NRG Networks Inc.

The Mercor breach was a major supply‑chain–driven cyberattack that exposed sensitive data from one of the AI industry’s most important training‑data vendors. It originated from a poisoned update to the open‑source LiteLLM library and quickly escalated into a multi‑terabyte compromise claimed by the Lapsus$ extortion group.  What Triggered the Breach The root cause was a supply‑chain compromise of LiteLLM , a Python library downloaded millions of times per day and used to connect applications to AI services. A threat group known as TeamPCP hijacked LiteLLM’s CI/CD pipeline and pushed malicious versions 1.82.7 and 1.82.8 to PyPI for ~40 minutes. These versions contained credential‑harvesting malware . Mercor confirmed it was “one of thousands of companies” affected by the poisoned package. How Attackers Reached Mercor The malicious LiteLLM update harvested credentials from systems that imported the library. Those credentials were then used to pivot deeper into Mercor’s env...

Venom phishing attacks refer to a newly uncovered, highly sophisticated phishing‑as‑a‑service (PhaaS) platform called VENOM, used in targeted credential‑theft campaigns against senior executives. The platform is notable for its stealth, precision targeting, and advanced MFA‑bypass techniques. What VENOM Is VENOM is a closed‑access PhaaS platform—not advertised on underground forums—that enables threat actors to run highly personalized phishing operations. It has been active since at least late 2025 and is used to target C‑suite executives (CEOs, CFOs, VPs, chairpersons) across more than 20 industries. Its secrecy and selective access make it harder for researchers to track and for defenders to detect. Who It Targets VENOM focuses on high‑value corporate leadership, using tailored lures that mimic internal business communications. These attacks are not mass‑mailed; they are hand‑crafted for specific individuals, often using real names, company details, and fabricated email threads. How ...

Microsoft terminated the VeraCrypt developer’s Windows publisher account because the company said the account “did not meet verification requirements,” but did not provide any specific explanation, warning, or appeal path . All available reporting indicates the termination was abrupt, automated, and poorly communicated — not tied to any known security issue with VeraCrypt itself. What actually happened Across multiple credible reports, the situation is consistent: Mounir Idrassi , the longtime maintainer of VeraCrypt, reported that Microsoft terminated the account he used to sign Windows bootloaders and drivers , with no prior notice, no explanation, and no ability to appeal . The termination prevents him from publishing Windows updates , even though he can still update Linux and macOS versions. Microsoft’s automated systems told him his organization “does not currently meet the requirements to pass verification,” but did not specify what requirement failed. Attempts to reach a h...

  CVE‑2026‑35616 — Patch Status (FortiClient EMS) Vulnerability summary CVE‑ID: CVE‑2026‑35616 Severity: Critical (CVSS 9.1) Type: Improper access control / pre‑authentication API access bypass Impact: Unauthenticated remote code or command execution Exploitation: Confirmed active exploitation in the wild Discovered by: Defused (Simo Kohonen) and Nguyen Duc Anh [thehackernews.com] , [bleepingcomputer.com] , [tenable.com] Affected and fixed versions Vulnerable FortiClient EMS 7.4.5 FortiClient EMS 7.4.6 Not affected FortiClient EMS 7.2.x and earlier [securityweek.com] , [bleepingcomputer.com] Available patches (as of April 7 2026) Immediate remediation (recommended now) Fortinet has released out‑of‑band hotfixes for the affected builds: EMS 7.4.5 hotfix https://docs.fortinet.com/document/forticlient/7.4.5/ems-release-notes/832484 EMS 7.4.6 hotfix https://docs.fortinet.com/document/forticlient/7.4.6/ems-release-notes/832484 Fortinet confirms these hotfixes fully mitigate CVE‑2...

On April 7, 2026 , international law enforcement agencies—working with Microsoft and private-sector researchers— disrupted a large-scale DNS hijacking operation that was actively stealing Microsoft 365 credentials by manipulating internet routers worldwide. [bleepingcomputer.com] The campaign, tracked as FrostArmada , was linked to APT28 (also known as Fancy Bear , Forest Blizzard , or STRONTIUM ), a Russia-backed cyber‑espionage group associated with GRU military unit 26165. [bleepingcomputer.com] , [ncsc.gov.uk] Authorities involved in the takedown included: The FBI The U.S. Department of Justice The Polish government Microsoft and Lumen’s Black Lotus Labs Together, they dismantled key attacker-controlled infrastructure used to redirect traffic and steal credentials. [bleepingcomputer.com] How the attack worked (in plain English) This was not phishing email spam . Instead, attackers compromised routers at the network edge , mainly: MikroTik TP‑Link Some Fortinet and Nethesis fi...

  Microsoft experienced a major Exchange Online outage that prevented many users from accessing: Their mailboxes Calendars Outlook on the web Outlook desktop Mobile clients (Exchange ActiveSync) The issue was acknowledged by Microsoft at 06:42 AM UTC and tracked under EX1253275 in the Microsoft 365 admin center. Scope of the Outage According to multiple reports: All major Exchange Online connection protocols were affected. Users saw errors accessing Office.com , which temporarily displayed “Something went wrong.” A separate outage also impacted Microsoft 365 Copilot web sign‑in and Copilot web clients (e.g., office.com/chat). Cause of the Problem Microsoft reported: A section of service infrastructure was not processing traffic efficiently. The root cause involved supporting network infrastructure , leading to service degradation across Exchange Online. Engineers implemented configuration changes to mitigate the impact. Is It Fixed? partially . Microsoft stated the outage ha...

  Windows 11 (25H2, 24H2, and LTSC 2024) that Microsoft released on March 13–14, 2026 to fix critical RRAS remote code execution vulnerabilities . It installs without requiring a reboot on systems that support hotpatching. What KB5084597 Addresses Microsoft issued this update to patch three RRAS (Routing and Remote Access Service) management tool vulnerabilities : CVE‑2026‑25172 — RRAS RCE CVE‑2026‑25173 — RRAS RCE CVE‑2026‑26111 — RRAS RCE These flaws stem from an integer overflow/wraparound condition. If an administrator’s RRAS management tool connects to a malicious remote server , an attacker could: Disrupt the RRAS management tool Execute code on the administrator’s device This makes the vulnerabilities particularly dangerous in enterprise environments where RRAS is used for VPN, NAT, routing, and site‑to‑site connectivity. Why This Update Is Out‑of‑Band Microsoft released KB5084597 outside the normal Patch Tuesday cycle because the vulnerabilities are cons...