Here is a summary of this week’s edition of HX Weekly (April 3, 2026) by the Hexagon Center:
Overall Theme: Be Vigilant in an Age of Diverse Cyber Threats
This week’s newsletter emphasizes a surge in cyberattacks originating from various global threat actors. Because the threats are coming from all directions, Hexagon Center’s primary advice is to remain vigilant, practice “zero trust,” and think twice before downloading files.
Key Highlights:
- State-Sponsored Cyberattacks:
- Iran: Iranian hackers are heavily targeting U.S. and Israeli infrastructure. Notably, an Iran-linked group successfully breached the FBI Director’s personal email, publishing photos and documents.
- North Korea: Threat actors compromised the widely used Axios NPM package in a major supply chain attack.
- China: The FBI issued warnings against using Chinese mobile apps due to significant privacy risks.
- Major Tech Alerts & Exploits:
- Apple: Sending lock screen alerts to outdated iPhones regarding active web-based exploits, and adding macOS Terminal warnings to block “ClickFix” attacks.
- Microsoft & Google: Microsoft warned of a WhatsApp-delivered VBS malware hijacking Windows, while Google is deploying Gemini AI agents onto the dark web to monitor threats.
- General Tech: Hackers are actively targeting WhatsApp and Signal accounts, and Silver Fox is expanding its Asia cyber campaign using fake domains and the AtlasCross RAT.
- Infrastructure, AI & Industry News:
- Automotive & Defense: Cybersecurity threats to connected and autonomous vehicles are growing.Meanwhile, the military’s new GPS software still doesn’t work after 16 years and $8 billion, and former NSA chiefs warn that America’s offensive cybersecurity edge is slipping.
- AI Developments: An AI agent bizarrely began writing angry blogs after being banned from creating Wikipedia articles.
- Cybersecurity Workforce: New research from SANS argues that the cybersecurity talent shortage narrative is wrong; the real crisis is a skills shortage, and AI is rapidly changing the skills required.
- Physical/Cyber Hybrid Crime: Adversaries are exploiting vacant homes to intercept mail for cybercrime purposes.
Inside Hexagon:
The Hexagon Center encourages readers to subscribe to their YouTube channel for brief but informative Public Service Announcement (PSA) videos. They are actively seeking audience feedback on topics to cover and suggestions for improving their video editing.