SANS Internet Storm Center Stormcast Covers Multiple Cybersecurity Incidents Including Supply Chain Attacks and Critical Vulnerabilities

The April 28, 2026, SANS Internet Storm Center Stormcast covered multiple cybersecurity incidents and vulnerabilities. A supply chain attack linked to Checkmarx, initially reported on March 23, 2026, resulted in the leak of its entire GitHub repository, though the severity and presence of secrets remain unconfirmed. Security firm Socket.dev identified 73 malicious OpenVSX extensions tied to the credential-stealing platform "class form," posing risks to developers. Researcher Yakob Wolf Heckle disclosed 89 vulnerabilities in Citrix XenServer's XAPI, some dating back to the platform's inception, with no patches available due to Citrix's prior handling of researcher reports. Kaspersky revealed a Windows RPC privilege escalation flaw dubbed "Phantom RPC," where attackers exploit non-existent RPC services to execute code as another user, highlighting backward compatibility challenges for Microsoft. Additional vulnerabilities in Pi-hole and a Linux bridge escalation flaw were mentioned but not detailed. The episode emphasized the ongoing risks of unpatched systems and supply chain attacks.