All The Cybersecurity News You Need To Know This Month | April 2026
With cyber threats continuing to evolve, it’s vital to stay ahead of the curve. From supply-chain vulnerabilities to major breaches, here’s the key cybersecurity news you need to stay ahead this month.
Global Highlights
The UK and its allies warned that Russian military intelligence actors are hijacking vulnerable routers to support cyber operations. A new advisory from the UK’s NCSC said APT28 has been exploiting poorly maintained edge devices to enable malicious activity, including DNS hijacking and credential theft. This is a good reminder that overlooked network infrastructure can become an attacker’s launchpad.
Sweden publicly blamed a pro-Russian group for a cyberattack on energy infrastructure. Swedish officials said a district heating plant was targeted in what they described as part of a broader pattern of Russia-linked sabotage against European critical infrastructure. Even when attacks don’t cause catastrophic damage, they raise the temperature around operational technology and resilience planning.
Italy’s Uffizi Gallery was hit by a cyberattack. Reuters reported that the Florence museum was targeted in early April, though officials said no artwork or valuables were stolen. The incident is another sign that high-profile cultural institutions remain attractive targets, whether for disruption, extortion, or reputational impact.
A Russia-linked crypto exchange suspended operations after a cyberattack. Reuters reported that Grinex halted withdrawals and deposits following a cyber incident. For firms handling financial flows or digital assets, this is another reminder that cyber resilience is a matter of trust and continuity.
Governments are escalating warnings about AI-enabled cyber risk. On April 15, the UK government published an open letter urging business leaders to treat AI cyber threats as a board-level issue and to tighten core cyber hygiene. Around the same time, Reuters reported that ECB supervisors were preparing to question banks about whether advanced AI models could supercharge cyberattacks. The message is getting louder: AI risk is now part of cyber governance.
NIS2 is moving from theory to deadline. Belgium’s Cyber Security Centre said that by 18 April 2026, essential entities must be able to demonstrate that they are implementing cybersecurity risk management measures and following a recognised compliance path. For organisations in scope, this is the moment when “we’re working on it” starts sounding a lot less charming…
North American Highlights
U.S. agencies warned that Iranian-affiliated actors are targeting programmable logic controllers across critical infrastructure. A joint advisory from CISA, FBI, NSA, EPA, DOE and U.S. Cyber Command said threat actors were exploiting internet-exposed PLCs and SCADA-related devices in sectors including water, wastewater, energy, and government services. This is one of the clearest warnings this month that operational technology remains squarely in the blast radius.
CISA continued adding actively exploited flaws to its Known Exploited Vulnerabilities catalog. The agency added new vulnerabilities in mid-April based on evidence of real-world exploitation, reinforcing a now-familiar pattern: patching delays are still one of the easiest gifts organizations hand attackers.
Canada issued fresh alerts on actively exploited vulnerabilities, including Fortinet FortiClientEMS. The Canadian Centre for Cyber Security published an alert on April 7 urging IT teams to review and remediate a Fortinet flaw, alongside several other vendor advisories this month. It is a useful reminder that vulnerability management is still the least glamorous and most consistently necessary job in the building.
North American regulators are keeping cyber governance and AI controls in focus. The SEC’s cybersecurity page says fiscal year 2026 exam priorities include governance practices, data loss prevention, access controls, ransomware response, and controls tied to AI-related risks and polymorphic malware. That is a strong signal that cyber oversight is still firmly a board, disclosure, and exam issue, not just a technical one.
Cross-border law enforcement disruption of botnets remains a big issue. In March, U.S., German, and Canadian authorities said they disrupted four botnets tied to more than 3 million infected devices worldwide. It’s slightly earlier than April, but still highly relevant to this month’s risk picture: weakly secured routers, webcams, and other internet-connected devices remain easy recruits for DDoS and proxy abuse.
Canada’s threat guidance continues to underline ransomware as the most disruptive cyber threat facing organisations. The Canadian Centre for Cyber Security says ransomware incidents are rising overall and will almost certainly remain one of the most impactful cyber threats to Canadian organizations over the next two years. For North American businesses, that keeps the basics front and centre: segmentation, offline backups, MFA, asset visibility, and tested incident response.
The threat landscape is evolving fast. How organisations respond (and how quickly) will define their resilience. Staying ahead means continuously rethinking how risk is identified, managed, and embedded across your organization.