Threat Brief: April 10, 2026

Three new campaign to be reported this week. Key new entries this week: a DPRK-linked GitHub Actions supply chain campaign targeting healthcare CI/CD pipelines (CAMP.26.041), an active ransomware campaign by INC Ransom specifically targeting NHS and US hospital systems (CAMP.26.038), and an aloder Commvault backup server RCE zero-day (CVE-2025-34028) being actively exploited against healthcare organizations. A key observation this week is that ransomware campaigns against healthcare are on the rise again with some very active attacks observed this past week.