[{"data":1,"prerenderedAt":204},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-15":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-15","Microsoft's Massive April Patch Tuesday Fixes Two Zero-Days; CISA Adds Critical Fortinet Flaw to KEV","This cybersecurity brief for April 15, 2026, covers a massive Microsoft Patch Tuesday addressing 167 vulnerabilities, including two zero-days—one actively exploited in SharePoint (CVE-2026-32201). CISA has added this flaw and a critical Fortinet SQL injection vulnerability (CVE-2026-21643) to its KEV catalog, mandating urgent patching. Other major incidents include a data leak exposing 5 million hotel guests via Chekin and Gastrodat platforms, a sophisticated adware campaign from 'Dragon Boss Solutions' risking a supply chain attack on 25,000 systems, and a data breach at Booking.com. These events highlight persistent threats from unpatched systems, third-party risk, and sophisticated malware campaigns.","2026-04-15",11,[10,32,64,78,96,114,129,147,160,174,188],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":24,"createdAt":26,"updatedAt":27,"readingTime":28,"isUpdate":29,"updateSummary":30,"updateContent":31},"d6646a5c-c061-4e17-9c8b-5a120034501b","booking-com-confirms-data-breach-exposing-customer-reservation-details","Booking.com Breach Exposes Traveler Data, Fueling Fears of Targeted Scams","Booking.com Confirms Data Breach; Customer Names and Reservation Details Accessed by Unauthorized Parties","high","Global travel giant Booking.com has confirmed a data breach that exposed sensitive customer booking information. Unauthorized third parties gained access to data including customer names, contact details, and specific reservation details. While the company states financial data was not compromised, the stolen information is highly valuable for crafting sophisticated and convincing phishing attacks against travelers. Booking.com has taken steps to secure affected reservations by updating PINs and is notifying impacted users, urging them to be cautious of fraudulent communications that may leverage their legitimate travel plans.",[18,19,20,21,22,23],"Data Breach","Booking.com","Phishing","Travel","Social Engineering","PII",[18,20,25],"Cyberattack","2026-04-14T15:00:00.000Z","2026-04-15T10:00:00.000Z",6,true,"Booking.com breach update: New details on phishing risks, customer advice, and official sources confirming the incident.","Further details have emerged regarding the Booking.com data breach. While financial data remains uncompromised, the risk of highly targeted phishing scams is emphasized with a detailed example of how attackers leverage stolen booking information to trick customers. The company continues to notify affected users and reset PINs, urging vigilance against fraudulent communications. New customer-focused mitigation advice includes using unique passwords, enabling 2FA, and extreme skepticism towards unsolicited messages. Official sources confirming the breach and its implications have also been identified.",{"id":33,"slug":34,"headline":35,"title":36,"severity":37,"excerpt":38,"tags":39,"categories":49,"createdAt":52,"updatedAt":52,"readingTime":53,"cves":54,"cvssScore":62,"isUpdate":63},"14f46649-6f18-44ea-92dd-420793606564","microsoft-april-2026-patch-tuesday-fixes-167-flaws-including-two-zero-days","Microsoft's Colossal April 2026 Patch Tuesday: 167 Flaws Patched, Two Zero-Days Under Fire","Microsoft's April 2026 Patch Tuesday Addresses 167 Vulnerabilities, Including Actively Exploited SharePoint Flaw and Publicly Disclosed Defender Bug","critical","Microsoft has released one of its largest security updates ever for April 2026, patching 167 vulnerabilities across its product ecosystem. The update is critically important, as it addresses two zero-day vulnerabilities: an actively exploited spoofing flaw in SharePoint Server (CVE-2026-32201) which has been added to CISA's KEV catalog, and a publicly disclosed privilege escalation flaw in Microsoft Defender (CVE-2026-33825). The update also fixes eight critical vulnerabilities, including a near-perfect CVSS 9.8 RCE flaw in the Windows IKE Service (CVE-2026-33824), underscoring the urgent need for organizations to apply these patches immediately.",[40,41,42,43,44,45,46,47,48],"Patch Tuesday","Zero-Day","Microsoft","SharePoint","Microsoft Defender","CVE-2026-32201","CVE-2026-33825","CISA","KEV",[50,51,25],"Patch Management","Vulnerability","2026-04-15T15:00:00.000Z",5,[45,46,55,56,57,58,59,60,61],"CVE-2026-33824","CVE-2026-33827","CVE-2026-23666","CVE-2026-32157","CVE-2026-32190","CVE-2026-33114","CVE-2026-33826",9.8,false,{"id":65,"slug":66,"headline":67,"title":68,"severity":15,"excerpt":69,"tags":70,"categories":75,"createdAt":52,"updatedAt":52,"readingTime":77,"isUpdate":63},"4f368842-178e-47ee-8afa-b371f0e0e4e7","hospitality-data-leak-exposes-5-million-guests-via-chekin-and-gastrodat","Massive Hospitality Breach: 5 Million Guests' Data Exposed via Leaky Server Tied to Chekin, Gastrodat","Unprotected Server Leaks Personal Data of 5 Million Hotel Guests from Chekin and Gastrodat Platforms","A significant data breach in the hospitality industry has exposed the personal and booking information of nearly 5 million travelers. Researchers from Cybernews discovered an unprotected server operated by an unknown threat actor, which contained 6.5GB of data harvested from Chekin, a Spanish check-in service, and Gastrodat, an Austrian hotel management provider. The data, scraped using compromised hotel accounts, includes full names, contact information, dates of birth, and detailed booking records, placing millions of individuals at high risk of targeted phishing and social engineering attacks.",[18,71,72,73,23,20,74],"Hospitality","Chekin","Gastrodat","Cybernews",[18,76,20],"Cloud Security",3,{"id":79,"slug":80,"headline":81,"title":82,"severity":83,"excerpt":84,"tags":85,"categories":92,"createdAt":52,"updatedAt":52,"readingTime":77,"isUpdate":63},"eeb5688c-01ab-4dc6-85ac-dd6d1536ca5c","sygnia-survey-73-percent-of-cisos-unprepared-for-major-cyberattacks","Readiness Reality Check: 73% of CISOs Admit They Are Unprepared for a Major Cyberattack","Sygnia Survey Reveals Widespread Lack of Confidence in Cyber Readiness, With 73% of Security Leaders Feeling Unprepared for Major Incidents","informational","A new report from cybersecurity firm Sygnia paints a grim picture of enterprise cyber readiness. Despite 99% of organizations having a formal incident response (IR) plan, nearly three-quarters (73%) of senior security leaders feel their organization is not adequately prepared to handle a major cyberattack. The survey of over 600 leaders points to organizational friction, lack of senior leadership involvement, and legal delays as key obstacles. With 76% of firms hit by an attack in the past year, the gap between planning and operational confidence is a critical business risk.",[86,87,88,89,90,91],"CISO","Incident Response","Cyber Readiness","Sygnia","Report","Security Leadership",[93,94,95],"Policy and Compliance","Security Operations","Regulatory",{"id":97,"slug":98,"headline":99,"title":100,"severity":37,"excerpt":101,"tags":102,"categories":110,"createdAt":52,"updatedAt":52,"readingTime":113,"isUpdate":63},"6fcfbd76-a80a-4987-9e57-5c19a01e5f95","huntress-uncovers-adware-campaign-exposing-25000-systems-to-supply-chain-attack","Adware with Fangs: 25,000 Systems Exposed to $10 Supply Chain Hijack by Dragon Boss Solutions","Huntress Uncovers Adware from Dragon Boss Solutions That Disabled AV and Exposed 25,000+ Systems to Trivial Supply Chain Attack","Security firm Huntress has exposed a dangerous operation where adware signed by 'Dragon Boss Solutions' went far beyond typical potentially unwanted programs (PUPs). The software, found on over 25,000 endpoints, used SYSTEM privileges to disable antivirus products and establish persistence. Critically, it used an unregistered domain for updates, `chromsterabrowser[.]com`, which could have been purchased for $10 by any attacker to push ransomware or other malware to all infected systems, including those in government, healthcare, and critical infrastructure networks. Huntress defensively registered the domain to prevent a widespread supply chain attack.",[103,104,105,106,107,108,109],"Adware","Supply Chain Attack","Huntress","Dragon Boss Solutions","PUP","PowerShell","Defense Evasion",[104,111,112],"Malware","Threat Intelligence",4,{"id":115,"slug":116,"headline":117,"title":118,"severity":15,"excerpt":119,"tags":120,"categories":128,"createdAt":52,"updatedAt":52,"readingTime":113,"isUpdate":63},"c19ac065-2d2f-450a-801b-e1cb088bd58b","barracuda-report-qilin-ransomware-speed-and-middle-east-brute-force-spike","Barracuda Warns of Rapid Qilin Ransomware and Spike in Brute-Force Attacks from Middle East","Barracuda SOC Report: 88% of Brute-Force Attacks Originate from Middle East; Qilin Ransomware Executes Attacks in Minutes","Barracuda's April 2026 SOC Threat Radar report reveals two alarming trends: a massive spike in brute-force authentication attacks against SonicWall and FortiGate devices, with 88% originating from the Middle East, and the incredible speed of the Qilin ransomware group. The report highlights that modern ransomware gangs like Qilin can compromise and disrupt an entire organization in minutes, not days. Barracuda urges organizations to strengthen remote access security with MFA and strong passwords to defend against these parallel threats.",[121,122,123,124,125,126,127],"Ransomware","Qilin","Barracuda","Brute-Force","SonicWall","FortiGate","MFA",[121,112,25],{"id":130,"slug":131,"headline":132,"title":133,"severity":15,"excerpt":134,"tags":135,"categories":143,"createdAt":52,"updatedAt":52,"readingTime":113,"cves":145,"cvssScore":146,"isUpdate":63},"2ac84224-505f-491d-a002-ce566fa51a26","black-shrantac-ransomware-leverages-double-extortion-and-lotl-tactics","Black Shrantac Ransomware Targets Industrial Sector with Double Extortion and Living-off-the-Land Tactics","Black Shrantac Ransomware Group Uses Double Extortion and Legitimate Tools to Target Industrial Environments","A new analysis from Marlink details the operations of the Black Shrantac ransomware group, a threat actor active since September 2025. The group employs a double extortion strategy, exfiltrating sensitive data before encrypting systems. They have been observed exploiting critical vulnerabilities like the PAN-OS flaw (CVE-2024-3400) for initial access and heavily rely on legitimate administrative tools and living-off-the-land (LOTL) techniques to evade detection while moving through victim networks, posing a significant risk to industrial and corporate environments.",[121,136,137,138,139,140,141,142],"Black Shrantac","Double Extortion","LOTL","Living off the Land","CVE-2024-3400","PAN-OS","Industrial Control Systems",[121,144,142],"Threat Actor",[140],10,{"id":148,"slug":149,"headline":150,"title":151,"severity":152,"excerpt":153,"tags":154,"categories":159,"createdAt":52,"updatedAt":52,"readingTime":77,"isUpdate":63},"63db3a21-cd1b-4ce7-8253-e26ad4b75470","springfield-hospital-discloses-patient-data-breach-from-email-compromise","Springfield Hospital Data Breach Exposes Patient Info, Triggers Class-Action Lawsuit Probe","Springfield Hospital Discloses Patient Data Breach After Employee Email Account Compromise, Prompting Lawsuit Investigation","medium","Springfield Hospital in Vermont has notified patients of a data breach that occurred after an employee's email account was compromised. The incident, discovered in December 2025, exposed sensitive patient information including names, Social Security numbers, medical record numbers, and reasons for medical visits. The investigation concluded in February 2026, and notifications are now being sent to affected individuals. The breach has already attracted the attention of law firms, which are investigating the possibility of a class-action lawsuit against the hospital.",[18,155,156,157,20,23,158],"Healthcare","HIPAA","Springfield Hospital","SSN",[18,20,95],{"id":161,"slug":162,"headline":163,"title":164,"severity":152,"excerpt":165,"tags":166,"categories":173,"createdAt":52,"updatedAt":52,"readingTime":77,"isUpdate":63},"39ba655b-472b-43fb-a283-ab9fd09539fe","uk-civil-service-pension-scheme-hit-by-data-breach-under-capita","UK Civil Service Pension Scheme Suffers Data Breach Under Capita's Troubled Administration","Capita's Administration of UK Civil Service Pension Scheme Hit by Data Breach, Exposing Members' Annual Benefit Statements","The UK's Civil Service Pension Scheme (CSPS) has suffered a data breach under the administration of outsourcer Capita. On March 30, a technical glitch on the scheme's online portal allowed 138 members to view or download the Annual Benefit Statements of other members. The incident, which Capita said lasted for 35 minutes, has been reported to the Information Commissioner's Office (ICO). This breach adds to a series of 'serious issues' and performance failures that have plagued Capita's management of the pension scheme since it took over the contract in late 2025.",[18,167,168,169,170,171,172],"Capita","UK Government","Pensions","ICO","GDPR","Insider Threat",[18,95,93],{"id":175,"slug":176,"headline":177,"title":178,"severity":37,"excerpt":179,"tags":180,"categories":186,"createdAt":52,"updatedAt":52,"readingTime":113,"cves":187,"cvssScore":62,"isUpdate":63},"786211ee-9f9e-4398-8ddc-1e50f0196008","critical-nginx-ui-auth-bypass-cve-2026-33032-under-active-exploit","Critical Auth Bypass in nginx-ui (CVE-2026-33032) Actively Exploited for Full Nginx Takeover","Critical Authentication Bypass Vulnerability (CVE-2026-33032) in nginx-ui Under Active Exploit","A critical authentication bypass vulnerability (CVSS 9.8), tracked as CVE-2026-33032, in the open-source nginx-ui management tool is being actively exploited in the wild. The flaw, codenamed 'MCPwn,' allows an unauthenticated attacker to gain complete control of the underlying Nginx service by sending requests to an improperly secured API endpoint. Successful exploitation enables attackers to modify Nginx configurations, intercept traffic, and achieve remote code execution. Users are urged to update to version 2.3.4 or later immediately.",[51,181,182,183,184,185,41],"nginx","nginx-ui","CVE-2026-33032","Authentication Bypass","RCE",[51,25],[183],{"id":189,"slug":190,"headline":191,"title":192,"severity":15,"excerpt":193,"tags":194,"categories":202,"createdAt":52,"updatedAt":52,"readingTime":77,"isUpdate":63},"420486e2-b7e3-4ab5-93d2-9cbeca600016","mirax-android-rat-spreads-via-meta-ads-as-malware-as-a-service","Mirax Android RAT Infects 220,000+ Devices via Meta Ads, Sold as Exclusive MaaS","New 'Mirax' Android RAT Spreads via Facebook and Instagram Ads, Offered as Malware-as-a-Service","A new Android Remote Access Trojan (RAT) named Mirax is being distributed through malicious advertisements on Meta's platforms, including Facebook and Instagram, primarily targeting Spanish-speaking users. Researchers at Outpost24 report that the malware has infected over 220,000 devices. Mirax gives attackers full remote control and turns the infected device into a SOCKS5 proxy to anonymize other malicious traffic. The malware is being sold as a private, high-end Malware-as-a-Service (MaaS) on underground forums, with subscriptions starting at $2,500.",[195,111,196,197,198,199,200,201],"Android","RAT","Mirax","Meta","Facebook","MaaS","SOCKS5",[111,203,144],"Mobile Security",1776260667527]