Cybersecurity Brief — April 25, 2026

CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog on Friday, affecting SimpleHelp remote support software and Samsung MagicINFO 9 digital signage platform. Federal agencies must patch these flaws by the May 2026 deadline. The addition underscores ongoing exploitation of enterprise remote access and IoT-adjacent systems, with threat actors continuing to target software commonly deployed in corporate and critical infrastructure environments.

A supply chain compromise hit Checkmarx's KICS (Keeping Infrastructure as Code Secure) project, with malicious Docker images and Visual Studio Code extensions distributed through the tool's ecosystem. The compromised components enabled data exfiltration and exposed infrastructure secrets, highlighting persistent vulnerabilities in developer toolchain security. Separately, a Discord group's breach of Anthropic's internal systems has raised concerns about AI-powered attack capabilities. The incident demonstrates that AI tools can now identify and exploit vulnerabilities faster than traditional methods, potentially narrowing the critical window organizations have to apply patches after disclosure. Meanwhile, U.S. and allied cybersecurity agencies issued warnings about China-linked threat actors employing sophisticated covert networks to conduct espionage and offensive cyber operations, indicating continued state-sponsored activity targeting sensitive systems.

Sources: The Hacker News · Fortune · The Hacker News · Industrial Cyber