Daily Security Briefing #230

April 20, 2026 | Read Online

Ransomware surge, AI-powered vulnerability discovery, and state-sponsored hacking…

Executive Summary

The cybersecurity landscape continues to evolve with new threats emerging daily. The recent surge in ransomware attacks, particularly from the Gentlemen group, highlights the need for robust security measures. Meanwhile, Anthropic’s Project Glasswing has sparked discussion on AI’s potential in vulnerability discovery, but its implications remain unclear. State-sponsored hacking also remains a significant concern, as seen with Iran’s MOIS tied to coordinated cyber campaigns.

Top Articles

Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action Anthropic’s Project Glasswing has sparked discussion about AI’s potential in vulnerability discovery. However, the more pressing question is how security teams can prepare for and capitalize on this opportunity. As AI becomes increasingly capable of finding software flaws, defenders must adapt to stay ahead. Rapid7 Blog

The Gentlemen: A New Ransomware Threat Climbing the Charts — Fast Gentlemen ransomware-as-a-service (RaaS) has claimed over 320 victims since mid-2025, making it the #2 most active ransomware group by victim count this year. Check Point Research gained access to a live command-and-control server linked to a Gentlemen affiliate, revealing a botnet of over 1,570 likely corporate victims. Checkpoint Blog

Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas Researchers have linked three prominent personas – Homeland Justice, Karma/KarmaBelow80, and Handala – to Iran’s Ministry of Intelligence and Security (MOIS). These identities act as interchangeable online personas for a single state-directed operation. GBHackers

Is “Satoshi Nakamoto” Really Adam Back? The New York Times has published an article presenting circumstantial evidence that the inventor of Bitcoin is Adam Back. While the author’s arguments are convincing, it remains unclear whether this theory holds water. Schneier Blog

TBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS Malware Hackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. The campaign leverages CVE-2024-3721, an OS command injection vulnerability. GBHackers

How Threat Intelligence Helps SOC Teams Cut MTTR and Outpace Modern Attacks Reducing Mean Time to Respond (MTTR) remains a significant challenge for modern Security Operations Centers. Threat intelligence can help SOC teams cut MTTR and stay ahead of modern attacks. CyberPress

ZionSiphon Launches Sabotage Attacks On Israel’s Water Infrastructure Darktrace researchers have uncovered a new politically motivated malware strain called ZionSiphon, engineered to infiltrate and sabotage Israel’s water treatment and desalination systems. CyberPress

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files A critical security vulnerability has been disclosed in SGLang, allowing remote code execution on susceptible systems. The vulnerability carries a CVSS score of 9.8 out of 10.0. The Hacker News

DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy Check Point Research has released a DFIR report on The Gentlemen RaaS operation, providing insights into their tactics and techniques. Checkpoint Research

20th April – Threat Intelligence Report Check Point Research has published a threat intelligence report for the week of 20th April, covering various attacks and breaches. Checkpoint Research

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More The Hacker News has published a weekly recap of notable security incidents and threats. The Hacker News

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.