Trending Topics Cybersecurity – April 2026

The opportunities and risks that modern AI solutions pose to the existing IT landscape became clear in April. While the German Federal Office for Information Security (BSI) warned of AI-accelerated vulnerability hunting and exploit development, the U.S. Department of Defense (Pentagon) has already classified Claude as a national risk. To address this risk, a consortium of cybersecurity organizations and experienced CISOs has developed a strategy paper that provides security leaders with practical measures for managing zero-day risks in the AI era. Meanwhile, browser manufacturer Mozilla used AI to identify and fix 271 vulnerabilities in Firefox.

At the same time, the overall cyber threat landscape remains tense. The DDoS attacks on Mastodon and Bluesky demonstrate that even decentralized social media platforms are targets of coordinated attack campaigns — with massive consequences for service availability. To counter such attacks, international law enforcement agencies, as part of Operation PowerOff, once again targeted DDoS-for-hire services and successfully shut down their infrastructure.

Availability goes beyond mere security. A sovereign infrastructure is indispensable for maintaining the stability of critical processes. The BSI has defined how such an infrastructure can be assessed in its new C3A (Criteria enabling Cloud Computing Autonomy) assessment framework. The criteria catalog is based on the EU Cloud Sovereignty Framework and comprises six dimensions for measuring the sovereignty of cloud offerings.

Top IT security topics in April:

Phishing Campaign via Signal Targets German Government Officials

According to government officials, several members of the German federal government have been spied on via the Signal messaging app; investigators are looking into whether intelligence agencies are involved. The attackers gained access to chats not through traditional hacking, but via manipulative phishing messages. The incident highlights that end-to-end encryption alone offers no protection if end devices are compromised through the disclosure of access credentials — a relevant risk for any organization with sensitive mobile communications.

BSI Concerned: New Anthropic AI Model Could Change the Cyber Landscape

The BSI sees significant potential for misuse in Anthropic’s new AI model (“Claude Mythos”) for offensive cyber operations. Government officials fear that the model’s capabilities will significantly lower the barrier to entry for complex attacks and accelerate automated vulnerability scanning and exploit development.

German Armed Forces: Hybrid Attacks Continue to Rise

Hybrid attacks on critical infrastructure in Germany and Bundeswehr troops abroad continue to rise—a noticeable increase has been recorded since at least 2022, said Vice Admiral Thomas Daum on the sidelines of the NATO exercise “Locked Shields” in Kalkar. A Bundeswehr spokesperson named Russia, China, Iran, and North Korea as the suspected main perpetrators.

Germany Leads European Ranking for Cyberattacks

According to Google Threat Intelligence, the number of data breaches and cyberattacks in Germany increased by 92 percent in 2025, while the global increase was around 50 percent — the growth rate is thus three times higher than the European average. 96 percent of all ransomware leaks in Germany occurred at organizations with fewer than 5,000 employees.

Pentagon Ban: Anthropic Sues U.S. Department of Defense

Anthropic is taking legal action against a ban on the use of its AI model Claude within the U.S. Department of Defense. The dispute centers on security and contractual issues regarding the use of generative AI in sensitive government environments. The case sets a precedent for AI governance and procurement in the security sector.

NIS 2 Implementation Far Behind Expectations: Nearly Half of Companies Are Unaware of the Directive

At the 21st BSI Security Congress, it became clear that far fewer companies are implementing the NIS 2 requirements than expected. Registration numbers on the BSI portal remain well below expectations. A BSI study from late 2025 found that nearly half of German companies were not even familiar with the term “NIS 2.”

Ryanair: IBAN Data and Legal Documents Offered for Sale on the Dark Web

An unknown attacker claims in underground forums to have gained access to Ryanair’s internal systems. The data in question primarily relates to passenger compensation and the legal department. The affected information includes full names, customer IDs, IBAN numbers, and SWIFT codes, as well as flight numbers, itineraries, and travel dates.

Cybercrime Group Blackmails Medical Technology Company: Up to 9 Million Records Reportedly Stolen

While the Medtronic Group has confirmed unauthorized access to parts of its corporate IT, the ShinyHunters group has claimed responsibility and stated that it has stolen approximately 9 million records containing personal information and internal company documents. According to Medtronic, only a limited portion of the network was affected; the systems for products, manufacturing, and hospital connections are separate from this.

France’s ID Agency ANTS Hacked: 11.7 Million Records Affected

A cyberattack struck the ANTS platform, which manages applications for passports, ID cards, residence permits, and driver’s licenses; the incident was detected on April 15, and the Ministry of the Interior has confirmed an ongoing investigation. The French government stated that the database contains approximately 11.7 million records with passport, ID card, and driver’s license data.

10 Petabytes Stolen from Chinese Supercomputing Center

A massive cyberattack on the National Supercomputing Center in Tianjin is said to have led to one of the largest data breaches in Chinese history — over 10 petabytes of sensitive data, including classified defense documents and missile schematics, were stolen. The hacker group “FlamingChina” has already offered the data for sale on darknet markets.

DDoS Wave Hits Decentralized Platforms: Mastodon and Bluesky Attacked

Within just a few days, the decentralized social media platforms Mastodon and Bluesky were crippled by sustained DDoS attacks. The hacktivist group “313 Team” claimed responsibility for the attacks. According to Bluesky, there are no indications of unauthorized access to user data.

Cybercriminals Hijack Thousands of Routers for Global Espionage Campaign

The Russian cyber group APT28 has apparently succeeded in infiltrating thousands of routers worldwide. Against this backdrop, Germany’s Federal Office for the Protection of the Constitution is warning of espionage aimed at stealing data from the military, government, and critical infrastructure. The attacks exploit vulnerabilities in various TP-Link models.

Strategy Briefing for CISOs: A Framework for Addressing Zero-Day Vulnerabilities in the AI Era

In response to the growing threat posed by AI-powered vulnerability exploitation — exemplified by models such as Anthropic’s “Claude Mythos” — the SANS Institute, the Cloud Security Alliance, “[un]prompted,” and the OWASP GenAI Security Project have published a joint strategy briefing for security leaders. The document, which has been reviewed by over 250 experienced CISOs, offers a practical framework with concrete immediate actions, diagnostic questions, and long-term defense strategies.

BSI Presents Sovereignty Criteria for Cloud Services with C3A

The BSI has published an evaluation framework titled C3A (Criteria enabling Cloud Computing Autonomy) designed to make the sovereignty of cloud offerings measurable. While the established C5 catalog focuses on security aspects, C3A addresses the question of whether a service can be operated independently in the respective use case. The criteria catalog is also based on the EU Cloud Sovereignty Framework and encompasses six dimensions, including data sovereignty, legal framework, supply chain, and technologies used.

Mozilla hardens Firefox: Claude Mythos finds 271 security vulnerabilities in a single run

As part of Project Glasswing, Mozilla gained access to Claude Mythos Preview and used it to identify 271 vulnerabilities in Firefox 150 — roughly twelve times the result of an earlier model run. In the official advisories, only three CVEs are attributed to Claude; the majority of the findings likely pertain to less severe or non-directly exploitable flaws.

ENISA Publishes NCAF 2.0 for Assessing National Cybersecurity Maturity

The EU Cybersecurity Agency ENISA has published a new version of its National Capabilities Assessment Framework (NCAF 2.0), which enables national authorities to systematically assess the implementation of their cybersecurity strategies. The framework is aligned with the current EU legal framework, in particular the NIS 2 Directive, and is intended to prepare member states for the voluntary peer review process provided for in Article 19.

BSI Updates Cloud Standard C5

The BSI has published the Cloud Computing Compliance Criteria Catalogue (C5) in its 2026 version, thereby standardizing requirements, streamlining audit processes, and integrating new technology areas. Among other things, container management, confidential computing, and post-quantum cryptography are systematically addressed for the first time; topics already included, such as supply chain management and customer segregation, have been defined more precisely.

Operation PowerOff: International Crackdown on DDoS-for-hire Platforms

As part of Operation PowerOff in mid-April 2026, law enforcement agencies from 21 countries—including Germany, the U.S., the U.K., Japan, and Australia — took coordinated action against DDoS-for-hire services. The results of the operation: 53 domains taken down, 25 searches, and four arrests. More than 75,000 identified users of the illegal services received warning letters; over three million user accounts had been identified in advance in seized databases.

What is the Cyber Resilience Act (CRA)?

The Cyber Resilience Act (CRA) is an EU regulation that, for the first time, establishes binding cybersecurity requirements covering the entire lifecycle of hardware and software products. The aim is to make it easier for businesses and consumers in the EU to consider cybersecurity as a factor when selecting and using products.