Cybersecurity Brief – April 10, 2026

Critical Infrastructure Under Active Attack

Federal agencies are warning of ongoing cyberattacks targeting internet-connected programmable logic controllers (PLCs) in US critical infrastructure. Attackers are exploiting weak configurations and exposed industrial control systems to gain initial access, with potential to escalate toward operational disruption. The threat underscores persistent vulnerabilities in operational technology environments where internet-facing assets remain inadequately secured. Separately, CISA has added a second critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild. Organizations running Ivanti EPMM should prioritize patching immediately.

Healthcare Ransomware and Geopolitical Threats

Dutch healthcare software vendor ChipSoft has been hit by a ransomware attack, forcing the company to take its website and digital services offline. The incident affects patient portals and healthcare provider access, highlighting the healthcare sector's continued appeal to ransomware operators. Meanwhile, Iran-linked hacking groups say a fragile ceasefire between Iran and the US won't stop their cyber operations. The Handala group has announced only a temporary pause in attacks, with cybersecurity experts warning of likely future disruptions to critical infrastructure as geopolitical tensions persist.

Policy Development

The US Treasury Department is extending cybersecurity threat intelligence sharing to the digital asset industry, giving eligible cryptocurrency firms and organizations access to the same information regularly provided to traditional financial institutions. The initiative aims to strengthen defenses across an increasingly targeted sector.

Sources: Cybersecurity Dive · PBS NewsHour · BleepingComputer · Industrial Cyber · Finextra