Eurail breached and more - Apr 12, 2026

Weekly Roundup

Apr 12

Written By RF Wave

Featured

Eurail confirmed a December 26, 2025 breach

The breach affect 308,777 individuals, with stolen data including passport details, IBANs, health information, and contact records

This Week’s Updates

Breaches

Bitcoin Depot confirmed via SEC filing that an unauthorized party accessed its corporate systems on March 23 and stole approximately 50.9 BTC ($3.665M)

Dutch healthcare software vendor ChipSoft was hit by ransomware, taking its website and digital services offline and causing confirmed disruptions at hospitals across the Netherlands and Belgium

CPUID confirmed a ~19-hour compromise of its update infrastructure that pushed STX RAT infostealer malware to 150+ users through CPU-Z, HWMonitor, and two other tools between April 9–10

Vulnerabilities

Ivanti confirmed and patched a critical code-injection RCE flaw (CVE-2026-1340) in Endpoint Manager Mobile, actively exploited in zero-day attacks

Apache confirmed and patched a 13 -year-old RCE vulnerability (CVE-2026-34197, CVSS 8.8) in ActiveMQ Classic, now fixed in versions 5.19.4 and 6.2.3

vulnerabilitydata breachEurailIvantiApacheSmart SliderBitcoin DepotChipSoftCPUID

RF Wave

Microsoft Released April 2026 Software Updates

CareCloud breached and more - Apr 5, 2026