In today’s Cybersecurity Alert, we unpack the most critical threats emerging in April 2026. A groundbreaking GPUBreach attack demonstrates how GPU Rowhammer techniques can escalate into full system compromise even bypassing traditional protections like IOMMU—raising serious concerns for AI infrastructure and cloud environments.

We also examine Microsoft’s warning on Storm-1175, a fast-moving threat group deploying Medusa ransomware within hours of exploiting new vulnerabilities across enterprise systems. Meanwhile, attackers are actively targeting the Flowise AI platform with a CVSS 10.0 RCE flaw, exposing thousands of internet-facing instances.

On the geopolitical front, we cover an Iran-linked password spraying campaign targeting Microsoft 365 tenants and DPRK actors abusing GitHub as command-and-control infrastructure. Plus, new developments in ransomware attribution as authorities identify key figures behind REvil and GandCrab.

The key takeaway: attackers are accelerating faster than patch cycles—leveraging hardware, identity, and AI systems as new attack surfaces.