Threat Intelligence Report
Report Date: 2026-04-13
This report summarizes exploited vulnerabilities, major emerging CVEs, campaign-related activity, and vendor concentration trends observed over the last 7 days.
Top KEVs
Most important exploited vulnerabilities added to the KEV catalog during the reporting window.
- CVE-2026-1340 – Ivanti Endpoint Manager Mobile (EPMM) | CVSS 9.8 | Ransomware Use: No
Major CVEs
High-severity recent CVEs not yet represented in KEV but worth monitoring closely.
- CVE-2026-0740 – Unknown Vendor | CVSS 9.8 (CRITICAL) | Published: 2026-04-07
- CVE-2026-5734 – mozilla | CVSS 9.8 (CRITICAL) | Published: 2026-04-07
- CVE-2026-5735 – mozilla | CVSS 9.8 (CRITICAL) | Published: 2026-04-07
- CVE-2021-4473 – Unknown Vendor | CVSS 9.3 (CRITICAL) | Published: 2026-04-07
- CVE-2026-22679 – Unknown Vendor | CVSS 9.3 (CRITICAL) | Published: 2026-04-07
- CVE-2026-35047 – ajax30 | CVSS 9.3 (CRITICAL) | Published: 2026-04-06
- CVE-2026-35022 – Unknown Vendor | CVSS 9.3 (CRITICAL) | Published: 2026-04-06
Active Campaigns
Recent campaign-oriented activity and advisory content from selected threat and advisory sources.
- SANS ISC – Scans for EncystPHP Webshell, (Mon, Apr 13th)
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deployi… - SANS ISC – ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
- SANS ISC – Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS†(SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743… - SANS ISC – ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
- SANS ISC – Number Usage in Passwords: Take Two, (Thu, Apr 9th)
In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data…
Vendor-Specific Risks
Vendors showing the strongest concentration of exploited vulnerabilities, major CVEs, or campaign mentions.
- Unknown Vendor – KEVs: 0, Major CVEs: 4, Campaign Mentions: 0
- mozilla – KEVs: 0, Major CVEs: 2, Campaign Mentions: 0
- Ivanti – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- ajax30 – KEVs: 0, Major CVEs: 1, Campaign Mentions: 0