📰 The CyberSignal Daily — April 14, 2026

Trust is the attack surface — yesterday and this morning, attackers weaponized GitHub notifications, a fitness app, a travel platform, a cloud analytics vendor, and your own endpoint security tools. The front door is no longer where breaches begin.

ESET Research has published a comprehensive warning that RansomHub and other major ransomware groups have professionalized their use of "EDR killer" tools — specialized malware designed to disable Endpoint Detection and Response agents before deploying ransomware. If your EDR is your last line of defense, it may no longer be standing when you need it most.

→ Read the full story

A breach at Anodot, a cloud cost monitoring platform with deep Snowflake permissions, has been confirmed as the origin point for a series of high-profile data thefts — including the Rockstar Games incident. One vendor with elevated cloud access becomes the master key to multiple enterprises simultaneously. Every SaaS integration in your Snowflake environment is now a potential breach vector.

→ Read the full story

Threat actors have found a reliable way around email security filters: route phishing lures through GitHub and Jira's own notification systems. Because the emails come from legitimate platforms, they pass SPF, DKIM, and DMARC checks cleanly. Developers — who receive GitHub notifications constantly and are trained to trust them — are the primary target.

→ Read the full story

The world's largest travel platform has confirmed unauthorized access to customer booking data, and a targeted phishing wave is already in motion. Attackers now have names, travel dates, destinations, and contact details — everything needed for highly convincing follow-on fraud. If your employees book corporate travel through Booking.com, flag any related emails as high-risk immediately.

→ Read the full story

As ransomware matures into a structured extortion economy, a new specialist class is emerging — one whose most powerful tool is conversation, not code. Ransomware negotiators are now a standard part of enterprise incident response, and understanding how the negotiation economy works is becoming essential knowledge for security leaders.

→ Read the full story

A landmark Infoblox investigation has drawn a direct technical line between a wave of sophisticated Android banking trojans targeting 21 countries and industrial-scale scam operations in Southeast Asia staffed by human trafficking victims. This is the clearest picture yet of how organized crime, malware-as-a-service, and forced labor have merged into a single global criminal industry.

→ Read the full story

Trust is the attack surface — and this morning's stories make that clearer than ever. EDR killers don't find a gap in your defenses, they disable the defenses themselves. GitHub notifications don't look like phishing, so they aren't treated like phishing. A Snowflake vendor with cloud-wide permissions doesn't look like a risk until it becomes one. Ransomware negotiators exist because attackers have professionalized their operations faster than defenders have adapted. The consistent thread across all of today's stories: the attack is arriving as something you've already decided to trust. That's the hardest problem in security — and right now, it's the one being exploited most aggressively.

After Rockstar called the breach "non-material," ShinyHunters followed through and began releasing stolen data after the April 14 deadline passed.

OpenAI confirmed it rotated its developer signing certificates for macOS after the malicious Axios npm package executed in a GitHub Actions workflow. All macOS desktop users are being forced to update.

The White House has proposed a $707 million reduction to CISA — roughly 30% of its current budget.

Stay sharp. Stay ahead.

Till next time,

Our News Site | Get the Weekly Briefing