# Top Stories

Security researchers discovered 73 malicious extensions on OpenVSX marketplace as part of a new GlassWorm campaign, with 6 confirmed malicious extensions that turn hostile after updates. The sleeper extensions masquerade as legitimate VS Code extensions and deploy information-stealing malware once activated, targeting developers who trust the open-source extension repository.

The elementary-data Python package on PyPI with 1.1 million monthly downloads was compromised by attackers who pushed a malicious version to steal developer credentials and cryptocurrency wallets. This supply chain attack demonstrates how threat actors target high-profile open source packages to maximize the impact of their credential harvesting operations.

Home security giant ADT suffered a data breach affecting 5.5 million customers after the ShinyHunters extortion group infiltrated their systems earlier this month. The breach exposed personal information of millions of users whose homes are protected by ADT's security services, creating significant privacy and physical security risks.

Medical device manufacturer Medtronic confirmed hackers breached their corporate IT systems after threat actors claimed to have stolen 9 million patient records. The breach affects a major provider of critical medical devices including pacemakers and insulin pumps, raising concerns about both data privacy and potential impacts to medical device security.

Chinese national Xu Zewei, allegedly part of the Silk Typhoon APT group, was extradited from Italy to the US to face charges for cyberespionage operations targeting COVID-19 vaccine research and US policy interests. The case represents a rare successful extradition of a suspected Chinese state-sponsored hacker to face prosecution in American courts.

A critical OpenSSH vulnerability that allowed full root shell access remained undetected for 15 years due to a code reuse issue where comma characters in certificate principals were incorrectly interpreted as list separators. The flaw enabled privilege escalation attacks against SSH implementations across countless Unix and Linux systems worldwide.

Researchers disclosed 'PhantomRPC', an unpatched architectural weakness in Windows' Remote Procedure Call mechanism that enables privilege escalation through five different exploit paths. The vulnerability stems from how Windows handles connections to unavailable RPC services, potentially affecting millions of Windows installations.

Newly identified threat actor UNC6692 combines Microsoft Teams social engineering with AWS S3 bucket abuse and custom 'Snow' malware family (Snowbelt, Snowglaze, Snowbasin) in multipronged attacks. The group uses email bombing tactics and impersonates IT help desk workers to gain initial access before deploying their malware toolkit.

Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate platform emails, making users believe their accounts had suspicious activity. This abuse of trusted communication channels demonstrates how attackers can weaponize legitimate business processes to enhance the credibility of their phishing campaigns.

Energy and water management firm Itron, which serves utilities and cities globally, disclosed unauthorized access to its internal systems discovered on April 13. The breach affects a critical infrastructure company that provides smart metering and grid management solutions to power and water utilities worldwide.