In this week’s weekly roundup, The Cyber Express summarizes key cybersecurity news across state-sponsored attacks, crypto ecosystem breaches, regulatory gaps, and mobile data exposure risks.
State-linked groups are focusing on internet infrastructure like routers and DNS for interception and credential theft, while crypto-related actors are exploiting weaknesses in decentralized finance systems and governance layers. Regulatory uncertainty in areas such as online content detection further complicates response efforts.
The Cyber Express weekly roundup also notes that even secure messaging systems can leave residual data on devices through OS-level features like notification storage.
The Cyber Express Weekly Roundup
APT28 DNS Hijacking Campaign Disrupted
APT28, a Russian-linked threat group, has been exploiting vulnerable routers to carry out DNS hijacking and adversary-in-the-middle (AITM) attacks. These operations were primarily aimed at intercepting traffic and stealing credentials, with a particular focus on email platforms such as Microsoft Outlook. Read more…
EU CSAM Legal Gap Raises New Concerns
The expiration of the EU’s temporary 2021 regulatory framework on April 3, 2026, has created uncertainty around how technology companies can detect and report Child Sexual Abuse Material (CSAM). The framework previously allowed platforms to voluntarily scan private communications using techniques such as hash-matching, a method widely considered essential by investigators for identifying illegal content and tracking offenders. Read more…
$285M Drift Protocol Hack Shakes Cybersecurity Landscape
In a major cryptocurrency-related incident, attackers successfully stole $285 million from Drift Protocol on April 1, 2026. Drift Protocol, the largest decentralized perpetual futures exchange on Solana, reportedly lost over half of its total value within just 12 minutes of the breach. Read more…
FBI Finds Deleted Signal Data Can Persist in iPhone Systems
A notable finding in this weekly roundup comes from an FBI investigation related to the Prairieland ICE Detention Facility case in Texas. Investigators discovered that deleted Signal messages may still be partially recoverable from iPhones. Importantly, this is not a failure of Signal’s encryption. Instead, the issue stems from how iOS handles notification previews. Read more…
Treasury Launches Digital Asset Cybersecurity Initiative
The U.S. Department of the Treasury has launched a Digital Asset Cybersecurity Initiative through its Office of Cybersecurity and Critical Infrastructure Protection (OCCIP). The initiative is designed to strengthen cybersecurity defenses across the cryptocurrency ecosystem. Read more…
Weekly Takeaway
This weekly roundup highlights a rapidly diversifying threat landscape, ranging from state-sponsored DNS hijacking campaigns and multimillion-dollar crypto thefts to regulatory uncertainty and mobile data persistence risks. Across all incidents, a consistent pattern emerges; attackers are blending technical exploitation with social engineering, infrastructure compromise, and long-term strategic planning.
