US launches cyber threat sharing channel for digital asset firms
The US Treasury has introduced a new threat intelligence sharing program aimed at digital asset companies, giving them access to the same cybersecurity intelligence feeds used by traditional financial institutions. The move comes as crypto platforms continue to face large-scale attacks and is intended to improve response speed and resilience across a sector that has historically operated with less mature security coordination.
New research identified 179 internet-facing industrial control systems using the insecure Modbus protocol, highlighting ongoing exposure across power, manufacturing, and transportation sectors. Because Modbus lacks built-in authentication, these systems can be directly manipulated by attackers, reinforcing that basic network exposure issues in OT environments still persist despite years of high-profile ICS-targeted malware.
Microsoft finds vulnerability exposing millions of Android crypto wallet users
Microsoft researchers uncovered a serious flaw in a widely used third-party Android SDK embedded in cryptocurrency wallet apps, potentially impacting over 30 million installations. The issue stems from improper handling of Android intents, which could allow unauthorized access to sensitive data, underscoring the systemic risk introduced by insecure mobile SDK dependencies in high-value financial apps.
China supercomputer breach exposes massive defence data, sparks security concerns
A major breach involving a Chinese government supercomputing system reportedly exposed large volumes of classified defense-related data, raising concerns about the security of high-performance computing environments. While details remain limited, the scale and sensitivity of the impacted systems suggest potential long-term intelligence and national security implications.
To counter cookie theft, Chrome ships device-bound session credentials
Google has started rolling out Device Bound Session Credentials in Chrome 146 for Windows, with macOS support planned for a future release. The feature is designed to blunt one of the most common post-infection paths by cryptographically binding session cookies to the local device, which means stolen cookies are far less useful to attackers trying to hijack authenticated sessions.
The post InfoSec News Nuggets 04/10/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
