[{"data":1,"prerenderedAt":162},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-12":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-12","Adobe and Chrome Zero-Days Under Active Attack as Ransomware Strikes Critical Infrastructure and Political Parties","This 24-hour period has been marked by the active exploitation of two critical zero-day vulnerabilities in Adobe Acrobat/Reader (CVE-2026-34621) and Google Chrome (CVE-2026-2441), prompting emergency patches. Ransomware remains a dominant threat, with the fast-moving Storm-1175 group deploying Medusa ransomware within 24 hours of vulnerability disclosures, the Qilin group claiming a major data breach against German political party Die Linke, and an attack disrupting a U.S. water treatment plant. Additionally, CISA has issued urgent warnings about Iranian-linked actors targeting U.S. critical infrastructure PLCs, and AI firm Anthropic has deemed its new vulnerability-finding model too dangerous for public release.","2026-04-12",8,[10,34,56,86,102,119,136,147],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":24,"createdAt":28,"updatedAt":29,"readingTime":30,"isUpdate":31,"updateSummary":32,"updateContent":33},"bfc07355-0edb-4926-b467-703d0c04c883","ransomware-attack-hits-north-dakota-water-treatment-plant","North Dakota Water Treatment Plant Hit by Ransomware, Reverts to Manual Operations","Ransomware Attack on North Dakota Water Treatment Plant Forces 16-Hour Manual Operation","high","A water treatment facility in Minot, North Dakota, serving approximately 80,000 people, was hit by a ransomware attack in March 2026. The attack compromised the plant's Supervisory Control and Data Acquisition (SCADA) system, forcing operators to shut it down and revert to manual processes for about 16 hours. City officials confirmed the incident, emphasizing that the water supply remained safe throughout. A ransomware note was found, but no specific demand was made, and no ransom was paid. The plant is currently using a backup server while a new, more secure system is prepared. The incident highlights the growing cyber threats targeting U.S. critical infrastructure.",[18,19,20,21,22,23],"ransomware","ICS","OT","SCADA","critical infrastructure","water sector",[25,26,27],"Ransomware","Industrial Control Systems","Cyberattack","2026-04-02T15:00:00.000Z","2026-04-12T12:00:00.000Z",6,true,"FBI launches investigation into Minot Water Treatment Plant ransomware attack, highlighting critical infrastructure vulnerability.","The Federal Bureau of Investigation (FBI) has initiated an investigation into the ransomware attack on the Minot Water Treatment Plant. This development underscores the national security implications of cyberattacks on critical infrastructure and the seriousness with which federal agencies are treating the incident. The attack, which disrupted automated systems and forced manual operations, is now part of a broader federal effort to combat threats to public utilities, including initiatives like 'Operation Winter Shield'.",{"id":35,"slug":36,"headline":37,"title":38,"severity":15,"excerpt":39,"tags":40,"categories":48,"createdAt":51,"updatedAt":52,"readingTime":53,"isUpdate":31,"updateSummary":54,"updateContent":55},"cfde1412-a965-479d-bbf9-600ffc076f39","hong-kong-hospital-authority-data-leak-56000-patients","Hong Kong Hospital Authority Apologizes for Data Leak Affecting 56,000 Patients","Hong Kong Hospital Authority Investigates Major Data Breach Exposing Personal and Medical Data of Over 56,000 Patients","The Hong Kong Hospital Authority (HA) is investigating a major data breach that exposed the sensitive personal and medical information of over 56,000 patients from its Kowloon East hospital cluster. The data, including HKID numbers and surgical details, was discovered on a third-party platform. While an external cyberattack has been ruled out, the breach is suspected to be linked to 'inappropriate access' by a contractor. The police and Hong Kong's privacy commissioner have launched formal investigations into the incident.",[41,42,43,44,45,46,47],"Data Breach","Healthcare","Hong Kong","Insider Threat","Contractor","PII","PHI",[41,49,50],"Regulatory","Threat Actor","2026-04-05T15:00:00.000Z","2026-04-12T00:00:00.000Z",5,"HA clarifies data leak originated from a third-party platform, not internal systems, and details patient notification process for 56,000 affected individuals.","The Hong Kong Hospital Authority (HA) has clarified that the data breach affecting 56,000 patients originated from a third-party platform, not a direct compromise of its internal networks. This shifts the suspected attack vector from an insider threat by a contractor to potential supply chain vulnerabilities, misconfigured cloud storage, or leaked credentials for the third-party service. The HA has also begun notifying affected individuals via its mobile app, letters, and phone calls, providing more details on their response efforts.",{"id":57,"slug":58,"headline":59,"title":60,"severity":15,"excerpt":61,"tags":62,"categories":69,"createdAt":71,"updatedAt":29,"readingTime":30,"cves":72,"isUpdate":31,"updateSummary":84,"updateContent":85},"8504d713-719a-4644-af0d-e4db91c16eb1","microsoft-details-high-tempo-medusa-ransomware-operations","Medusa Ransomware Group Strikes Within 24 Hours of Breach, Microsoft Warns","Storm-1175 (Medusa Ransomware) Weaponizes Zero-Days and N-Days at Unprecedented Speed","Microsoft research has uncovered the alarming operational velocity of Storm-1175, the cybercrime group deploying Medusa ransomware. The group can exploit newly disclosed N-day and even zero-day vulnerabilities to move from initial access to full ransomware deployment in as little as 24-48 hours. Targeting sectors like healthcare and education across the US, UK, and Australia, Storm-1175 leverages a wide array of vulnerabilities in web-facing assets and uses legitimate remote management tools to accelerate their attacks, putting immense pressure on defenders to patch in near real-time.",[63,64,18,65,66,67,68],"Medusa","Storm-1175","zero-day","n-day","Microsoft","rapid exploitation",[25,50,70],"Vulnerability","2026-04-06T15:00:00.000Z",[73,74,75,76,77,78,79,80,81,82,83],"CVE-2026-23760","CVE-2025-10035","CVE-2023-21529","CVE-2023-27350","CVE-2023-27351","CVE-2023-46805","CVE-2024-21887","CVE-2024-1709","CVE-2024-1708","CVE-2024-27198","CVE-2024-27199","Microsoft reports Storm-1175 now deploys Medusa ransomware in under 24 hours, further shrinking the defense window for organizations.","New intelligence from Microsoft indicates the Storm-1175 group has further accelerated its attack timeline, now capable of deploying Medusa ransomware in under 24 hours from initial access. This 'speed run' approach, down from the previously reported 24-48 hours, dramatically reduces the window for defenders to patch and respond. The group continues to rapidly weaponize N-day and zero-day vulnerabilities, posing an even greater challenge for organizations in healthcare, education, and finance across the US, UK, and Australia.",{"id":87,"slug":88,"headline":89,"title":90,"severity":15,"excerpt":91,"tags":92,"categories":99,"createdAt":71,"updatedAt":29,"readingTime":53,"isUpdate":31,"updateSummary":100,"updateContent":101},"5b361541-78a4-42fe-9277-6d3b03f8c6ae","qilin-ransomware-targets-german-political-party-die-linke","Qilin Ransomware Attacks German Party Die Linke, Threatens Data Leak","Qilin Ransomware Claims Attack on German Political Party \"Die Linke,\" Hinting at Political Motivation","The Russia-speaking Qilin ransomware group has claimed responsibility for a cyberattack against the German political party Die Linke. The attack, detected on March 26, prompted the party to shut down parts of its IT infrastructure. Qilin is now threatening to publish stolen internal documents and employee data on its dark web leak site. While the main membership database was not compromised, Die Linke has suggested the attack may be politically motivated and part of a broader hybrid warfare campaign, not just a random criminal act.",[93,18,94,95,96,97,98],"Qilin","Die Linke","Germany","political party","hybrid warfare","data leak",[25,50,27],"Die Linke confirms 1.5 TB of data stolen by Qilin ransomware, including internal communications and personal info. Data protection authorities notified.","The German political party Die Linke has confirmed that the Qilin ransomware attack resulted in the theft of approximately 1.5 terabytes of data. This stolen data includes internal communications, administrative files, and other personal information, although sensitive membership and donation databases remain secure. The party has officially notified data protection authorities and is actively collaborating with forensic specialists to thoroughly assess the full scope and impact of the breach. This update quantifies the significant scale of the data exfiltration, providing a clearer picture of the incident's severity and the ongoing response efforts.",{"id":103,"slug":104,"headline":105,"title":106,"severity":15,"excerpt":107,"tags":108,"categories":115,"createdAt":116,"updatedAt":52,"readingTime":53,"isUpdate":31,"updateSummary":117,"updateContent":118},"357555a6-5abe-40ef-8e4d-9dc344b924af","adobe-reader-zero-day-exploit-actively-steals-data","Active Zero-Day in Adobe Reader Steals Files by Abusing Privileged APIs","Unpatched Adobe Reader Zero-Day Exploit Actively Stealing Local Files via Malicious PDFs","A previously unknown zero-day vulnerability in Adobe Acrobat and Reader is being actively exploited in targeted attacks to steal data from victims' computers. The flaw, a logic bug in the application's JavaScript engine, allows a specially crafted PDF to bypass the sandbox and invoke privileged APIs. Simply opening the malicious document is enough to trigger the exploit, which can read arbitrary local files and exfiltrate them to an attacker-controlled server. Adobe has not yet released a patch, and the campaign, which uses Russian-language lures, appears to be targeting the oil and gas sector.",[109,110,111,112,113,114],"Zero-Day","Adobe","PDF","Exploit","Data Exfiltration","Sandbox Escape",[70,27,41],"2026-04-09T15:00:00.000Z","Adobe released emergency patch CVE-2026-34621 on April 12, 2026, for the actively exploited Acrobat/Reader zero-day, clarifying it as a prototype pollution flaw.","On April 12, 2026, Adobe released emergency security updates for the actively exploited zero-day vulnerability in Acrobat and Reader, now officially identified as CVE-2026-34621. The flaw, initially described as a logic bug, has been clarified as a prototype pollution vulnerability enabling arbitrary code execution. Exploitation has been confirmed since at least November 2025. The patch is available for both Windows and macOS versions, with specific build numbers provided. The CVSS score was revised from 9.6 to 8.6. This update significantly mitigates the threat for users who apply the patch immediately.",{"id":120,"slug":121,"headline":122,"title":123,"severity":124,"excerpt":125,"tags":126,"categories":131,"createdAt":133,"updatedAt":133,"readingTime":134,"isUpdate":135},"35984908-cea9-4b72-a392-849c4453d5ec","commercial-real-estate-firm-marcus-millichap-discloses-phishing-attack","Marcus & Millichap Hit by Phishing Attack, Limited Data Accessed","Commercial Real Estate Firm Marcus & Millichap Discloses Phishing Attack","medium","Marcus & Millichap, a leading commercial real estate brokerage, announced on April 12, 2026, that it recently experienced a cybersecurity incident. The company confirmed that an unauthorized party gained access to one of its systems after a successful phishing attack compromised an employee's credentials. Upon discovery, the firm initiated its incident response plan and engaged external cybersecurity experts. The investigation is ongoing, but the breach appears to be limited, with the accessed data confined to company forms, marketing materials, and general contact information. Marcus & Millichap reports that its business operations have not been disrupted.",[127,41,128,129,130],"Phishing","Marcus & Millichap","Real Estate","Credential Theft",[127,41,132],"Incident Response","2026-04-12T15:00:00.000Z",3,false,{"id":137,"slug":138,"headline":139,"title":140,"severity":15,"excerpt":141,"tags":142,"categories":146,"createdAt":133,"updatedAt":133,"readingTime":134,"isUpdate":135},"0b78a883-e135-4402-86f3-41e3237e5e7f","irish-healthcare-recruiter-healthdaq-investigating-cyber-security-incident","Irish Healthcare Recruiter Healthdaq Probes Cyber Incident with Police","Irish Healthcare Recruiter Healthdaq Investigating Cyber Security Incident","Healthdaq, a healthcare recruitment company operating in both the Republic of Ireland and Northern Ireland, has confirmed it was targeted by a 'cyber security incident' on April 11, 2026. The firm, which works closely with health and social care trusts, has reported the event to law enforcement in both jurisdictions, including the Garda National Cyber Crime Bureau in Dublin. An active criminal investigation is now underway. Healthdaq has not disclosed the nature or scope of the attack, nor has it confirmed whether sensitive data belonging to healthcare professionals or clients has been compromised.",[27,42,143,144,41,145],"Ireland","Healthdaq","Garda",[27,41,132],{"id":148,"slug":149,"headline":150,"title":151,"severity":152,"excerpt":153,"tags":154,"categories":159,"createdAt":133,"updatedAt":133,"readingTime":160,"cves":161,"isUpdate":135},"9bbd04ac-c0d8-44de-b56b-7717f6b78df1","google-chrome-vulnerability-cve-2026-2441-under-active-exploitation","Actively Exploited Chrome Zero-Day CVE-2026-2441 Prompts Emergency Google Patch","Google Chrome Vulnerability CVE-2026-2441 Under Active Exploitation","critical","Google has released an emergency security update for its Chrome browser to address a critical vulnerability, CVE-2026-2441, which is being actively exploited in the wild. The company is currently withholding technical details about the flaw to prevent wider abuse, but it is believed to be a severe issue that could permit a sandbox escape or remote code execution. The active exploitation of this zero-day vulnerability poses a significant risk to all Chrome users. Security professionals are strongly advising that all instances of the browser, on all platforms, be updated to the latest version immediately to mitigate the threat.",[155,109,156,70,157,158],"Google Chrome","CVE-2026-2441","Patch Management","RCE",[70,157,27],4,[156],1776260665950]