Cybersecurity Summary: FIRESTARTER Attacks, LMDeploy Zero-Day Exploits, and Mythos AI Concerns - April 24, 2026

Key points

• •Since 2023, the FIRESTARTER malware has compromised federal Cisco Firepower devices, evading security patches and posing a grave supply chain threat to critical US infrastructure, with exploits continuing into 2025 and 2026.[The Hacker News RSS][Google News - Cybersecurity]
• •A severe zero-day vulnerability, CVE-2026-33626, in the LMDeploy toolkit was exploited within hours of its public disclosure in April 2026, demonstrating how threat actors rapidly target new vulnerabilities to conduct SSRF attacks and other exploits.[Reddit /r/netsec][Google News - Cybersecurity]
• •Chinese-linked cyber espionage remains a major threat, as demonstrated by attacks on NASA via spear-phishing to obtain sensitive US defense software information, as well as international advisories issued by CISA and the UK NCSC highlighting covert cyber networks used in malicious operations.[The Hacker News RSS][Google News - Cybersecurity]
• •Financial sector security incidents continue to rise, illustrated by Sri Lanka’s loss of USD 2.5 million due to a cybersecurity lapse and Canada Life's ongoing investigation into a breach that potentially affects thousands of clients, underscoring vulnerabilities in institutional cybersecurity defenses.[Google News - Cybersecurity][Google News - Cybersecurity]
• •Mobile and crypto users face significant risks from malicious apps and hardware vulnerabilities, including 26 fake crypto wallet apps found on Apple’s App Store targeting seed phrases since late 2025, and a Qualcomm Snapdragon chip flaw threatening millions of devices globally by enabling data theft.[The Hacker News RSS][Google News - Cybersecurity]
• •India has raised alerts concerning security vulnerabilities of the Anthropic Mythos AI, while additional reports reveal cybercriminal groups are exploiting AI-powered tools for hacking advancements, highlighting growing security concerns around AI technologies worldwide.[Google News - Cybersecurity][Google News - Cybersecurity][Reddit /r/netsec]
• •Cybersecurity firms are consolidating to strengthen capabilities, exemplified by Fortreum’s acquisition of a Reston-based firm and Alchemy Technology Group acquiring IOvations, reflecting ongoing industry growth to address emerging cyber threats.[Google News - Cybersecurity][Google News - Cybersecurity]
• •Governments and agencies are intensifying cybersecurity initiatives, with the US Treasury launching a digital asset industry information-sharing program, Japan forming a financial task force for AI-related cybersecurity risks, and state governments seeking enhanced DoD cybersecurity training.[Google News - Cybersecurity][Google News - Cybersecurity][Google News - Cybersecurity]

Relevant articles