Threat Intelligence Report
Report Date: 2026-04-14
This report summarizes exploited vulnerabilities, major emerging CVEs, campaign-related activity, and vendor concentration trends observed over the last 7 days.
Top KEVs
Most important exploited vulnerabilities added to the KEV catalog during the reporting window.
- CVE-2026-21643 – Fortinet FortiClient EMS | CVSS 9.8 | Ransomware Use: No
- CVE-2026-1340 – Ivanti Endpoint Manager Mobile (EPMM) | CVSS 9.8 | Ransomware Use: No
- CVE-2023-21529 – Microsoft Exchange Server | CVSS 8.8 | Ransomware Use: No
- CVE-2026-34621 – Adobe Acrobat and Reader | CVSS 8.6 | Ransomware Use: No
- CVE-2012-1854 – Microsoft Visual Basic for Applications (VBA) | CVSS 7.8 | Ransomware Use: No
- CVE-2025-60710 – Microsoft Windows | CVSS 7.8 | Ransomware Use: No
- CVE-2023-36424 – Microsoft Windows | CVSS 7.8 | Ransomware Use: No
Major CVEs
High-severity recent CVEs not yet represented in KEV but worth monitoring closely.
- CVE-2026-23696 – Unknown Vendor | CVSS 9.4 (CRITICAL) | Published: 2026-04-07
Active Campaigns
Recent campaign-oriented activity and advisory content from selected threat and advisory sources.
- SANS ISC – ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
- SANS ISC – Scans for EncystPHP Webshell, (Mon, Apr 13th)
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deployi… - SANS ISC – ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
- SANS ISC – Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS†(SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743… - SANS ISC – ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
Vendor-Specific Risks
Vendors showing the strongest concentration of exploited vulnerabilities, major CVEs, or campaign mentions.
- Microsoft – KEVs: 4, Major CVEs: 0, Campaign Mentions: 0
- Adobe – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- Ivanti – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- Fortinet – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- Unknown Vendor – KEVs: 0, Major CVEs: 1, Campaign Mentions: 0