This morning’s signal is ugly and familiar: trusted tools, exposed industrial control systems, stolen sessions, and near-instant weaponization. The one bright spot is that secure-by-default email is finally getting a little more practical on mobile.
Top line: One software supply-chain breach, one OT exposure warning, one payroll theft campaign, one developer-tool RCE exploited in under 10 hours, and one defensive win from Google.
Attackers compromised a secondary CPUID API for roughly six hours and swapped official website download links so CPU-Z and HWMonitor users were redirected to a trojanized HWiNFO installer. Researchers said the malware was multi-stage, heavily obfuscated, and likely focused on information theft. CPUID says its signed original binaries were not modified, but the trust boundary already broke, which is the part that matters.
Federal agencies warned that Iran-linked actors have been targeting Rockwell Automation and Allen-Bradley PLCs since March, causing disruption and manipulating HMI and SCADA displays. Censys then counted 5,219 exposed hosts globally, with 3,891 in the United States. That is not just a bad metric. It is a standing invitation.
Microsoft says Storm-2755 used adversary-in-the-middle Microsoft 365 phishing pages, session cookie theft, hidden inbox rules, and direct-deposit social engineering to reroute payroll for Canadian employees. The important lesson is blunt: legacy MFA does not save you when attackers steal the authenticated session.
Sysdig observed exploitation of the pre-auth Marimo remote code execution flaw within 9 hours and 41 minutes of public disclosure. The bug sat in the /terminal/ws WebSocket endpoint, which skipped authentication and handed attackers an interactive shell on exposed instances. This is the new normal: disclosure-to-exploitation windows are collapsing.
Google says Gmail end-to-end encryption is now available on Android and iOS for enterprise users, letting teams read and compose protected messages on mobile without extra tools. It does not solve identity compromise or endpoint theft, but it does reduce the usual excuse that secure email is too awkward for real workflows.
Sources tracked for this briefing: BleepingComputer, The Hacker News, and federal-agency or vendor reporting published on April 10 to April 11, 2026.
KENSAI helps teams find exposed internet-facing systems, weak identity flows, and dangerous software supply-chain gaps before they turn into incidents.
Start Free Scan →Stay sharp.
🗡️ KENSAI Security Team