Mandiant's M-Trends 2026 reports adversary handoff times have collapsed to 22 seconds. CrowdStrike's Global Threat Report puts average eCrime breakout at 29 minutes. Six new KEV additions today include FortiClient EMS CVE-2026-21643, Adobe Acrobat Reader, Microsoft Exchange, and Windows CLFS — all under active exploitation with an April 27 patch deadline. A major AI company rotated macOS certificates after its build environment consumed the compromised Axios library — the state-linked supply chain attack is reaching AI infrastructure. ViperTunnel, a Python-based backdoor, has been linked to DragonForce ransomware targeting Windows servers. A state-linked espionage group is targeting journalists via Signal/Google/Zoom lures through professional networking platforms. An email provider breach exposed 40M+ records including corporate and diplomatic communication metadata.

Links & Resources

• https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html
• https://thehackernews.com/2026/04/mandiant-m-trends-2026-22-second-handoff.html
• https://www.crowdstrike.com/global-threat-report/
• https://hackread.com/vipertunnel-dragonforce-ransomware-windows-servers/
• https://hackread.com/openai-rotates-macos-certificates-axios-compromise/
• https://hackread.com/bitter-apt-journalists-signal-zoom-spearphishing/
• https://cybernews.com/email-provider-leak-40-million-records/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog