Daily Threat Briefing – April 30, 2026

This urgent threat briefing details multiple critical, active threats: compromised npm packages delivering credential-stealing malware and RATs (including SAP-related and DPRK-attributed packages), a universal authentication-bypass in cPanel/WHM requiring emergency patching, Russian state-linked router exploitation to harvest Microsoft Office tokens, and tens of thousands of internet-exposed ICS/OT VNC/RDP servers; the report includes targeted remediation steps and an action checklist for immediate mitigation.