Cyber Security & Surveillance
(Pierluigi Paganini – Security Affairs) A critical flaw in Marimo, tracked as CVE-2026-39987 (CVSS score of 9.3) was exploited just 10 hours after disclosure (On April 8, 2026). Sysdig Threat Research Team observed exploitation of the Marimo flaw within 9 hours and 41 minutes of disclosure, with credential theft completed in under 3 minutes, despite no public exploit code. Marimo is an open-source Python notebook tool used for data science, analysis, and interactive coding. The bug allows pre-authenticated remote code execution and affects versions up to 0.20.4. Version 0.23.0 addressed the issue. – CVE-2026-39987: Marimo RCE exploited in hours after disclosure
(Pierluigi Paganini – Security Affairs) ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware attack that forced it to take its website and digital services offline, disrupting access for hospitals, healthcare providers, and patients. EHR (Electronic Health Record) is a digital version of a patient’s medical history, stored and managed by healthcare providers. The company’s flagship HiX platform, widely used across the Netherlands, was impacted, with users reporting outages earlier this week. The ransomware attack occurred on April 7, and the Dutch CERT Z-CERT has been coordinating closely with the vendor and healthcare institutions. As a precaution, access to key services like Zorgportaal, HiX Mobile, and Zorgplatform was disabled, with systems now being gradually restored and new credentials issued to users. – Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium
(Pierluigi Paganini – Security Affairs) LucidRook is a new Lua-based malware used in targeted phishing attacks against NGOs and universities in Taiwan. Cisco Talos links it to a skilled group tracked as UAT-10362. In Oct 2025, attackers used password-protected email attachments to spread the malware in spear-phishing campaigns. “Cisco Talos observed a spear-phishing attack delivering LucidRook, a newly identified stager that targeted a Taiwanese NGO in October 2025. The metadata in the email suggests that it was delivered via authorized mail infrastructure, which implies potential misuse of legitimate sending capabilities.” reads the report published by Cisco Talos. “The email contained a shortened URL that leads to the download of a password protected and encrypted RAR archive. The decryption password was included in the email body. Based on this email and the collected samples, Talos observed two distinct infection chains originating from the delivered archives.”. The phishing emails came from likely legitimate infrastructure and included shortened links to password-protected RAR archives, with passwords inside the message. The archives contained fake government or security-related decoy documents to distract victims. – UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions
(Pierluigi Paganini – Security Affairs) Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at risk. Developers fixed it in version 5.2.1 after coordinated disclosure, and vulnerable apps were removed from Google Play. The good news is that no active exploitation has been confirmed, but the case highlights risks from third-party SDKs widely used in mobile apps. “As mobile wallets and other high‑value apps become more common, even small flaws in upstream libraries can impact millions of devices. These risks increase when integrations expose exported components or rely on trust assumptions that aren’t validated across app boundaries.” reads the report published by Microsoft. – EngageLab SDK flaw opens door to private data on 50M Android devices
(Pierluigi Paganini – Security Affairs) Hackers breached the largest US Bitcoin ATM operator, Bitcoin Depot, on March 23, stole login credentials, and drained about 50.9 BTC worth $3.6M from company wallets. Bitcoin Depot told the SEC that a hacker accessed its systems and stole credentials linked to its digital asset settlement accounts, gaining control and enabling unauthorized activity. – Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
Lebanon/Israel
(AFP/Al Arabiya) Lebanon’s health ministry said 10 people including three emergency workers were killed by Israeli strikes on south Lebanon on Saturday, as state media reported raids on more than a dozen locations. – Lebanon says 10 killed including three emergency workers in Israeli strikes on south
Russia/Ukraine
(RFE/RL) A 32-hour truce has come into force between Russia and Ukraine on April 11 following pledges by the presidents of both countries that their militaries would cease fire in light of Orthodox Easter. “We understand who we’re dealing with. Ukraine will maintain the cease-fire and respond in kind,” Ukrainian President Volodymyr Zelenskyy wrote earlier on the same day on Telegram. The brief pause in fighting, which was set to last until the end of April 12, followed another round of overnight Russian strikes on Ukraine and a fresh prisoner exchange between Moscow and Kyiv. – Orthodox Easter Truce Begins Between Ukraine And Russia
Syria
(AFP/Al Arabiya) Syria’s interior ministry said Saturday that five people had been arrested over a plot to attack an unidentified religious figure in Damascus, alleging the cell was linked to Lebanese militant group Hezbollah. In a statement, the ministry said security forces observed a woman as she attempted to “plant an explosive device in front of the house of a religious figure” near a church in Damascus’s Bab Touma area. – Syria says busts cell planning attack on ‘religious figure’
US
(AFP/Al Arabiya) US President Donald Trump’s administration on Friday revealed renderings for a colossal triumphal arch proposed for construction in Washington near some of the nation’s most revered monuments. At 250 feet (76.2 meters) it would pip Mexico City’s Monument to the Revolution by 30 feet, making it the largest structure of its kind in the world, and knocking Pyongyang’s Arch of Triumph to third place. – Trump administration reveals plans for massive Washington arch
US/Georgia
(Ulviyya Asadzade – RFE/RL) After nearly two years of suspended engagement under a multiyear strategic partnership, the United States has resumed high-level contact with Georgia. On March 30, US Secretary of State Marco Rubio held a phone call with Georgian Prime Minister Irakli Kobakhidze. While Tbilisi has framed the outreach as a possible “reset,” many analysts say it is too early to draw such conclusions. Still, Washington appears to have reasons to re-engage. Under President Donald Trump, US foreign policy has shown growing interest in strategic logistics corridors, and in that context Georgia’s location remains relevant, analysts say. “It suggests that Washington may still see room to influence the political and geopolitical direction of Anaklia port before it is irreversibly anchored in a Chinese-led direction,” Vakhtang Partsvania, an economics professor at Caucasus School of Business in Tbilisi, told RFE/RL. Relations deteriorated sharply after Georgia’s ruling Georgian Dream party adopted policies widely viewed in Washington as anti-democratic, including controversial legislation such as a “foreign agent” law and the use of force against protesters. In response, in November 2024, the United States suspended its multiyear strategic partnership with Georgia. Washington also imposed sanctions on Bidzina Ivanishvili, the founder of Georgian Dream, along with other officials. As Tbilisi went on to deepen its ties with China and maintain engagement with Russia, US attention increasingly shifted toward Azerbaijan and Armenia. – US Revisits Georgia’s Black Sea Port as Strategic Corridors Rise
Vatican/US
(Russell Contreras – Axios) Pope Leo XIV and President Trump are escalating a high-stakes clash over immigration and the Iran war, exposing a rare and widening divide between the Vatican and the White House. The standoff pits the Vatican’s moral authority against Washington’s political and military power as both shape global narratives on war, diplomacy and human dignity. It’s one of the sharpest public divides between a pope and a U.S. president in decades, spanning both foreign policy and domestic immigration fights. While Catholic leaders are framing the Iran war in terms of just war theory and civilian protection, Defense Secretary Pete Hegseth has infused the conflict with Christian nationalist rhetoric and a “maximum lethality” approach. – Iran war tips Trump-Pope tension over the edge
War in Iran/Middle East/Gulf and beyond
(AFP/Al Arabiya) Senior Iranian and American officials began negotiations in Pakistan on Saturday, Iranian media reported, in a bid to bring to an end the Middle East war which plunged the region into violence and sent shockwaves through the world economy. According to Iranian media reports, the Iranian delegation decided to begin talks with their US counterparts after meeting with their Pakistani host, Prime Minister Shehbaz Sharif, who also sat down with US Vice President JD Vance. The Iranian delegation is led by parliamentary speaker Mohammad Bagher Ghalibaf and Vance was accompanied by White House envoy Steve Witkoff and President Donald Trump’s son-in-law Jared Kushner. – Iran and US top officials launch negotiations in Pakistan
(AFP/Al Arabiya) Two US warships have reportedly passed through the Strait of Hormuz, the first such transit since the war with Iran began, as President Donald Trump said Saturday that the United States had started “clearing out” the strategic waterway. The US Navy guided-missile destroyers passed through the strait with no issues reported, The Wall Street Journal reported, citing three US officials. The operation was not coordinated with authorities in Tehran, US media outlet Axios said. – US warships transit Strait of Hormuz: Report
(Reuters/Al Arabiya) US President Donald Trump on Saturday posted on social media that the United States military has started to clear the Strait of Hormuz, and that all of Iran’s minelaying ships have been sunk. “We’re now starting the process of clearing out the Strait of Hormuz,” Trump wrote in a social media post, adding that “all 28” of Iran’s “mine dropper boats are also lying at the bottom of the sea.” – Trump says US forces are ‘clearing’ Strait of Hormuz
