CISO Daily Digest: Critical Vulnerabilities and Active Exploits (20260430)
Key cybersecurity events and threats as of 2026-04-30
This North Korean threat actor uses AI-generated malware and social engineering to target cryptocurrency and defense sectors.
Event Context:
- New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
- 北韓駭客Famous Chollima透過AI生成惡意NPM套件,藉此洗劫開發人員加密貨幣資產
- SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
- TeamT5 ThreatSonar Anti-Ransomware存在高風險漏洞,可被提升權限、刪除任何檔案
- Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
Organizations should review the relevant security advisories and ensure their defenses are updated accordingly.
🔗 Reference: Source
Active threats this week
📌 北韓駭客Famous Chollima透過AI生成惡意NPM套件,藉此洗劫開發人員加密貨幣資產
This North Korean threat actor uses AI-generated malware and social engineering to target cryptocurrency and defense sectors.
📌 SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
This supply chain attack targets npm and PyPI packages with credential-stealing malware. Audit software dependencies and implement package integrity verification in CI/CD.
🔗 Reference: Source
📌 TeamT5 ThreatSonar Anti-Ransomware存在高風險漏洞,可被提升權限、刪除任何檔案
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
📌 Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
🔗 Reference: Source
📌 勒索軟體Gentlemen透過代理伺服器工具SystemBC滲透企業組織
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
📌 Gentlemen
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
📌 勒索軟體組織「The Gentlemen」結合SystemBC惡意軟體擴大攻擊版圖
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
🔗 Reference: Source
📌 Lotus Wiper
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
📌 委內瑞拉能源及公用事業部門遭資料破壞軟體Lotus Wiper攻擊
This ransomware or wiper variant poses a significant threat to enterprise data integrity. Organizations should ensure offline backups and updated EDR signatures.
📌 APT28將Windows Shell欺騙漏洞用於實際攻擊
This Russian state-sponsored group exploits known vulnerabilities for espionage. Prioritize patching Windows Shell and commonly exploited vulnerabilities.
📌 KrCERT/CC發布「Operation SearchStrike」報告:駭客以SEO毒化Github散布惡意軟體
This campaign uses SEO poisoning on GitHub to distribute malware. Implement web filtering and verify software download sources.
🔗 Reference: Source
📌 В PyPI скомпрометировали пакет elementary-data, который скачивают 1,1 млн раз в месяц
This PyPI package compromise affects a package with 1M+ monthly downloads. Verify package integrity and rotate exposed credentials.
🔗 Reference: Source
How Can OPSWAT Help
Supply chain threat prevention: OPSWAT MetaDefender’s multi-engine scanning (30+ AV engines) and Content Disarm and Reconstruction (CDR) can inspect downloaded packages and binaries before they reach enterprise systems—stripping active threats while preserving usability.
Malware and ransomware defense: OPSWAT’s Deep CDR removes active content from files, neutralizing embedded threats including zero-day exploits. Combined with multi-engine scanning, this provides defense-in-depth against known and unknown malware.