Cyber News Bytes: What’s Happening in Cybersecurity This Week

Before we get into this week's headlines, I want to share something I built for you.

If you have been reading these newsletters and thinking "okay, I get it, cyber is important, but how do I actually break into this field," this is your next step.

I put together a course covering 5 technical cybersecurity projects designed specifically for beginners and intermediate learners.

These are the kinds of hands-on projects that actually show up on resumes, get noticed by hiring managers, and prove you can do the work before you ever land the job.

No fluff, no theory overload, just real projects that build real skills.

Whether you are just starting out or trying to level up from where you are, this course gives you something concrete to show for your time.

Check out the 5 Technical Cybersecurity Projects Course right here.

Now, on to this week's news. →

1. Eurail Data Breach Exposes Passport Numbers of Over 300,000 Travelers

Eurail B.V. disclosed this week that 308,777 American individuals had their data stolen following a December 2025 cyberattack.

Threat actors extracted files from internal systems including AWS S3, Zendesk, and GitLab, then published a sample dataset on Telegram while attempting to sell the stolen data on dark web forums after negotiations with Eurail reportedly failed.

Why it matters: Passport numbers are not like passwords. You cannot reset them with a few clicks.

The breach also had a downstream impact on the DiscoverEU initiative, raising concerns about how third-party systems handle sensitive data in large-scale international programs.

If you have ever purchased a Eurail pass, watch closely for phishing attempts targeting your contact information.

Read more on SecurityWeek

2. Signature Healthcare Cyberattack Forces Ambulance Diversions and Chemo Cancellations

A cyberattack detected on April 6 at Signature Healthcare in Brockton, Massachusetts knocked out the hospital's electronic medical record system and forced ambulances to be redirected to other facilities.

Chemotherapy infusion services for cancer patients were canceled, retail pharmacies could not fill prescriptions, and services were gradually restored over the following days.

By April 9, dark web monitoring sites had listed Signature Healthcare as a confirmed breach victim.

Why it matters: When a hospital gets hit, patients pay the price directly.

Diverted ambulances and canceled cancer treatments are not abstract harms. They land on real people at their most vulnerable, and this attack is a hard reminder that healthcare remains one of the most targeted sectors in cybersecurity.

Read more on SecurityWeek

3. FBI and CISA Warn: Iranian Hackers Are Actively Attacking US Water, Energy, and Government Systems

Since at least March 2026, a joint advisory confirmed that an Iranian-affiliated APT group has been disrupting programmable logic controllers across U.S. critical infrastructure sectors, including government services, water and wastewater systems, and energy.

The attacks have led to diminished PLC functionality, manipulation of display data, and in some cases operational disruption and financial loss.

The FBI, CISA, NSA, and Department of Energy all signed onto the advisory, pointing to an escalation in Iranian cyber activity tied to the ongoing conflict.

Why it matters: These are not hypothetical threats. They are happening now, targeting the systems that control your water, heat, and local government.

The campaign has been linked to CyberAv3ngers, associated with Iran's IRGC, and involves manipulating project files and altering data shown on HMI and SCADA displays.

Critical infrastructure operators need to act on CISA's guidance immediately.

Read more on TechCrunch

4. Alleged Adobe Breach: 13 Million Support Tickets and Employee Records at Risk

Adobe was reported to have had 13 million support tickets containing personal information and 15,000 employee records purportedly stolen from its helpdesk system by a threat actor known as "Mr. Raccoon."

The stolen cache also reportedly includes all of Adobe's HackerOne bug bounty program submissions and internal company documents.

The attacker did not breach Adobe's core infrastructure directly. Instead, access was gained through an Indian business process outsourcing firm contracted by Adobe, a classic supply chain pivot that highlights growing risks in third-party vendor relationships.

Adobe has not officially confirmed the breach at the time of publication.

Why it matters: Your vendor is your attack surface.

Even when a company's core systems are secure, weaker controls in partner networks can become an entry point for attackers, and the idea that millions of support tickets could be exported in one go is deeply concerning.

If you have ever contacted Adobe support, treat your data as potentially exposed and watch for phishing emails referencing open support tickets.

Read more on Cybernews

This week made one thing clear: healthcare is under siege, and the attack surface keeps growing.

Stay informed, stay skeptical of unexpected communications, and hold the organizations you trust with your data to a higher standard.

- Sandra
Cyber With Sandra