Daily Threat Briefing – April 28, 2026

This intelligence briefing warns of multiple critical, actively exploited threats: a large supply‑chain campaign (GlassWorm v2) distributing info‑stealing malware through 73 malicious VS Code extensions, Russian state‑sponsored campaigns harvesting Microsoft Office authentication tokens via router exploits, an unpatched PhantomRPC Windows privilege‑escalation affecting many systems, and a Checkmarx GitHub data exposure — alongside ongoing Scattered Spider social‑engineering operations — and provides urgent mitigation actions for developer tool security, patching, access controls, and credential rotation.