ClearSignal — Apr 09, 2026

Federal cybersecurity operations face mounting pressure from multiple fronts: sophisticated nation-state attacks from Russia and Iran targeting critical infrastructure and government systems, budget constraints affecting CISA at a critical juncture, and legislative urgency around FISA 702 reauthorization. Meanwhile, a $1.5 trillion defense budget request signals major spending priorities, and the government is advancing modernization efforts through unified networks and accelerated software delivery capabilities. The convergence of escalating cyber threats, resource limitations, and policy deadlines demands immediate executive attention.

Top 3

Russia Hacked Routers to Steal Microsoft Office Tokens — Russian military intelligence compromised over 18,000 networks through router vulnerabilities to steal Microsoft Office authentication tokens without deploying malware, representing a massive espionage operation. This sophisticated campaign demonstrates evolving nation-state tactics that bypass traditional detection methods and poses significant risk to government and contractor credentials. Immediate router security assessments and credential rotation should be prioritized across your organization. — krebs-on-security
Details of the $1.5 trillion defense budget request, and a key lawmaker’s take on the F-35 — The $1.5 trillion defense budget request represents historic spending levels with significant implications for contractor portfolios and capability investments, including critical discussions on F-35 program direction. This budget will reshape competitive landscapes and determine which platforms, technologies, and modernization efforts receive priority funding. Understanding these funding priorities is essential for strategic positioning and capture planning over the next fiscal cycle. — breaking-defense
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs — Iranian threat actors successfully compromised Internet-facing programmable logic controllers in U.S. critical infrastructure, causing operational disruption and financial losses across multiple sectors following recent military strikes. This represents a dangerous escalation from reconnaissance to active disruption of industrial control systems managing power, water, and energy assets. Organizations with ICS/SCADA environments should immediately isolate Internet-facing controllers and implement enhanced monitoring protocols. — dark-reading

Policy & Regulatory

National security veterans warn against delays in FISA 702 reauthorization — National security veterans are urging Congress to avoid delays in reauthorizing FISA Section 702, seeking an 18-month extension as lawmakers return from recess. — the-record
Details of the $1.5 trillion defense budget request, and a key lawmaker’s take on the F-35 — A $1.5 trillion defense budget request has been submitted, with details discussed on Breaking Defense’s podcast including a key lawmaker’s perspective on the F-35 program. The massive budget request represents significant fiscal policy implications for defense spending priorities. — breaking-defense
New cyber strategy bets on coordination over regulation — A new cyber strategy emphasizes coordination over regulation, with industry expressing optimism about the collaborative approach compared to the previous administration’s policies. — federal-news-network
Risky Business #832 — Anthropic unveils magical 0day computer God — CISA faces further budget cuts at a critical time, while Anthropic’s new Mythos AI model demonstrates advanced vulnerability hunting capabilities but is restricted to select Project Glasswing partners. — risky-business
France to increase defense spending by $42 billion, mulls new tank effort — France announces $42 billion increase in defense spending and is considering acquiring an interim tank platform from KNDS Germany or KNDS France, according to Armed Forces Minister Catherine Vautrin. — breaking-defense

Agency & Mission Activity

Breaking Defense expands editorial staff, with Ben Watson joining as production editor — Breaking Defense has expanded its editorial staff by hiring Ben Watson as production editor to lead newsletters, social media, and special editorial projects. This is a media industry staffing announcement. — breaking-defense
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday — CISA has issued a binding operational directive requiring federal agencies to patch a critical Ivanti EPMM vulnerability within four days, following active exploitation since January. — bleeping-computer
Army Data Operations Center is open for requests — The Army Data Operations Center is now accepting requests to support operational data teams and alleviate burden from divisions, allowing them to focus on commanders’ priorities according to Michael Kaloostian. — breaking-defense
As 2-week ceasefire takes hold, Pentagon touts ‘decisive military victory’ — Pentagon leadership declares decisive military victory following destruction of Iran’s defense industrial base during operations that preceded a 2-week ceasefire, with Chairman of Joint Chiefs Gen. Dan Caine stating Iran’s capability reconstitution will take years. — breaking-defense

Technology Trends

Hackers exploit critical flaw in Ninja Forms WordPress plugin — A critical vulnerability in the Ninja Forms File Uploads premium WordPress add-on allows unauthenticated attackers to upload arbitrary files and achieve remote code execution. — bleeping-computer
FBI: Americans lost a record $21 billion to cybercrime last year — The FBI reports U.S. victims lost a record $21 billion to cybercrime in the previous year, with investment scams, business email compromise, tech support fraud, and data breaches as primary attack vectors. — bleeping-computer
US warns of Iranian hackers targeting critical infrastructure — U.S. authorities warn that Iranian-linked threat actors are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers on critical infrastructure networks. — bleeping-computer
Max severity Flowise RCE vulnerability now exploited in attacks — Attackers are actively exploiting CVE-2025-59528, a maximum-severity remote code execution vulnerability in Flowise, an open-source platform for building custom LLM applications and agentic systems. — bleeping-computer
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins — International law enforcement and private sector partners disrupted FrostArmada, an APT28 campaign that hijacked DNS traffic from MikroTik and TP-Link routers to steal Microsoft 365 credentials. — bleeping-computer
Why Your Automated Pentesting Tool Just Hit a Wall — Picus Security highlights limitations of automated penetration testing tools, which deliver early results but plateau quickly, leaving critical attack surfaces untested and creating validation gaps. — bleeping-computer
Feds quash widespread Russia-backed espionage network spanning 18,000 devices — Federal authorities disrupted a Russia-backed espionage network operated by Forest Blizzard (GRU-attributed APT28) that compromised 18,000 devices to hijack network traffic and steal Microsoft account credentials and tokens. — cyberscoop
Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities — Tech giants launched ‘Project Glasswing,’ an AI-powered initiative to identify critical software vulnerabilities in response to emerging AI-enabled offensive cyber capabilities. — cyberscoop
Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn — U.S. government agencies issued urgent warnings that Iranian government hackers are conducting disruptive cyberattacks against American energy and water infrastructure, targeting industrial control systems following U.S.-Israel strikes on Iran. — cyberscoop
Cybercrime losses jumped 26% to $20.9 billion in 2025 — The FBI’s annual Internet Crime Complaint Center report shows cybercrime losses surged 26% to $20.9 billion in 2025, with actual losses likely higher due to underreporting. — cyberscoop
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace — Noma Security researchers discovered ‘GrafanaGhost,’ a vulnerability exploiting indirect prompt injection to bypass Grafana’s AI defenses and exfiltrate sensitive corporate data without detection. — cyberscoop
FBI, Pentagon warn of Iran hacking groups targeting operational technology — FBI and Pentagon issued joint advisory warning that Iranian threat actors are targeting operational technology in local governments, water/wastewater systems, and energy sector infrastructure. — the-record
Massachusetts hospital turning ambulances away after cyberattack — Signature Healthcare Brockton Hospital in Massachusetts is diverting ambulances following a cyberattack that disrupted multiple information systems at the facility. — the-record
UK exposes Russian cyber unit hacking home routers to hijack internet traffic — UK officials exposed Russian cyber unit operations compromising small office and home office routers with weak security or outdated software to hijack internet traffic. — the-record
Russia Hacked Routers to Steal Microsoft Office Tokens — Russian military intelligence-linked hackers exploited vulnerabilities in older Internet routers to steal Microsoft Office authentication tokens from users across more than 18,000 networks without deploying malicious software. The mass espionage campaign allowed state-backed threat actors to quietly siphon credentials for surveillance purposes. — krebs-on-security
Storm-1175 Deploys Medusa Ransomware at ‘High Velocity’ — Microsoft reports that Storm-1175, a financially motivated cybercrime group, is deploying Medusa ransomware at high velocity by exploiting both N-day and zero-day vulnerabilities in speed-focused campaigns. — dark-reading
Grafana Patches AI Bug That Could Have Leaked User Data — Grafana patched an AI vulnerability where attackers could hide malicious instructions on web pages that AI would ingest and execute, potentially returning sensitive data to attacker-controlled servers. — dark-reading
RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever — Dark Reading’s coverage of RSAC 2026 highlights how AI is fundamentally reshaping cybersecurity at an accelerated pace, examining past trends and future implications for the industry. — dark-reading
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends — At RSAC 2026, CISOs and industry leaders engaged in debates about AI’s expanding role in security, particularly around agentic applications and the challenges of maintaining human oversight in security decision-making. — dark-reading
DoD Modernization Exchange 2026: Army’s Leo Garciga on unified network, continuous ATO speeding tools to warfighters — The Army is close to fully implementing a unified network and obtaining continuous authority to operate (ATO) for software, which will accelerate delivery of tools to warfighters. — federal-news-network
DoD Modernization Exchange 2026: Air Force’s George Forbes on orchestrating capability development — The Air Force is using Sherpas—software development experts—to guide mission owners and operators through faster, more secure capability development processes. — federal-news-network
Don’t just fight fraud, hunt it — Industry experts advocate for treating digital identity as critical infrastructure and adopting layered, real-time defense strategies to combat increasingly sophisticated fraud operations. — cyberscoop
Hack-for-hire spyware campaign targets journalists in Middle East, North Africa — Research organizations uncovered a hack-for-hire spyware campaign targeting journalists in the Middle East and North Africa, involving the suspected Indian government-connected group Bitter and ProSpy spyware. — cyberscoop
Eurail says December data breach impacts 300,000 individuals — Eurail B.V., a European travel operator providing digital rail passes for 33 national railways, disclosed a December 2025 data breach affecting over 300,000 individuals whose personal information was stolen by attackers. — bleeping-computer
Hackers exploiting Acrobat Reader zero-day flaw since December — Attackers have been actively exploiting a zero-day vulnerability in Adobe Acrobat Reader using maliciously crafted PDF documents since at least December, posing significant risk to users. — bleeping-computer
Microsoft suspends dev accounts for high-profile open source projects — Microsoft has suspended developer accounts for multiple high-profile open-source projects without proper notification, blocking their ability to publish new software builds and critical security patches for Windows users. — bleeping-computer
Hackers use pixel-large SVG trick to hide credit card stealer — A large-scale campaign targeting nearly 100 Magento e-commerce stores conceals credit card-stealing malware within pixel-sized SVG images, demonstrating sophisticated attack techniques. — bleeping-computer
Google: New UNC6783 hackers steal corporate Zendesk support tickets — Threat actor UNC6783 is compromising business process outsourcing (BPO) providers to gain unauthorized access to high-value companies’ Zendesk support tickets across multiple sectors. — bleeping-computer
New macOS stealer campaign uses Script Editor in ClickFix attack — A new macOS malware campaign deploys Atomic Stealer by abusing Script Editor in a ClickFix-style attack, representing an evolution from previous Terminal-based social engineering techniques. — bleeping-computer
13-year-old bug in ActiveMQ lets hackers remotely execute commands — Security researchers have identified a 13-year-old remote code execution vulnerability in Apache ActiveMQ Classic that allows attackers to execute arbitrary commands on vulnerable systems. — bleeping-computer
Is a $30,000 GPU Good at Password Cracking? — Analysis by Specops reveals that expensive AI GPUs costing $30,000 do not provide superior password cracking performance compared to consumer-grade GPUs, highlighting that weak passwords remain vulnerable regardless of attacker hardware sophistication. — bleeping-computer
Cybercriminals target accountants to drain Russian firms’ bank accounts — Cybercriminals have stolen millions of rubles from Russian companies by compromising accountants’ computers and disguising fraudulent transfers as legitimate salary payments, with individual thefts exceeding 14 million rubles. — the-record
TikTok removes covert networks ahead of Hungary vote as disinformation concerns grow — TikTok removed covert networks using fake accounts to amplify political disinformation targeting Hungarian users ahead of elections, including content against opposition leader Péter Magyar and Prime Minister Viktor Orbán’s party. — the-record
Passport numbers for more than 300,000 leaked during December Eurail data breach — A December data breach at Eurail exposed passport numbers for over 300,000 individuals, with hackers claiming to have stolen 1.3 TB of data including source code, database backups, and Zendesk support tickets. — the-record
Breach exposes sensitive LAPD files stored in city attorney system — A data breach exposed sensitive LAPD files stored in the Los Angeles city attorney system, with social media posts indicating 7.7 terabytes of stolen data available for download. — the-record
BAE Systems trials low-cost counter drone solution for Eurofighter Typhoon — BAE Systems conducted internally-funded trials of a low-cost counter-drone solution for the Eurofighter Typhoon, including air-to-surface testing as part of investment in advanced capabilities for customers. — breaking-defense
Threat Actors Get Crafty With Emojis to Escape Detection — Threat actors are increasingly using emojis as coded communications to evade detection filters, with symbols like 🤖 representing ‘bot available’ and 💰💰💰 indicating ‘big ransom’ in underground cybercriminal channels. — dark-reading
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties — HackerOne pauses bug bounty programs citing a remediation crisis where automated AI-led vulnerability discovery has shifted the bottleneck from bug discovery to fixing open source vulnerabilities, which bounties don’t fund. — dark-reading
Fraud Rockets Higher in Mobile-First Latin America — Cyber-fraud incidents are surging in mobile-first Latin American markets, with threat actors rapidly moving from device compromise to account takeover and funds transfer before financial institutions can respond. — dark-reading
Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus — Full Sail University is opening an IBM Cyber Defense Range on campus, powered by AWS and Cloud Range infrastructure. — dark-reading
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs — Iranian threat actors compromised Internet-facing programmable logic controllers (PLCs) in U.S. critical infrastructure, causing operational disruption, file manipulation, and financial losses across multiple sectors. — dark-reading
Agencies warn Iranian-linked hackers targeting critical infrastructure — Federal agencies issued warnings about Iranian-linked hacking groups targeting programmable logic controllers across multiple U.S. critical infrastructure sectors. — federal-news-network

Procurement & Opportunities

The HH-60W helped rescue a pilot in Iran. Here’s why the Air Force might not buy more. — The Air Force’s HH-60W Jolly Green II helicopter participated in a pilot rescue operation in Iran, but the service may not procure additional aircraft beyond the current planned fleet. The Air Force attempted to cap procurement at 75 aircraft in FY2023, though lawmakers have resisted the limitation. — breaking-defense
Bell, M1 advance to final phase of Army’s Flight School Next competition — Bell and M1 have advanced to the final evaluation phase of the Army’s Flight School Next competition, where the Army’s technical evaluation team will fly each aircraft to verify compliance with Aviation Center of Excellence standards. This marks a critical milestone in the Army’s training aircraft procurement process. — breaking-defense
N6600126R0002 - Cyberspace Science, Research, Engineering and Technology Integration Small Business Multiple Award Contract (MAC) — Naval Information Warfare Center (NIWC) Pacific issued a solicitation for a Cyberspace Science, Research, Engineering and Technology Integration Small Business Multiple Award Contract (MAC) with responses due April 24, 2026. — sam-gov
Multi-Spectrum Defensive Electronic Warfare (MSDEW) Advanced Research Announcement (ARA) — Air Force Research Laboratory issued an Advanced Research Announcement for Multi-Spectrum Defensive Electronic Warfare (MSDEW) research with proposals due July 13, 2027. — sam-gov

← Archive