Executive Summary Publication Date: April 2026 Google has taken a pioneering step in mobile device security by integrating a Rust-based DNS parser into the modem firmware of the Pixel 10 series. This move addresses longstanding vulnerabilities in cellular baseband software, which has historically been a target for sophisticated attackers. By leveraging the memory safety guarantees of Rust , Google aims to significantly reduce the risk of remote code execution and buffer ov

Executive Summary The April 2026 edition of Patch Tuesday represents a watershed moment in enterprise cybersecurity, with Microsoft addressing a record-breaking 167 vulnerabilities across its ecosystem. This release is distinguished by the presence of 11 Critical-rated vulnerabilities and 2 actively exploited zero-days , both of which have been publicly disclosed and are under active investigation by the global security community. The urgency of this cycle is further ampli

Executive Summary On April 14, 2026, McGraw-Hill publicly confirmed a data breach following an extortion threat from the ShinyHunters group. The breach was traced to a misconfiguration in the company’s Salesforce environment, which allowed unauthorized access to internal data hosted on Salesforce web resources. According to McGraw-Hill , the breach did not impact its Salesforce accounts, customer databases, or internal systems, and the exposed data was described as limited

Executive Summary Between April 9 and April 10, 2026, the official website of CPUID , the developer of widely used system utilities HWMonitor and CPU-Z , was compromised through a supply chain attack. Attackers gained access to a secondary API, allowing them to alter download links on the official site for approximately six hours. During this window, users attempting to download HWMonitor , CPU-Z , and related tools were redirected to attacker-controlled Cloudflare R2 storag

Executive Summary Adobe has released urgent security patches to address a critical vulnerability, CVE-2026-34621 , affecting Adobe Acrobat and Adobe Acrobat Reader on both Windows and macOS platforms. This flaw, classified as a prototype pollution vulnerability in the embedded JavaScript engine, enables attackers to execute arbitrary code when a user opens a specially crafted PDF file. The vulnerability has been actively exploited in the wild since late 2025, with threat a

Executive Summary On March 12, 2026, Intuitive Surgical , a leading provider of robotic surgery systems, publicly disclosed a cybersecurity incident involving unauthorized access to its internal administrative network. The breach was initiated through a phishing attack that resulted in the compromise of an employee’s credentials. As a result, an unauthorized third party accessed customer business and contact information, as well as employee and corporate records. There is no

Executive Summary Recent discoveries have revealed critical vulnerabilities in Amazon Bedrock , LangSmith , and SGLang - three prominent AI platforms - enabling data exfiltration and remote code execution (RCE). These flaws affect both cloud-based and self-hosted deployments, with some remaining unpatched as of this report. Attackers can exploit these weaknesses to bypass network isolation, hijack user accounts, and execute arbitrary code on backend servers. The vulnerabilit

Executive Summary A critical, unpatched vulnerability - CVE-2026-32746 - has been identified in the GNU InetUtils telnetd daemon, affecting all versions up to and including 2.7. This flaw enables unauthenticated remote attackers to achieve root-level remote code execution (RCE) by sending a specially crafted Telnet protocol message to port 23, before any authentication occurs. The vulnerability is trivial to exploit, requires no credentials or user interaction, and is curre

Executive Summary On March 16–17, 2026, the Council of the European Union imposed sanctions on three companies— Integrity Technology Group and Anxun Information Technology (both based in China), and Emennet Pasargad (based in Iran)—as well as two individuals, for their roles in cyberattacks targeting EU member states and critical infrastructure. The sanctioned entities are linked to large-scale device compromises, influence operations, and data breaches affecting sectors s

Executive Summary A highly sophisticated supply chain attack, attributed to the GlassWorm threat actor and tracked as the ForceMemo campaign, is actively targeting the Python open-source ecosystem by leveraging stolen GitHub tokens to force-push obfuscated malware into legitimate Python repositories. The attack chain begins with the compromise of developer workstations via malicious VS Code and Cursor extensions, which exfiltrate authentication tokens and credentials. Us

Executive Summary The Warlock ransomware group has emerged as a formidable threat actor, demonstrating a rapid evolution in its post-exploitation arsenal and operational sophistication. Leveraging advanced techniques such as Bring Your Own Vulnerable Driver (BYOVD), exploitation of unpatched Microsoft SharePoint and SmarterMail servers, and highly effective credential theft and lateral movement strategies, Warlock has successfully targeted organizations across government,

Executive Summary The emergence of the LeakNet ransomware campaign marks a significant escalation in the sophistication of ransomware operations targeting enterprise environments. This campaign leverages the ClickFix social engineering technique to gain initial access via compromised legitimate websites, coercing users into executing malicious scripts under the guise of security verifications. The attackers then deploy a custom in-memory loader built on the Deno JavaScript

Executive Summary A recent campaign orchestrated by the North Korean advanced persistent threat group Konni has demonstrated a significant escalation in the use of multi-stage malware delivery and lateral propagation techniques. The operation leverages highly targeted spear-phishing emails to deliver the EndRAT (EndClient Remote Access Trojan) payload, exploiting the KakaoTalk desktop application as a propagation vector. This campaign is notable for its abuse of trusted so

Executive Summary Apple has released urgent security updates to address a critical WebKit vulnerability, CVE-2025-14174 , which enables attackers to bypass the Same-Origin Policy (SOP) on iOS and macOS devices. This vulnerability affects all Apple devices capable of rendering web content, including Safari and all browsers on iOS/iPadOS , due to the mandatory use of WebKit as the rendering engine. The flaw is also present in Google Chrome and Microsoft Edge because of

Executive Summary Starbucks has disclosed a data breach impacting 889 employees after attackers gained unauthorized access to internal HR accounts through credential-harvesting phishing attacks. The breach, detected on February 6, 2026, involved threat actors impersonating the Starbucks Partner Central portal to obtain employee login credentials. The attackers maintained access to affected accounts between January 19 and February 11, 2026, exposing sensitive personal and fin

Executive Summary A critical authentication bypass vulnerability, identified as CVE-2026-23813 , has been discovered in HPE Aruba Networking AOS-CX , the network operating system that powers the Aruba CX-series campus and data center switches. This vulnerability allows unauthenticated remote attackers to reset administrator passwords through the web-based management interface, potentially granting full administrative control over affected devices. While there is currently no

Executive Summary On March 12-13, 2026, Poland’s National Centre for Nuclear Research ( NCBJ ) was the target of a cyberattack aimed at its IT infrastructure. The attack was detected and blocked by internal security systems before any operational impact or data compromise occurred. All safety and research systems, including the MARIA research reactor, continued to function normally throughout the incident. The event triggered a coordinated response involving national cyberse

Executive Summary The GlassWorm supply-chain attack represents a critical escalation in the threat landscape targeting developer ecosystems. Since late January 2026, threat actors have abused at least 72 Open VSX extensions, leveraging transitive dependencies and extension packs to propagate sophisticated malware. This campaign is characterized by its technical complexity, stealthy delivery mechanisms, and broad impact, with over 9 million installs of malicious extensions r

Executive Summary A newly identified banking malware, VENON , written in the Rust programming language, is actively targeting 33 Brazilian banks and digital asset platforms. This malware represents a significant technical leap from the traditional Delphi-based Latin American banking trojans, leveraging advanced evasion techniques, credential-stealing overlays, and shortcut hijacking to compromise victims and exfiltrate sensitive banking credentials. The campaign is notable fo

Executive Summary Iran-linked Advanced Persistent Threat (APT) groups, most notably those affiliated with the Islamic Revolutionary Guard Corps (IRGC) and operating under the CyberAv3ngers persona, have intensified cyber operations targeting the United States and allied nations amid ongoing geopolitical tensions and regional conflict. These campaigns have focused on critical infrastructure sectors, particularly water and wastewater systems, energy, transportation, and healt