Cleartext logocleartext_
week in review

Cleartext Week in Review – April 04, 2026

Saturday, April 4, 2026·10:04

Cleartext Week in Review – April 04, 2026
10:04·6.2 MB
download mp3

Enjoy the show? Subscribe to never miss an episode.

SpotifyApple Podcasts

show notes

Cleartext – April 04, 2026

Daily cybersecurity briefing for CISOs and security leaders.

🎧 Listen to this episode

Episode Summary

Today's episode covers 17 stories across 5 topic areas, including: Risky Bulletin: Iranian password sprays came first, then came the missiles; Medtech giant Stryker says it’s back up after Iranian cyberattack; China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing.

Stories Covered

🌍 Geopolitical

Risky Bulletin: Iranian password sprays came first, then came the missiles

Risky Business News · Apr 01 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Iran's cyber operations are now explicitly synchronized with kinetic military strikes — password spraying preceded missile attacks, establishing a new paradigm where cyber activity serves as a direct indicator of physical threat escalation.

  • Iranian password-spraying campaigns against Israeli targets preceded physical missile strikes
  • Handala group claimed wiper attack on medtech giant Stryker; operations now restored
  • Iran-linked actors targeting Middle Eastern city governments to undermine missile-strike emergency responses

📖 Read full article

Medtech giant Stryker says it’s back up after Iranian cyberattack

CyberScoop · Apr 02 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: A major medical device manufacturer was hit with a wiper attack by an Iranian hacktivist group — healthcare and critical infrastructure CISOs need to update threat models to account for Iran's expanded targeting of US companies.

  • Handala, an Iranian-linked hacktivist group, claimed responsibility for wiper attack on Stryker
  • Stryker says it is now fully operational three weeks after systems were wiped
  • Attack is part of a broader Iranian cyber offensive against US and allied targets

📖 Read full article

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

The Hacker News · Apr 03 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: TA416's return to targeting European governments after a two-year pause signals a shift in Chinese intelligence priorities — CISOs at organizations with European government or diplomatic relationships should review OAuth-based authentication flows.

  • China-aligned TA416 resumed targeting European government and diplomatic organizations after two-year hiatus
  • Campaign uses PlugX malware and OAuth-based phishing techniques
  • Activity overlaps with multiple tracked clusters including RedDelta and Vertigo Panda

📖 Read full article

CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers

The Record (Recorded Future) · Apr 03 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: Active exploitation of a TrueConf zero-day in government networks highlights the persistent risk of video conferencing software as an attack surface — audit all conferencing tools for patch status and integrity verification.

  • CVE-2026-3502 in TrueConf video conferencing software exploited as zero-day against Southeast Asian governments
  • CISA ordered all federal agencies to patch within two weeks
  • Attack campaign dubbed 'TrueChaos' targets government entities

📖 Read full article

Ukraine warns Russian hackers are revisiting past breaches to prepare new attacks

The Record (Recorded Future) · Apr 03 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: CERT-UA's warning that Russian attackers are checking if old access, credentials, and unpatched vulnerabilities still work is a reminder that post-incident remediation must be thorough — assume adversaries will return.

  • CERT-UA reports Russian attackers are revisiting previously breached infrastructure to check if access persists
  • Attackers test whether exploited vulnerabilities have been patched and if stolen credentials remain valid
  • Pattern suggests systematic reconnaissance for future attack preparation

📖 Read full article

📡 Macro Trends

Akira ransomware group can achieve initial access to data encryption in less than an hour

CyberScoop · Apr 02 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: Akira's sub-one-hour dwell time from initial access to encryption collapses the window for detection and response — SOC teams need to validate that automated detection and containment can operate at machine speed.

  • Akira ransomware can move from initial access to full encryption in under one hour
  • The group invests more effort than usual in developing working decryptors to incentivize payment
  • Halcyon research confirms this is a new speed benchmark for ransomware operations

📖 Read full article

Quantum computers need vastly fewer resources than thought to break vital encryption

Ars Technica Security · Mar 31 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: New research showing quantum computers need far fewer resources to break elliptic curve cryptography accelerates the timeline for post-quantum migration — CISOs should ensure PQC transition roadmaps are active, not just planned.

  • New advances show quantum computers need vastly fewer resources than previously thought to break ECC
  • Q Day timeline compression makes post-quantum cryptography migration more urgent
  • Research specifically targets elliptic curve cryptosystems widely used in TLS, SSH, and code signing

📖 Read full article

🔓 Data Breach

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The Hacker News · Apr 03 · Relevance: ██████████ 10/10

Why it matters to CISOs: The Axios npm package is present in ~80% of cloud environments with 100M+ weekly downloads — this DPRK-attributed supply chain compromise demands immediate audit of JavaScript dependencies and review of maintainer token hygiene across your organization.

  • North Korean group UNC1069 socially engineered the lead Axios maintainer to steal a long-lived npm access token
  • Two poisoned versions pushed a cross-platform RAT targeting macOS, Windows, and Linux; live for ~3 hours
  • Huntress detected first infections within 89 seconds; Wiz estimates Axios is in ~80% of cloud environments

📖 Read full article

Trivy supply chain attack enabled European Commission cloud breach

Help Net Security · Apr 03 · Relevance: █████████░ 9/10

Why it matters to CISOs: The EU Commission breach — 340 GB of data from 30+ Union entities — demonstrates how a single compromised open-source security tool (Trivy) in the CI/CD pipeline can cascade to catastrophic data exposure at sovereign scale.

  • CERT-EU attributed the breach to TeamPCP via a Trivy supply chain compromise; ShinyHunters leaked the 340 GB dataset
  • Exposed personal data includes names, usernames, and emails from the European Commission and at least 29 other EU entities
  • Attack exploited cloud infrastructure underpinning EU websites

📖 Read full article

Mercor Breach Linked to LiteLLM Supply-Chain Attack

BankInfoSecurity · Apr 04 · Relevance: █████████░ 9/10

Why it matters to CISOs: The LiteLLM compromise — the most widely used open-source LLM proxy — reportedly hit 36% of cloud environments and led to credential harvesting at scale, forcing Meta to pause work with Mercor. Any enterprise using LLM proxy layers needs to audit immediately.

  • TeamPCP compromised LiteLLM, the most popular open-source LLM proxy in the Python ecosystem
  • Mercor was first to confirm breach; Meta paused its relationship with the AI data vendor
  • APERION reported a 200% traffic increase post-attack as enterprises sought on-prem AI gateway alternatives

📖 Read full article

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

Dark Reading · Apr 03 · Relevance: ████████░░ 8/10

Why it matters to CISOs: TeamPCP has emerged as the week's most consequential threat actor — their supply chain attacks on LiteLLM, Trivy, and cloud/SaaS instances create a tangled attribution picture as ShinyHunters and Lapsus$ get involved, complicating incident response.

  • TeamPCP's supply chain attacks have expanded to breach cloud and SaaS instances using stolen credentials
  • ShinyHunters and Lapsus$ are taking credit and leaking data, creating attribution confusion
  • Organizations are disclosing breaches tied to TeamPCP at an accelerating rate

📖 Read full article

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

The Hacker News · Apr 03 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: North Korea's $285M theft from Drift via a novel 'durable nonce' attack on governance structures shows DPRK operators are innovating rapidly — any organization with on-chain treasury or governance mechanisms needs to reassess administrative privilege models.

  • $285 million drained from Solana-based Drift Protocol in single attack on April 1, 2026
  • Attackers exploited durable nonces to take over Security Council administrative powers
  • Attributed to North Korean threat actors; potentially largest crypto theft of 2026 so far

📖 Read full article

⚖️ Governance & Policy

Trump budget proposal would cut hundreds of millions more from CISA

CyberScoop · Apr 03 · Relevance: █████████░ 9/10

Why it matters to CISOs: Further CISA budget cuts could significantly reduce federal cyber threat intelligence sharing, vulnerability coordination, and incident response support that enterprise security teams rely on — plan for reduced government support.

  • Proposed budget cuts hundreds of millions more from CISA on top of previous reductions
  • Top congressional Democrat criticized both the scope and nature of the proposed reduction
  • Comes amid escalating nation-state attacks and supply chain compromises requiring federal coordination

📖 Read full article

RSAC 2026 shipped five agent identity frameworks and left three critical gaps open

VentureBeat Security · Mar 30 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: RSAC 2026 showed the industry racing to secure AI agents but critical gaps remain in behavioral baselines, runtime telemetry, and identity — CISOs need to plan for agent governance now before production deployments outrun security controls.

  • Five agent identity frameworks launched at RSAC 2026 from CrowdStrike, Cisco, Palo Alto Networks and others
  • CrowdStrike disclosed two Fortune 50 production incidents involving compromised AI agents
  • Only 5% of enterprises have moved AI agents into production despite 85% having pilots underway

📖 Read full article

🚨 Critical Vulnerability

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now

VentureBeat Security · Apr 02 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The accidental exposure of 512,000 lines of Claude Code source — including the complete permission model and 44 unreleased feature flags — has been weaponized by threat actors distributing malware via fake GitHub repos, creating a template for future AI tool compromises.

  • Anthropic accidentally shipped a 59.8 MB source map exposing 512,000 lines of unobfuscated TypeScript in Claude Code npm package v2.1.88
  • Exposed source includes the complete permission model, every bash security validator, and 44 unreleased feature flags
  • Threat actors immediately created fake GitHub repos distributing Vidar infostealer disguised as 'unlocked' Claude Code

📖 Read full article

OpenClaw has 500,000 instances and no enterprise kill switch

VentureBeat Security · Mar 31 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: The OpenClaw compromise — where an AI agent's autonomous privileges were sold on BreachForums for $25K — is a wake-up call for CISOs that zero trust principles are being abandoned wholesale for AI agent deployments.

  • OpenClaw's unauthenticated admin access vulnerability affects 500,000 instances with no enterprise kill switch
  • A UK CEO's OpenClaw AI assistant with root shell access was listed for sale on BreachForums for $25,000
  • CrowdStrike sensors now detect 1,800+ distinct AI applications on enterprise endpoints

📖 Read full article

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

The Hacker News · Apr 01 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: An actively exploited Chrome zero-day in WebGPU (Dawn) affects every Chrome-based browser in the enterprise — ensure browser patching policies can push updates within hours, not days.

  • CVE-2026-5281 is a use-after-free in Dawn (WebGPU) under active exploitation in the wild
  • Google released emergency patch addressing 21 vulnerabilities total
  • Affects all Chrome-based browsers including Edge, Brave, and other Chromium derivatives

📖 Read full article

Further Reading

Full Transcript

Click to expand full episode transcript

Jordan: This week, the supply chain became a weapon of mass compromise. Not metaphorically. Literally. Three separate attacks on open-source tooling — an npm package used by eighty percent of cloud environments, a security scanner baked into CI/CD pipelines everywhere, and the most popular LLM proxy in the Python ecosystem — all traced back to a single threat actor cluster. If you only understand one thing about this week, understand that.

Alex: Welcome back to Cleartext. It's Saturday, April 4th, 2026. I'm Alex Chen. If this week buried you — and honestly, it should have — this is where you catch up. Here's what mattered and what it means going into next week. We've got four major themes. First, TeamPCP and the supply chain catastrophe that touched the European Commission, Meta, and tens of thousands of cloud environments. Second, the geopolitical dimension — Iran is now explicitly synchronizing cyber operations with kinetic strikes, and that changes the threat model. Third, the speed problem — Akira ransomware can encrypt your environment in under an hour, and we need to talk about what that actually requires of your SOC. And fourth, the governance picture — CISA is getting gutted again, and RSAC reminded us that AI agents are sprinting past our controls. A lot of ground to cover. Let's go.

Jordan: So TeamPCP. Let's start there because this is the story of the week. This group — and we're still piecing together exactly who they are, which is part of the problem — hit three targets that sit inside the development and security toolchain of virtually every enterprise on the planet. They compromised Trivy, which is the open-source container vulnerability scanner that lives inside CI/CD pipelines. They compromised LiteLLM, which is the most widely deployed open-source proxy for LLM APIs in the Python ecosystem. And separately — though potentially connected — North Korean group UNC1069 socially engineered the lead maintainer of Axios, which has over a hundred million weekly npm downloads and sits inside roughly eighty percent of cloud environments. Three hours. That's how long the poisoned Axios versions were live before detection. Huntress caught first infections within eighty-nine seconds of the malicious push. The speed of detection was impressive. The blast radius was still enormous.

Alex: And let's be clear about what the Trivy compromise actually produced, because it's not just an abstract supply chain story. CERT-EU confirmed this week that the European Commission was breached via that Trivy attack. Three hundred and forty gigabytes of data. Thirty-plus EU entities. Names, usernames, emails — the kind of data that fuels spearphishing at sovereign scale. ShinyHunters leaked it publicly. Lapsus$ is also taking credit. You've got attribution confusion layered on top of a catastrophic disclosure. For CISOs at organizations with any European government or institutional relationships, that dataset is now in adversary hands and being operationalized.

Jordan: The LiteLLM piece is the one that's going to keep giving. Mercor confirmed this week that they were hit via the LiteLLM compromise. Meta paused its relationship with Mercor immediately. That's a significant business consequence. But the broader issue is that LiteLLM is the abstraction layer sitting between enterprise applications and every major LLM API. If you've deployed anything in the AI stack in the last eighteen months, there's a meaningful probability LiteLLM is in that chain. The researchers are estimating thirty-six percent of cloud environments. And the visibility problem is severe — most organizations don't have telemetry on what their AI gateway layer is doing at runtime.

Alex: Which connects directly to what came out of RSAC this week. Five agent identity frameworks launched in one week — CrowdStrike, Cisco, Palo Alto, others all shipping frameworks for securing AI agents. And CrowdStrike disclosed two Fortune 50 production incidents involving compromised AI agents. Two. At Fortune 50 companies. And yet only five percent of enterprises have AI agents in production despite eighty-five percent running pilots. The governance gap is already present even at low penetration. What happens when that five percent becomes fifty? The OpenClaw story captures this perfectly — a UK CEO's AI assistant with root shell access got listed on BreachForums for twenty-five thousand dollars. An unauthenticated admin vulnerability, five hundred thousand exposed instances, no enterprise kill switch. That's not a vulnerability story. That's a governance failure story. We handed an AI agent privileges we would never give a junior employee and then did no monitoring.

Jordan: Let me shift to the geopolitical picture because there's something genuinely new here that deserves its own conversation. Iranian password-spraying campaigns against Israeli targets directly preceded physical missile strikes. This is documented. This is a first. Cyber operations have historically been run in parallel with kinetic activity or as a substitute for it. What we're seeing now is explicit sequencing — cyber as a precursor, as a preparation layer for physical escalation. The Stryker wiper attack by Handala fits this pattern. A major US medical device manufacturer gets wiped. Operations are restored three weeks later, which means three weeks of degraded medical device supply chain during a period of active conflict. And Iran is also reportedly targeting Middle Eastern city governments specifically to degrade emergency response capabilities during missile strikes. That is not hacktivism. That is warfare.

Alex: For CISOs in healthcare, critical infrastructure, and defense industrial base — and honestly for any CISO whose organization has Middle East exposure — this changes your threat model. Iran has historically been a tier-two threat to most US enterprises. The Stryker attack suggests that's no longer the right framing. Handala is operating with a level of capability and targeting intentionality that reflects state direction, not just ideological motivation. Add that to the TA416 activity out of China — they went quiet for two years on European government targets and came back this week with PlugX and OAuth-based phishing. The timing of that return is not coincidental. European governments are under simultaneous pressure from multiple state actors right now. And TrueConf, the video conferencing platform — CISA gave federal agencies two weeks to patch a zero-day being actively exploited by Chinese actors against Southeast Asian governments. Video conferencing remains one of the most under-audited surfaces in the enterprise stack.

Jordan: The Russia piece this week was quieter but worth flagging. CERT-UA issued a warning that Russian actors are systematically going back to previously breached infrastructure and checking whether access still works. Testing old credentials. Checking whether patched vulnerabilities were actually remediated. This is methodical reconstitution of attack infrastructure. For any organization that had a Russia-linked incident in the last three years — and that's a lot of organizations — your post-incident remediation needs to be treated as an active question, not a closed file.

Alex: Now let's talk about speed, because the Akira data this week is operationally significant. Under one hour from initial access to full encryption. Halcyon confirmed this. And Akira is being deliberate about it — they're also investing heavily in working decryptors, specifically to build a reputation for paying out so victims actually pay the ransom. This is a professionalized operation optimizing for both speed and conversion rate. The implication for your SOC is stark: if your detection-to-response workflow takes more than thirty minutes, you are not operating at the speed required to stop Akira. Automated containment isn't a nice-to-have anymore. It's a prerequisite.

Jordan: On the quantum front — and I know some CISOs tune this out as a long-term problem — new research this week is compressing the timeline again. Specifically for elliptic curve cryptography. ECC is in your TLS, your SSH, your code signing. The resource requirements to break it are lower than previously modeled. I'm not saying Q Day is next year. I'm saying if your PQC migration roadmap says you'll start planning in 2028, that's now a board-level risk you need to revisit.

Alex: And the Claude Code leak deserves a mention because the weaponization speed was remarkable. Anthropic accidentally shipped five hundred and twelve thousand lines of unobfuscated TypeScript in an npm package. The source code included their complete permission model and forty-four unreleased feature flags. Within hours, threat actors had stood up fake GitHub repos distributing the Vidar infostealer disguised as an unlocked version of Claude Code. Any developer curious enough to look for the leaked source became a target. If you have developers using AI coding tools — and you do — this is a social engineering vector you need to brief your teams on this week.

Jordan: So let's step back. What was this week?

Alex: This week was the moment the software supply chain threat went from theoretical to undeniable. We've talked about SolarWinds, we've talked about XZ Utils, we've talked about the theoretical risk of open-source tooling as an attack surface. This week, a single threat actor cluster compromised three pillars of modern development and security infrastructure simultaneously. And the consequences cascaded to the European Commission, to Meta's vendor relationships, to tens of thousands of cloud environments. The toolchain is the attack surface now. Not just an attack surface — the attack surface.

Jordan: And CISA's budget is being cut again. Hundreds of millions more, proposed this week, on top of previous reductions. At the exact moment when federal threat intelligence sharing, vulnerability coordination, and incident response support are most needed. The government safety net for enterprise security is getting thinner. Which means if you've been relying on CISA advisories and KEV catalog updates as a meaningful input to your vulnerability management program, you need to be building redundancy into that intelligence pipeline now. Commercial sources, ISACs, peer networks. The cavalry is getting defunded.

Alex: Going into next week, here's the action list. Audit your JavaScript dependencies for Axios exposure and check npm token hygiene across your development org. If you're running Trivy in CI/CD, verify your pipeline integrity and check CERT-EU's indicators. If LiteLLM is in your AI stack, treat it as a compromised component until you've validated your version and runtime behavior. Brief your developers on the Claude Code infostealer campaign. Review your AI agent deployments against a zero-trust privilege model. And if you haven't had a frank conversation with your board about the geopolitical threat environment — Iran targeting US critical infrastructure, China resuming European government operations — this week's news gives you everything you need to have that conversation.

Jordan: It was a heavy week. Unfortunately, next week will probably be heavier.

Alex: That's Cleartext for the week ending April 4th, 2026. The daily show is back Monday. If you found this useful, share it with a peer who's trying to stay current. We'll be here. Stay sharp.

Cleartext is an automated daily podcast for CISOs and security leaders. Generated 2026-04-04.

Sources are pulled from: CyberScoop, The Record, SecurityWeek, Krebs on Security, Dark Reading, Cybersecurity Dive, BleepingComputer, Wired, Ars Technica, TechCrunch, Help Net Security, VentureBeat, Risky Business News, The Hacker News, CISA, and BankInfoSecurity.