Threat Intelligence Report
Report Date: 2026-04-12
This report summarizes exploited vulnerabilities, major emerging CVEs, campaign-related activity, and vendor concentration trends observed over the last 7 days.
Top KEVs
Most important exploited vulnerabilities added to the KEV catalog during the reporting window.
- CVE-2026-1340 – Ivanti Endpoint Manager Mobile (EPMM) | CVSS 9.8 | Ransomware Use: No
- CVE-2026-35616 – Fortinet FortiClient EMS | CVSS 9.8 | Ransomware Use: No
Major CVEs
High-severity recent CVEs not yet represented in KEV but worth monitoring closely.
- CVE-2019-25687 – Unknown Vendor | CVSS 9.3 (CRITICAL) | Published: 2026-04-05
Active Campaigns
Recent campaign-oriented activity and advisory content from selected threat and advisory sources.
- SANS ISC – Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS†(SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743… - SANS ISC – ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
- SANS ISC – Number Usage in Passwords: Take Two, (Thu, Apr 9th)
In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data… - SANS ISC – TeamPCP Supply Chain Campaign: Update 007 – Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
This is the seventh update to the TeamPCP supply chain campaign threat intelligence report, ”When the Security Scanner Became the Weapon”&&… - SANS ISC – More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes!
Vendor-Specific Risks
Vendors showing the strongest concentration of exploited vulnerabilities, major CVEs, or campaign mentions.
- Ivanti – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- Fortinet – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- Unknown Vendor – KEVs: 0, Major CVEs: 1, Campaign Mentions: 0
- Google – KEVs: 0, Major CVEs: 0, Campaign Mentions: 1
- Cisco – KEVs: 0, Major CVEs: 0, Campaign Mentions: 1