Cybersecurity Brief: April 8, 2026

U.S. critical infrastructure faces an escalating threat as Iran-linked APT groups actively exploit programmable logic controllers (PLCs) and SCADA systems at energy and water facilities nationwide. Federal agencies issued urgent warnings after confirming operational disruptions at multiple sites, marking a concerning shift from reconnaissance to active manipulation of industrial control systems. The attacks target the operational technology layer that directly controls physical processes, presenting risks beyond data theft to include potential service interruptions and safety hazards.

Meanwhile, Russia's APT28 continues leveraging compromised routers for DNS hijacking campaigns, according to new technical details from the UK's National Cyber Security Centre. The group exploits network infrastructure devices to redirect traffic and intercept communications. On the healthcare front, Brockton Hospital reported a system-wide cyberattack forcing service cancellations and patient diversions, while telehealth provider Hims & Hers disclosed customer data theft via social engineering. A new analysis from Push Security identifies browser-based attack vectors—including adversary-in-the-middle phishing, ClickFix techniques, malicious OAuth applications, and session hijacking—as the dominant methods behind current major breaches, reflecting attackers' adaptation to cloud-centric environments where traditional perimeter defenses offer limited protection.

Sources: CyberScoop · National Cyber Security Centre · WHDH · Cybersecurity Dive · BleepingComputer