Executive Summary A sophisticated and persistent ransomware campaign has been targeting Turkish home users and small-to-medium businesses (SMBs) for at least six years, leveraging a strain identified as JanaWare . This campaign is distinguished by its exclusive focus on Turkish victims, achieved through rigorous geofencing and language checks, and by its use of advanced evasion techniques. The attackers employ low ransom demands, typically ranging from $200 to $400 USD, and u

Executive Summary Since October 2025, cybercriminals have been actively exploiting the webhook functionality of the n8n workflow automation platform to deliver malware and conduct advanced phishing campaigns. By leveraging the trusted cloud infrastructure of n8n , attackers have been able to bypass traditional email security controls, automate malicious payload delivery, and perform device fingerprinting on victims. This abuse has resulted in a dramatic increase in phishing

Executive Summary A critical authentication bypass vulnerability, tracked as CVE-2024-3273 , has been discovered in the Nginx UI web management interface. This flaw is now being actively exploited in the wild, enabling unauthenticated remote attackers to gain administrative access to Nginx UI instances. The vulnerability arises from an unprotected endpoint that allows attackers to execute privileged actions without authentication, leading to full server compromise, configur

Executive Summary Between April 2026 and the time of this report, a coordinated campaign involving over 100 malicious Chrome extensions has been identified in the official Chrome Web Store . These extensions, published under five distinct developer identities, have collectively amassed approximately 20,000 installations. The extensions target a broad user base by masquerading as legitimate tools, including gaming applications, social media utilities, and translation services

Executive Summary A critical supply chain compromise has impacted the EssentialPlugin suite of WordPress plugins, resulting in the deployment of malware to thousands of websites. Following the acquisition of EssentialPlugin in August/September 2025, a malicious actor introduced a dormant backdoor into over 30 plugins, which remained inactive until April 2026. Upon activation, the backdoor enabled arbitrary file writes and malware injection, leading to the creation of spam p

Executive Summary CVE-2026-33032 is a critical, actively exploited authentication bypass vulnerability in the nginx-ui web interface for Nginx . This flaw enables unauthenticated remote attackers to gain full control over the underlying Nginx server, including the ability to modify configuration files, restart services, and intercept or disrupt traffic. Public proof-of-concept code is available, and thousands of vulnerable instances have been identified in the wild. The vu

Executive Summary A new and highly sophisticated malware strain, AgingFly , has been identified as the primary tool in a wave of cyberattacks targeting Ukrainian government agencies and hospitals. These attacks, attributed to the threat cluster UAC-0247 , leverage advanced social engineering, multi-stage payload delivery, and custom malware to achieve persistent access, data exfiltration, and operational disruption. The campaign, active since at least March 2026, demonstrates

Executive Summary A sophisticated and widespread cyber campaign has been identified in which digitally signed software, distributed by Dragon Boss Solutions LLC , is being abused to deploy scripts that systematically disable antivirus (AV) protections on thousands of endpoints worldwide. This campaign leverages the trust inherent in code-signing certificates and the capabilities of commercial installer frameworks to escalate privileges, evade detection, and persistently remov

Executive Summary April 2026’s Patch Tuesday has introduced a critical wave of security updates from leading vendors including SAP , Adobe , Microsoft , and Fortinet . This month’s coordinated patch release addresses multiple high-severity vulnerabilities, several of which are already being actively exploited in the wild. The vulnerabilities span a range of attack vectors, including SQL injection, remote code execution, authentication bypass, and sensitive data exposure. Orga

Executive Summary Publication Date: April 14, 2026 OpenAI has unveiled GPT-5.4-Cyber , a specialized variant of its GPT-5.4 large language model, designed exclusively for vetted security professionals and organizations. This release, part of the Trusted Access for Cyber program, marks a significant evolution in the application of artificial intelligence to defensive cybersecurity. By lowering refusal boundaries and introducing advanced capabilities such as binary reverse e

Executive Summary Publication Date: April 2026 Microsoft has announced a $10 billion investment in Japan, spanning from 2026 to 2029, with the goal of accelerating the nation’s artificial intelligence ( AI ) infrastructure, strengthening cybersecurity, and developing local talent. This initiative, structured around the pillars of Technology, Trust, and Talent, is designed to support both public and private sector digital transformation. The following report provides a compre

Executive Summary Publication Date: April 2026 Google has taken a pioneering step in mobile device security by integrating a Rust-based DNS parser into the modem firmware of the Pixel 10 series. This move addresses longstanding vulnerabilities in cellular baseband software, which has historically been a target for sophisticated attackers. By leveraging the memory safety guarantees of Rust , Google aims to significantly reduce the risk of remote code execution and buffer ov

Executive Summary The April 2026 edition of Patch Tuesday represents a watershed moment in enterprise cybersecurity, with Microsoft addressing a record-breaking 167 vulnerabilities across its ecosystem. This release is distinguished by the presence of 11 Critical-rated vulnerabilities and 2 actively exploited zero-days , both of which have been publicly disclosed and are under active investigation by the global security community. The urgency of this cycle is further ampli

Executive Summary On April 14, 2026, McGraw-Hill publicly confirmed a data breach following an extortion threat from the ShinyHunters group. The breach was traced to a misconfiguration in the company’s Salesforce environment, which allowed unauthorized access to internal data hosted on Salesforce web resources. According to McGraw-Hill , the breach did not impact its Salesforce accounts, customer databases, or internal systems, and the exposed data was described as limited

Executive Summary Between April 9 and April 10, 2026, the official website of CPUID , the developer of widely used system utilities HWMonitor and CPU-Z , was compromised through a supply chain attack. Attackers gained access to a secondary API, allowing them to alter download links on the official site for approximately six hours. During this window, users attempting to download HWMonitor , CPU-Z , and related tools were redirected to attacker-controlled Cloudflare R2 storag

Executive Summary Adobe has released urgent security patches to address a critical vulnerability, CVE-2026-34621 , affecting Adobe Acrobat and Adobe Acrobat Reader on both Windows and macOS platforms. This flaw, classified as a prototype pollution vulnerability in the embedded JavaScript engine, enables attackers to execute arbitrary code when a user opens a specially crafted PDF file. The vulnerability has been actively exploited in the wild since late 2025, with threat a

Executive Summary Between February 4 and February 7, 2026, Hims & Hers experienced a data breach that exposed sensitive customer support data, including full names, email addresses, phone numbers, physical mailing addresses, order-related information, and general correspondence contained within support tickets. The breach was discovered on February 5, 2026, and was executed via a social engineering attack that compromised an employee’s Okta Single Sign-On (SSO) credentials,

Executive Summary Nearly 4,000 industrial control devices in the United States, primarily Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) , have been exposed to and targeted by Iranian state-backed cyberattacks since March 2026. These attacks have resulted in operational disruptions, forced manual operation at affected sites, and financial losses. The threat actors, attributed to Iranian advanced persistent threat (APT) groups affiliated with the Islam

Executive Summary Critical vulnerabilities have been identified in Orthanc , the widely adopted open-source DICOM server used for medical imaging workflows across healthcare and research environments. These vulnerabilities, present in all versions up to and including 1.12.10 , enable attackers to crash servers, exhaust system memory, leak sensitive information, and in certain scenarios, achieve remote code execution (RCE). The root causes include unsafe arithmetic operations,

Executive Summary Between April 9 and April 10, 2026, the official website of CPUID , the vendor behind the widely used CPU-Z and HWMonitor utilities, was compromised for approximately six hours. Attackers gained access to a secondary backend API, altering download links on the site to serve a trojanized installer instead of legitimate binaries. The malicious file, masquerading as a legitimate hardware monitoring tool, was designed to steal browser credentials and potential