploy Cisco patches immediately for Identity Services and Webex
  • Prioritize internet-facing instances
  • Monitor Cisco security advisories for IOC publication
  • Implement network segmentation isolating authentication infrastructure
  • Enable logging and monitoring for exploitation attempts

Story 10: Additional Critical Incidents

NIST NVD CVE Enrichment Changes: NIST announced limiting CVE enrichment after 263% surge in vulnerability submissions, stating only CVEs meeting specific criteria will receive full analysis. Change affects vulnerability prioritization processes as organizations lose comprehensive NIST assessments for many CVEs. Mastodon DDoS Attack: Major DDoS attack caused Mastodon outage but platform mitigated within hours demonstrating decentralized social media resilience. Incident highlights continued DDoS threats against alternative social platforms. Tyler Buchanan Guilty Plea: Admitted hacking companies, fraud, cryptocurrency theft demonstrating ongoing prosecution of cybercriminals across multiple attack categories. Spring Lake Park School District Ransomware (Minnesota): Ransomware attack April 13 forced shutdown, activated incident response systems. Continues education sector targeting trend. ADT Data Breach: Security company ADT itself listed on ShinyHunters leak site demonstrating irony of security vendor compromise.

Cross-Story Strategic Analysis

Emerging Patterns Week of April 18-24, 2026:

  1. AI Exploitation Acceleration: LMDeploy 12.5 hours, Marimo 10 hours—sub-24-hour weaponization becoming norm
  2. Supply Chain Trust Abuse: CPUID official infrastructure serving malware 19 hours
  3. AI Offensive Superiority: Mythos discovering 27-year OpenBSD vulnerability humans missed
  4. Enterprise SaaS Security: McGraw-Hill 45M Salesforce records via misconfiguration
  5. Cybercrime Facilitator Prosecution: Ransomware negotiator guilty plea expanding legal targeting
  6. DDoS Commercialization Disruption: Operation PowerOFF exposing 75,000 criminals

Defensive Imperatives:

  1. Accelerate Patch Cycles: Monthly → Daily/Hourly for critical AI infrastructure
  2. Software Distribution Verification: Cryptographic signatures, hash validation, don’t trust app stores/official sites blindly
  3. SaaS Security Hardening: Default configurations insufficient—comprehensive hardening required
  4. AI Defensive Adoption: Match AI attackers with AI defenders
  5. Insider Threat Programs: Extend to third-party service providers (negotiators, consultants)
Stay informed on the latest cybersecurity developments by following ITBriefcase.net for daily updates and in-depth analysis.