Daily Security Briefing #220

April 10, 2026 | Read Online

GRIDTIDE disrupted, Claude Code vulnerabilities exposed, and AI training data poisoning…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The recent Storm-2755 campaign highlights the use of adversary-in-the-middle (AiTM) session hijacking to steal employee salaries. Meanwhile, critical vulnerabilities in EngageSDK have been exposed, putting millions of crypto wallets at risk. Additionally, threat actors are exploiting GitHub and GitLab for malware delivery and phishing operations.

Top Articles

EngageSDK Vulnerability puts millions of crypto wallets at risk A newly disclosed vulnerability in the widely used Android library EngageSDK has raised serious concerns across the cryptocurrency ecosystem, potentially exposing millions of users to data theft and unauthorized access. Security researchers identified a critical “intent redirection” vulnerability in EngageSDK, a third-party Android SDK commonly used for push notifications and in-app messaging. GBHackers

Storm-2755 Uses AiTM Hijacking to Divert Employee Salaries Hackers are abusing adversary-in-the-middle (AiTM) session hijacking to steal employee salaries in a new “payroll pirate” campaign tracked by Microsoft as Storm-2755 and targeting Canadian users. By hijacking live Microsoft 365 sessions, the group redirects payroll deposits to attacker-controlled bank accounts while bypassing multifactor authentication (MFA). GBHackers

Threat Actors Exploit GitHub and GitLab For Malware Delivery and Phishing Operations GitHub and GitLab are essential tools for programmers, project managers, and software developers worldwide. However, this widespread trust is increasingly being weaponized by cybercriminals. Threat actors are exploiting this required access, uploading malware and credential-phishing pages to generate malicious content. CyberPress

HPE Aruba Private 5G Platform Vulnerability Enables Credential Theft Attacks A newly disclosed vulnerability in HPE Aruba Networking Private 5G Core On-Prem is raising serious concerns for enterprise environments, as it can be exploited to steal administrative credentials through targeted phishing-style attacks. Tracked as CVE-2026-23818 and detailed in HPE security bulletin HPESBNW05032EN_US. CyberPress

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed to stealthily infect all integrated development environments (IDEs) on a developer’s machine. The technique has been discovered in an Open VSX extension named “specstudio.code-wakatime-activity-tracker.” The Hacker News

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. Bleeping Computer

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn’t on anyone’s radar. The report highlights the risks of AI browser extensions. The Hacker News

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. Bleeping Computer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.