Sign up to save your podcasts
Or
Share The Lights Went Dark at the Utility
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Lights Went Dark at the Utility
A global utility infrastructure vendor disclosed unauthorized access to its corporate IT systems via SEC 8-K filing, creating potential supply chain exposure for electricity, gas, and water utilities running its smart metering and grid management products. A new threat group (UNC6692) is deploying the three-component Snow malware suite — Snowbelt browser extension, Snowglaze tunneler, and Snowbasin backdoor — for deep persistent access via social engineering. Four new KEV additions include a CVSS 9.9 privilege escalation in SimpleHelp remote support software used by managed service providers. A second medical device company disclosed a breach, confirming the sector as a target category. Firefox 150 and Tor 15.0.10 patch CVE-2026-6770 in the shared browser engine.
Links & Resources- ttps://www.securityweek.com/itron-8k-sec-filing-unauthorized-access/
- https://www.bleepingcomputer.com/news/security/unc6692-snow-malware-suite-browser-tunneler-backdoor/
- https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-simplehelp-samsung-dlink.html
- https://www.bleepingcomputer.com/news/security/medtronic-breach-corporate-it-systems/
- https://www.securityweek.com/firefox-150-tor-15-cve-2026-6770/
- https://www.cybermaterial.com/p/cyber-briefing-20260427
- https://www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
View all episodes
By Tushar VartakA global utility infrastructure vendor disclosed unauthorized access to its corporate IT systems via SEC 8-K filing, creating potential supply chain exposure for electricity, gas, and water utilities running its smart metering and grid management products. A new threat group (UNC6692) is deploying the three-component Snow malware suite — Snowbelt browser extension, Snowglaze tunneler, and Snowbasin backdoor — for deep persistent access via social engineering. Four new KEV additions include a CVSS 9.9 privilege escalation in SimpleHelp remote support software used by managed service providers. A second medical device company disclosed a breach, confirming the sector as a target category. Firefox 150 and Tor 15.0.10 patch CVE-2026-6770 in the shared browser engine.
Links & Resources- ttps://www.securityweek.com/itron-8k-sec-filing-unauthorized-access/
- https://www.bleepingcomputer.com/news/security/unc6692-snow-malware-suite-browser-tunneler-backdoor/
- https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-simplehelp-samsung-dlink.html
- https://www.bleepingcomputer.com/news/security/medtronic-breach-corporate-it-systems/
- https://www.securityweek.com/firefox-150-tor-15-cve-2026-6770/
- https://www.cybermaterial.com/p/cyber-briefing-20260427
- https://www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog