BuzzSec

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.'s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and from The Hacker News https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html

The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws. "For years, NASA employees from The Hacker News https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets," Kaspersky from The Hacker News https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html

It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to track the ship for about a day, watching it sail from Heraklion, Crete, before it turned towards Cyprus. While it only showed the location of that one vessel, knowing that it was part of a carrier strike group sailing in the Mediterranean could potentially put the entire fleet at risk. […] Navy officials reported that the tracker was discovered within 24 hours of the ship’s arrival, during mail sorting, and was eventually disabled. Because of this incident, the Dutch authorities now ban electronic greeting cards, which, unlike packages, weren’t x-rayed before being brought on the ship. from Schneier on Security https://www.schneier.com/blog/archives/2026/04/hiding-bluetooth-trackers-in-mail.html

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka from The Hacker News https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html

The first timeline of April 2026 brings an evolution in terms of methodology: from now on I will map the initial access techniques with the MITRE ATT&CK model. I also decided to merge the categories of Finance and Fintech in the sectors chart. From an event perspective, the first half of April 2026 confirmed a sustained trend... from HACKMAGEDDON https://www.hackmageddon.com/2026/04/24/1-15-april-2026-cyber-attacks-timeline/