👉 What's happening in cybersecurity today?

A series of cybersecurity developments highlights escalating threats, from ransomware groups exploiting vulnerabilities and zero-days to data breaches exposing employees and clients across major organizations.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. Qilin, Warlock Kill 300+ EDR Via Drivers

Security researchers have identified Qilin and Warlock ransomware groups utilizing the bring your own vulnerable driver technique to disable endpoint defense software on infected systems. By deploying a specialized malicious file that loads vulnerable kernel drivers, these attackers can terminate over 300 different security processes to ensure their ransomware remains undetected during execution.

2. LinkedIn Scans 6,000+ Chrome Extensions, Collects User Data

A recent investigation into a practice labeled BrowserGate reveals that LinkedIn utilizes hidden JavaScript to scan user browsers for thousands of installed extensions. This data collection reportedly allows Microsoft to identify which specific third-party tools and competitors are being used by professionals and corporations globally.

3. Fortinet Fixes Exploited FortiClient Bug

Fortinet has issued urgent out-of-band security patches for a critical vulnerability in FortiClient EMS that is currently being exploited by attackers in the wild. This flaw, identified as CVE-2026-35616, allows unauthenticated users to bypass API protections and execute unauthorized commands with elevated privileges.

For more alerts click here!

Subscribe Now

💥 Cyber Incidents

4. Strava Leak Exposes Military Personnel Data

Your Strava activity may seem like a simple fitness record, but a recent data leak involving over 500 UK military personnel proves how easily these logs can expose sensitive locations and identities. By layering routine exercise patterns over account details, personal information and secure habits can be mapped far beyond a basic running route.

5. Jones Day Breach Hits 10 Client Firms

Jones Day recently revealed that a phishing attack by the cybercriminal group Silent compromised files belonging to ten of its clients. While the firm noted that the accessed documents were dated and limited in scope, the hackers have already claimed responsibility for the breach on an extortion website.

6. Wynn Resorts Breach Hits 21K Employees

Wynn Resorts recently notified over 21,000 individuals that their personal information was compromised during a significant data breach. The incident involved the unauthorized acquisition of employee records by hackers, a situation the company officially confirmed following external claims of the intrusion.

For more incidents click here!

Claim Your Workspace

📢 Cyber News

7. White House Slashes CISA Funding by $707M

The Trump administration has proposed a $707 million budget reduction for the Cybersecurity and Infrastructure Security Agency for fiscal year 2027 to refocus the agency on its core mission of protecting federal networks. This cut aims to eliminate what the administration describes as waste and censorship-related activities while streamlining operations by removing redundant programs and international offices.

8. Microsoft Links Medusa to Zero-Day Attacks

Microsoft reports that the China-based cybercrime group Storm-1175 is launching high-speed attacks using both known and zero-day vulnerabilities to deploy Medusa ransomware. This financially motivated actor targets various sectors across the globe by weaponizing security flaws often before patches are even available to the public.

9. BlueHammer Windows Zero-Day Leaked

Exploit code has been released for an unpatched Windows vulnerability dubbed BlueHammer, which allows attackers to gain SYSTEM or elevated administrator permissions. The disclosure was made public by a researcher known as Chaotic Eclipse following a dispute with Microsoft over the handling of the security report.

For more news click here!

Get Help

📈Cyber Stocks

Cybersecurity stocks were mixed to slightly higher on Tuesday, April 7, 2026, as the sector entered a period of tight consolidation. While broader market volatility persists due to inflationary concerns, the cybersecurity group is showing a “base-building” pattern, with leading names trading within narrow ranges as investors wait for fresh fundamental catalysts.

Market Summary

The market is currently exhibiting high correlation between the major platform players, indicating that the sector is being traded as a unified “defensive tech” block rather than on individual news cycles.

• Identity Holding the Line: Okta (OKTA) showed a modest intraday gain of +0.46%, finishing at -14.30% for the period. The stock is currently serving as a technical anchor for the sector, holding steady as enterprise focus remains locked on identity-first security architectures.

• The Platform Duopoly: CrowdStrike (CRWD) and Palo Alto Networks (PANW) remain remarkably synchronized, ending at -14.83% and -15.14% respectively. This tight trading range suggests institutional “accumulation” as both companies continue to swallow market share in the cloud security and XDR markets.

• Volatility in Mid-Caps: Rapid7 (RPD) remains the most volatile name in the group, currently at -57.72%. While still down significantly, the slight bounce off recent lows suggests some speculative interest is returning at these deep-value levels.

Key Insight: We are seeing a “Wait and See” approach from institutional desks. With the sector having largely de-risked from its early Q1 highs, the current stability in OKTA and CRWD suggests that the market has accepted current valuations. For the briefing audience, the key takeaway is that “security spend resilience” is now the consensus view, shifting the focus from if companies will spend, to which platforms will capture the largest share of the remaining 2026 budget.

💡 Cyber Tip

🤖 Guard Your Browser from Fingerprinting

LinkedIn has been reported to use hidden scripts to scan for over 6,000 Chrome extensions, effectively “fingerprinting” your professional software environment. This practice allows them to identify the specific third-party tools you use and link that data directly to your professional identity and employer.

🛠️ What You Should Do

• Use a Privacy-Focused Browser: Switch to browsers like Brave or Firefox, which have built-in protections against “fingerprinting” and script-based scanning.

• Audit Your Extensions: Remove any browser extensions you no longer use; the fewer you have, the smaller your digital footprint.

• Enable “Private” Extension Settings: In Chrome, you can manage extensions and toggle “Allow in Incognito” off (or on only for essential ones) to limit their visibility.

• Install Script Blockers: Use tools like uBlock Origin or NoScript to prevent websites from running unauthorized background scripts that probe your system.

• Containerize Your Browsing: Use the “Multi-Account Containers” extension in Firefox to isolate LinkedIn from your other browsing activities and extensions.

⚠️ Why This Matters

This covert scanning allows companies to map out a corporation’s internal software stack and identify users of competing services without consent. By linking your private toolset to your professional profile, platforms can monitor your workflow, target you for enforcement, or gain an unfair competitive advantage over the software providers you choose to use.

Visit BookClub

📚 Cyber Book

Understand the Cyber Attacker Mindset by Sarah Armstrong-Smith

GET BOOK

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium