In today’s Cybersecurity Daily, we break down the biggest threats shaping April 2026. A coordinated npm supply chain attack involving 36 malicious packages is targeting developers through post-install scripts, exploiting Redis and PostgreSQL to deploy persistent backdoors and steal sensitive data.

We also uncover new details behind the Axios npm hack, where attackers used a fake Microsoft Teams error to socially engineer a maintainer and inject malware into widely used packages. Meanwhile, device code phishing attacks have surged over 37x, allowing attackers to hijack sessions and bypass traditional credential-based defenses.

Plus, we analyze the European Commission cloud breach, showing how a single compromised AWS key led to multi-entity data exposure, along with critical ShareFile RCE vulnerabilities and stealthy Linux PHP web shell persistence techniques.

The key takeaway: modern cyber attacks are shifting from exploits to identity, trust, and automation abuse and defenders must adapt fast.