Daily Digest

Microsoft's Massive April Patch Tuesday Fixes Two Zero-Days; CISA Adds Critical Fortinet Flaw to KEV

April 15, 2026

11 articles (10 new, 1 updated)

33 min read

Summary

This cybersecurity brief for April 15, 2026, covers a massive Microsoft Patch Tuesday addressing 167 vulnerabilities, including two zero-days—one actively exploited in SharePoint (CVE-2026-32201). CISA has added this flaw and a critical Fortinet SQL injection vulnerability (CVE-2026-21643) to its KEV catalog, mandating urgent patching. Other major incidents include a data leak exposing 5 million hotel guests via Chekin and Gastrodat platforms, a sophisticated adware campaign from 'Dragon Boss Solutions' risking a supply chain attack on 25,000 systems, and a data breach at Booking.com. These events highlight persistent threats from unpatched systems, third-party risk, and sophisticated malware campaigns.

Filter by Category

New Articles (10)

Microsoft's Colossal April 2026 Patch Tuesday: 167 Flaws Patched, Two Zero-Days Under Fire

CRITICAL

Microsoft's April 2026 Patch Tuesday Addresses 167 Vulnerabilities, Including Actively Exploited SharePoint Flaw and Publicly Disclosed Defender Bug

Microsoft has released one of its largest security updates ever for April 2026, patching 167 vulnerabilities across its product ecosystem. The update is critically important, as it addresses two zero-day vulnerabilities: an actively exploited spoofing flaw in SharePoint Server (CVE-2026-32201) which has been added to CISA's KEV catalog, and a publicly disclosed privilege escalation flaw in Microsoft Defender (CVE-2026-33825). The update also fixes eight critical vulnerabilities, including a near-perfect CVSS 9.8 RCE flaw in the Windows IKE Service (CVE-2026-33824), underscoring the urgent need for organizations to apply these patches immediately.

April 15, 2026

5 min read

Patch TuesdayZero-DayMicrosoftSharePointMicrosoft Defender +4 more

Microsoft's Colossal April 2026 Patch Tuesday: 167 Flaws Patched, Two Zero-Days Under Fire

Patch Management

Vulnerability

Cyberattack

Massive Hospitality Breach: 5 Million Guests' Data Exposed via Leaky Server Tied to Chekin, Gastrodat

HIGH

Unprotected Server Leaks Personal Data of 5 Million Hotel Guests from Chekin and Gastrodat Platforms

A significant data breach in the hospitality industry has exposed the personal and booking information of nearly 5 million travelers. Researchers from Cybernews discovered an unprotected server operated by an unknown threat actor, which contained 6.5GB of data harvested from Chekin, a Spanish check-in service, and Gastrodat, an Austrian hotel management provider. The data, scraped using compromised hotel accounts, includes full names, contact information, dates of birth, and detailed booking records, placing millions of individuals at high risk of targeted phishing and social engineering attacks.

April 15, 2026

3 min read

Data BreachHospitalityChekinGastrodatPII +2 more

Massive Hospitality Breach: 5 Million Guests' Data Exposed via Leaky Server Tied to Chekin, Gastrodat

Data Breach

Cloud Security

Phishing

Readiness Reality Check: 73% of CISOs Admit They Are Unprepared for a Major Cyberattack

INFORMATIONAL

Sygnia Survey Reveals Widespread Lack of Confidence in Cyber Readiness, With 73% of Security Leaders Feeling Unprepared for Major Incidents

A new report from cybersecurity firm Sygnia paints a grim picture of enterprise cyber readiness. Despite 99% of organizations having a formal incident response (IR) plan, nearly three-quarters (73%) of senior security leaders feel their organization is not adequately prepared to handle a major cyberattack. The survey of over 600 leaders points to organizational friction, lack of senior leadership involvement, and legal delays as key obstacles. With 76% of firms hit by an attack in the past year, the gap between planning and operational confidence is a critical business risk.

April 15, 2026

3 min read

CISOIncident ResponseCyber ReadinessSygniaReport +1 more

Readiness Reality Check: 73% of CISOs Admit They Are Unprepared for a Major Cyberattack

Policy and Compliance

Security Operations

Regulatory

Adware with Fangs: 25,000 Systems Exposed to $10 Supply Chain Hijack by Dragon Boss Solutions

CRITICAL

Huntress Uncovers Adware from Dragon Boss Solutions That Disabled AV and Exposed 25,000+ Systems to Trivial Supply Chain Attack

Security firm Huntress has exposed a dangerous operation where adware signed by 'Dragon Boss Solutions' went far beyond typical potentially unwanted programs (PUPs). The software, found on over 25,000 endpoints, used SYSTEM privileges to disable antivirus products and establish persistence. Critically, it used an unregistered domain for updates, `chromsterabrowser[.]com`, which could have been purchased for $10 by any attacker to push ransomware or other malware to all infected systems, including those in government, healthcare, and critical infrastructure networks. Huntress defensively registered the domain to prevent a widespread supply chain attack.

April 15, 2026

4 min read

AdwareSupply Chain AttackHuntressDragon Boss SolutionsPUP +2 more

Adware with Fangs: 25,000 Systems Exposed to $10 Supply Chain Hijack by Dragon Boss Solutions

Supply Chain Attack

Malware

Threat Intelligence

Barracuda Warns of Rapid Qilin Ransomware and Spike in Brute-Force Attacks from Middle East

HIGH

Barracuda SOC Report: 88% of Brute-Force Attacks Originate from Middle East; Qilin Ransomware Executes Attacks in Minutes

Barracuda's April 2026 SOC Threat Radar report reveals two alarming trends: a massive spike in brute-force authentication attacks against SonicWall and FortiGate devices, with 88% originating from the Middle East, and the incredible speed of the Qilin ransomware group. The report highlights that modern ransomware gangs like Qilin can compromise and disrupt an entire organization in minutes, not days. Barracuda urges organizations to strengthen remote access security with MFA and strong passwords to defend against these parallel threats.

April 15, 2026

4 min read

RansomwareQilinBarracudaBrute-ForceSonicWall +2 more

Ransomware

Threat Intelligence

Cyberattack

Black Shrantac Ransomware Targets Industrial Sector with Double Extortion and Living-off-the-Land Tactics

HIGH

Black Shrantac Ransomware Group Uses Double Extortion and Legitimate Tools to Target Industrial Environments

A new analysis from Marlink details the operations of the Black Shrantac ransomware group, a threat actor active since September 2025. The group employs a double extortion strategy, exfiltrating sensitive data before encrypting systems. They have been observed exploiting critical vulnerabilities like the PAN-OS flaw (CVE-2024-3400) for initial access and heavily rely on legitimate administrative tools and living-off-the-land (LOTL) techniques to evade detection while moving through victim networks, posing a significant risk to industrial and corporate environments.

April 15, 2026

4 min read

RansomwareBlack ShrantacDouble ExtortionLOTLLiving off the Land +3 more

Ransomware

Threat Actor

Industrial Control Systems

Springfield Hospital Data Breach Exposes Patient Info, Triggers Class-Action Lawsuit Probe

MEDIUM

Springfield Hospital Discloses Patient Data Breach After Employee Email Account Compromise, Prompting Lawsuit Investigation

Springfield Hospital in Vermont has notified patients of a data breach that occurred after an employee's email account was compromised. The incident, discovered in December 2025, exposed sensitive patient information including names, Social Security numbers, medical record numbers, and reasons for medical visits. The investigation concluded in February 2026, and notifications are now being sent to affected individuals. The breach has already attracted the attention of law firms, which are investigating the possibility of a class-action lawsuit against the hospital.

April 15, 2026

3 min read

Data BreachHealthcareHIPAASpringfield HospitalPhishing +2 more

Data Breach

Phishing

Regulatory

UK Civil Service Pension Scheme Suffers Data Breach Under Capita's Troubled Administration

MEDIUM

Capita's Administration of UK Civil Service Pension Scheme Hit by Data Breach, Exposing Members' Annual Benefit Statements

The UK's Civil Service Pension Scheme (CSPS) has suffered a data breach under the administration of outsourcer Capita. On March 30, a technical glitch on the scheme's online portal allowed 138 members to view or download the Annual Benefit Statements of other members. The incident, which Capita said lasted for 35 minutes, has been reported to the Information Commissioner's Office (ICO). This breach adds to a series of 'serious issues' and performance failures that have plagued Capita's management of the pension scheme since it took over the contract in late 2025.

April 15, 2026

3 min read

Data BreachCapitaUK GovernmentPensionsICO +2 more

Data Breach

Regulatory

Policy and Compliance

Critical Auth Bypass in nginx-ui (CVE-2026-33032) Actively Exploited for Full Nginx Takeover

CRITICAL

Critical Authentication Bypass Vulnerability (CVE-2026-33032) in nginx-ui Under Active Exploit

A critical authentication bypass vulnerability (CVSS 9.8), tracked as CVE-2026-33032, in the open-source nginx-ui management tool is being actively exploited in the wild. The flaw, codenamed 'MCPwn,' allows an unauthenticated attacker to gain complete control of the underlying Nginx service by sending requests to an improperly secured API endpoint. Successful exploitation enables attackers to modify Nginx configurations, intercept traffic, and achieve remote code execution. Users are urged to update to version 2.3.4 or later immediately.

April 15, 2026

4 min read

Vulnerabilitynginxnginx-uiCVE-2026-33032Authentication Bypass +2 more

Critical Auth Bypass in nginx-ui (CVE-2026-33032) Actively Exploited for Full Nginx Takeover

Vulnerability

Cyberattack

Mirax Android RAT Infects 220,000+ Devices via Meta Ads, Sold as Exclusive MaaS

HIGH

New 'Mirax' Android RAT Spreads via Facebook and Instagram Ads, Offered as Malware-as-a-Service

A new Android Remote Access Trojan (RAT) named Mirax is being distributed through malicious advertisements on Meta's platforms, including Facebook and Instagram, primarily targeting Spanish-speaking users. Researchers at Outpost24 report that the malware has infected over 220,000 devices. Mirax gives attackers full remote control and turns the infected device into a SOCKS5 proxy to anonymize other malicious traffic. The malware is being sold as a private, high-end Malware-as-a-Service (MaaS) on underground forums, with subscriptions starting at $2,500.

April 15, 2026

3 min read

AndroidMalwareRATMiraxMeta +3 more

Mirax Android RAT Infects 220,000+ Devices via Meta Ads, Sold as Exclusive MaaS

Malware

Mobile Security

Threat Actor

Updated Articles (1)

Booking.com Breach Exposes Traveler Data, Fueling Fears of Targeted Scams

HIGH

Booking.com Confirms Data Breach; Customer Names and Reservation Details Accessed by Unauthorized Parties

Update:

Further details have emerged regarding the Booking.com data breach. While financial data remains uncompromised, the risk of highly targeted phishing scams is emphasized with a detailed example of how attackers leverage stolen booking information to trick customers. The company continues to notify affected users and reset PINs, urging vigilance against fraudulent communications. New customer-focused mitigation advice includes using unique passwords, enabling 2FA, and extreme skepticism towards unsolicited messages. Official sources confirming the breach and its implications have also been identified.

April 14, 2026

Updated: April 15, 2026

6 min read

Data BreachBooking.comPhishingTravelSocial Engineering +1 more

Booking.com Breach Exposes Traveler Data, Fueling Fears of Targeted Scams

Data Breach

Phishing

Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats