CISO Daily Digest: Ransomware & Data-Wiping Attacks (20260428)
Key cybersecurity events and threats as of 2026-04-28
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
Event Context:
- VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
- 蠕蟲程式GlassWorm透過73個VS Code延伸套件潛伏於Open VSX儲存庫
- RPC零時差漏洞PhantomRPC可被用於提升權限
- 韓國KISA首度啟動安全漏洞清理服務,首波因應目標是WGear網銀RCE漏洞
- Npm-пакет Bitwarden взломали ради кражи учетных данных разработчиков
Organizations should review the relevant security advisories and ensure their defenses are updated accordingly.
🔗 Reference: Source
Active threats this week
📌 蠕蟲程式GlassWorm透過73個VS Code延伸套件潛伏於Open VSX儲存庫
This campaign targets VS Code extensions in the software supply chain. Developers should audit installed extensions and verify publisher identities.
📌 RPC零時差漏洞PhantomRPC可被用於提升權限
This unpatched Windows privilege escalation vulnerability requires applying recommended workarounds until an official patch is available.
📌 韓國KISA首度啟動安全漏洞清理服務,首波因應目標是WGear網銀RCE漏洞
This vulnerability requires assessment and prioritization. Identify affected systems and apply patches or compensating controls.
📌 Npm-пакет Bitwarden взломали ради кражи учетных данных разработчиков
🔗 Reference: Source
📌 Unpatched ‘PhantomRPC’ Flaw in Windows Enables Privilege Escalation
This unpatched Windows privilege escalation vulnerability requires applying recommended workarounds until an official patch is available.
🔗 Reference: Source
📌 HTB Sorcery. Захватываем домен FreeIPA
🔗 Reference: Source
📌 Study says there’s ‘no longer an excuse’ for releasing AI models that ‘reinforce user delusions’
📌 PhantomRPC
This unpatched Windows privilege escalation vulnerability requires applying recommended workarounds until an official patch is available.
📌 Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
🔗 Reference: Source
📌 Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
This data exposure potentially compromises sensitive information. Assess exposure risk and implement remediation.
🔗 Reference: Source
📌 Checkmarx證實GitHub資料遭駭客團體Lapsus$流入暗網
This data exposure potentially compromises sensitive information. Assess exposure risk and implement remediation.
📌 CISA警告D-Link路由器命令注入漏洞被用於實際攻擊
This vulnerability requires assessment and prioritization. Identify affected systems and apply patches or compensating controls.
How Can OPSWAT Help
Supply chain threat prevention: OPSWAT MetaDefender’s multi-engine scanning (30+ AV engines) and Content Disarm and Reconstruction (CDR) can inspect downloaded packages and binaries before they reach enterprise systems—stripping active threats while preserving usability.
Malware and ransomware defense: OPSWAT’s Deep CDR removes active content from files, neutralizing embedded threats including zero-day exploits. Combined with multi-engine scanning, this provides defense-in-depth against known and unknown malware.