Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says the China-based group it tracks as Storm-1175 is moving unusually fast in Medusa ransomware intrusions, sometimes weaponizing newly disclosed bugs within a day and in some cases exploiting flaws before patches are released. The company said recent campaigns hit healthcare, education, professional services, and finance targets, and showed the group chaining multiple vulnerabilities to gain persistence, steal credentials, disable defenses, and deploy ransomware within days or even 24 hours.
Google DeepMind Researchers Map Web Attacks Against AI Agents
Google DeepMind researchers are warning that autonomous AI agents can be manipulated through what they call “AI Agent Traps,” malicious web content designed to deceive agents and turn their own capabilities against them. The research outlines six attack classes, including hidden content injection, semantic manipulation, memory corruption, behavioral control, systemic failures, and human-in-the-loop abuse, underscoring how agentic systems create a fresh web-facing attack surface even when the model itself isn’t directly compromised.
Apple Breaks Precedent, Patches DarkSword for iOS 18
Apple has now backported fixes for the DarkSword exploit chain to iOS 18 devices, not just the newest release and older devices that can’t upgrade, which Dark Reading notes is an unusual move for Apple. The change followed the public leak of DarkSword to GitHub in late March and gives enterprises more room to protect users who haven’t yet moved to iOS 26, while signaling that Apple views the kit as serious enough to warrant broader-than-normal patch coverage.
Hasbro says it was hacked, and may take ‘several weeks’ to recover
Hasbro disclosed that it detected unauthorized network access on March 28 and took some systems offline, with the company warning that interim measures may need to stay in place for several weeks. The toymaker said it is still determining the scope of the incident, including whether data was stolen, but the disruption is already affecting key operations such as ordering and shipping.
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
CERT-EU has tied the March 24 Europa.eu cloud breach to the Trivy supply chain compromise, saying attackers used a compromised AWS secret to access European Commission cloud data. According to CERT-EU’s analysis, 350 GB of data was stolen from infrastructure serving 42 internal Commission clients and at least 29 other EU entities, and the dataset was later leaked after the group linked to the intrusion passed it to ShinyHunters.
The post InfoSec News Nuggets 04/07/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
