Skip to main content
Back to articles
Security Solutions Team

CISO Daily Digest: Hims Breach, Citizen Lab Webloc, GlassWorm Campaign (20260413)

Hims health data breach exposes sensitive PHI; Citizen Lab reveals law enforcement used Webloc to track 500M devices; GlassWorm campaign targets developer IDEs

Hims Breach Citizen Lab Webloc GlassWorm APT37 Google DBSC

Major Security Events on April 13

  • Hims Breach: Telehealth platform Hims disclosed a breach exposing the most sensitive kinds of Protected Health Information (PHI), including patient records and medical data.
  • Citizen Lab Webloc Investigation: Citizen Lab revealed that law enforcement agencies used a surveillance system called Webloc to track over 500 million devices globally by exploiting advertising data infrastructure.
  • GlassWorm Campaign: A new campaign named GlassWorm uses the Zig programming language to build a dropper that infects multiple developer IDEs, targeting the software supply chain.
  • Google DBSC in Chrome 146: Google rolled out Device Bound Session Credentials (DBSC) in Chrome 146 to prevent session cookie theft on Windows, a significant defense against token theft attacks.
  • North Korea APT37: North Korea’s APT37 group was observed using Facebook social engineering lures to deliver RokRAT malware.
  • Marimo RCE (CVE-2026-39987): A remote code execution flaw in Marimo was exploited within 10 hours of disclosure, demonstrating the speed of modern threat actors.
  • Backdoored Smart Slider 3 Pro: A compromised update of Smart Slider 3 Pro WordPress plugin was distributed via compromised Nextend servers.

πŸ”— References: Hims Breach (Dark Reading) | Citizen Lab (The Hacker News) | GlassWorm (The Hacker News) | Google DBSC (The Hacker News)

Active Threats This Week

πŸ“Œ Hims Healthcare Data Breach

The Hims telehealth platform breach exposed highly sensitive patient health information, including medical records, prescriptions, and personal identifiers. Healthcare data breaches carry severe regulatory implications under HIPAA and can cause lasting reputational damage.

πŸ”— Reference: Dark Reading | The Hacker News

πŸ“Œ Citizen Lab: Webloc Mass Surveillance System

Citizen Lab documented a surveillance system called Webloc that leverages advertising data to track over 500 million devices worldwide. Law enforcement agencies reportedly used this system for location tracking without warrants, raising significant privacy and civil liberties concerns.

πŸ”— Reference: The Hacker News

πŸ“Œ GlassWorm Campaign Targets Developer IDEs

The GlassWorm campaign uses a dropper written in the Zig programming language to infect multiple integrated development environments (IDEs). This novel approach targets the software supply chain by compromising developer workstations, potentially leading to widespread downstream infections.

πŸ”— Reference: The Hacker News

πŸ“Œ Google DBSC Protects Against Session Theft

Google introduced Device Bound Session Credentials (DBSC) in Chrome 146 to bind authentication sessions to specific devices, making it significantly harder for attackers to steal session cookies and bypass multi-factor authentication protections.

πŸ”— Reference: The Hacker News