Cybersecurity Brief: April 13, 2026

Healthcare organizations continue to face escalating cyber threats, with the FBI confirming the sector topped all industries for ransomware attacks in 2025 with 460 incidents and 182 data breaches. The trend shows no signs of abating: Massachusetts-based Signature Healthcare is currently managing a significant cyberattack detected April 6th, forcing the Brockton hospital to divert ambulances and cancel services. The Anubis ransomware-as-a-service gang has claimed responsibility and alleges theft of 2 terabytes of patient data, highlighting the continued healthcare targeting as critical infrastructure remains vulnerable.

Software supply chain compromises are delivering immediate consequences across multiple vectors. CPUID's backend infrastructure was hijacked to distribute malware-laden versions of popular hardware monitoring tools CPU-Z and HWMonitor, replacing legitimate downloads with remote access trojans designed for credential theft. Meanwhile, a critical pre-authentication RCE vulnerability (CVE-2026-39987) in the Marimo Python notebook tool was exploited in the wild within 10 hours of public disclosure on April 8th. Additionally, Microsoft disclosed a severe intent redirection vulnerability in the widely-deployed EngageLab SDK that allowed malicious Android applications to bypass security sandboxing and access sensitive data in cryptocurrency wallets. Attackers are also leveraging brand impersonation, with fake Claude AI websites distributing the PlugX remote access trojan, demonstrating how threat actors quickly weaponize interest in emerging technologies.

Sources: SecurityWeek · Gov Info Security · The Hacker News · AHA · HIPAA Journal · The Register · Microsoft Security