SYSTEM LOG // April 22, 2026
Today's Threat Intel — April 22, 2026
Three stories are worth your attention this morning. First, a new ransomware operation called Kyber is hitting Windows machines and VMware ESXi endpoints, and it's doing something we haven't seen before at scale: one variant is using Kyber1024 post-quantum encryption, which means traditional decryption tools are going to be useless against it. Second, a Mirai-based malware campaign is actively exploiting a high-severity command-injection vulnerability in D-Link DIR-823X routers, pulling compromised home and small business devices into a growing botnet. If you or anyone on your team is running one of those routers, patch it now or pull it off the network. Third, a new supply chain attack targeting the npm ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. If you're writing code that touches npm packages, audit your dependencies today.
The common thread across all three? Attackers are moving faster, getting more creative with encryption, and going after infrastructure that most people forget to secure: routers, package registries, and virtualization hosts. The perimeter is everywhere now. Stay patched, stay skeptical, and maybe pour yourself another cup before you dig into those logs. You're going to need it.