Daily Threat Intelligence Brief - April 4, 2026
Executive Summary
- FortiClient EMS zero-day (CVE-2026-35616): CVSS 9.1, actively exploited as of today. Unauthenticated API bypass leads to arbitrary code execution. Emergency hotfix released same day
- PraisonAI sandbox bypass (CVE-2026-34938): CVSS 10.0, complete escape from AI agent framework's three-layer sandbox to host OS command execution
- EU Commission breach: 340GB stolen via compromised Trivy update (TeamPCP). 29+ EU entities affected, data published by ShinyHunters
- DarkSword iOS exploit kit: Apple backported patches to iOS 18.7.7 for 6-flaw chain used in Saudi Arabia, Turkey, Malaysia, Ukraine. Full device takeover via watering hole attacks
- Attacker breakout collapses to 22-27 seconds: Mandiant M-Trends 2026 and CrowdStrike data from RSAC confirm human-only SOC response is functionally obsolete
- VoidLink confirmed production-grade: 88,000 lines of AI-generated malware code, single developer using ByteDance TRAE SOLO IDE
- RSAC 2026 takeaway: 85% of enterprises have AI agent pilots, only 5% in production. Agent activity indistinguishable from human in default logging
- Three major supply chain attacks in one week: Trivy (EU Commission), LiteLLM (Mercor), Axios (npm). Supply chain is now the dominant APT playbook
Critical Vulnerabilities
CVE-2026-35616: FortiClient EMS Zero-Day (ACTIVELY EXPLOITED)
Improper access control in FortiClient EMS 7.4.5-7.4.6 allows unauthenticated API authentication bypass leading to arbitrary code execution. No privileges or user interaction required. Emergency hotfix released same day by Fortinet.
- CVSS: 9.1 (Critical)
- Exploitation: Confirmed active in the wild as of April 4
- Affected: FortiClient EMS 7.4.5 through 7.4.6
- Action: Apply Fortinet emergency hotfix immediately
CVE-2026-34938: PraisonAI Sandbox Bypass
Complete bypass of PraisonAI's three-layer sandbox, achieving arbitrary OS command execution on the host. Critical for any organization deploying AI agent frameworks.
- CVSS: 10.0 (Critical, maximum severity)
- Impact: Full host compromise from within AI agent sandbox
- Action: Upgrade PraisonAI; audit all AI agent framework sandboxes
CVE-2026-33105: Azure Kubernetes Service Privilege Escalation
Improper authorization in Microsoft AKS allows unauthenticated network-based attackers to escalate privileges. Scope is "Changed," meaning lateral impact beyond initial access. Published April 3.
- CVSS: 10.0 (Critical)
- Impact: Full AKS cluster compromise from unauthenticated position
- Action: Apply Azure Update Manager patches; review AKS network policies
CVE-2026-35216: Budibase Remote Code Execution
Critical RCE in Budibase low-code platform. Published April 3.
- CVSS: 9.0 (Critical)
- Action: Upgrade Budibase immediately
CVE-2026-5281: Chrome Zero-Day (4th of 2026)
Use-after-free in Dawn WebGPU, chainable for full device compromise via sandbox escape. CISA KEV listed April 1, federal deadline April 15. All Chromium browsers affected.
- Patch: Chrome 146.0.7680.177/178
- Action: Patch all Chromium-based browsers
CISA KEV Updates (April 1-4)
| CVE | Product | Deadline |
|---|---|---|
| CVE-2026-5281 | Chrome (Dawn) | April 15 |
| CVE-2026-3502 | TrueConf Client | April 16 |
Vendor Advisories
Apple: DarkSword Emergency Patches (April 1-2)
Apple issued iOS 18.7.7 / iPadOS 18.7.7, expanded to more devices April 2. The DarkSword exploit kit chains 6 flaws (3 zero-days) for full device takeover via watering hole attacks on iOS 18.4-18.7 devices.
- Data at risk: Emails, iCloud Drive, contacts, SMS, Safari history, crypto wallets, passwords, photos, location history, WhatsApp/Telegram messages
- Campaigns observed in: Saudi Arabia, Turkey, Malaysia, Ukraine
- Attribution: Commercial spyware vendors and state-backed actors
- Notable: Apple backported to iOS 18 rather than forcing iOS 26 upgrade, signaling extreme severity
- Action: Update to iOS 18.7.7 or iOS 26.4. Enable Lockdown Mode for high-risk users
Microsoft: April Patch Tuesday Preview
Scheduled for April 14. Expected 80-100+ vulnerabilities. Secure Boot certificates expire June 26, 2026. April update will include certificate health indicators (green/yellow/red) in Windows Security app. AKS CVE-2026-33105 already patched out-of-band.
Fortinet: Emergency Hotfix (April 4)
Same-day hotfix for CVE-2026-35616 FortiClient EMS zero-day. Apply immediately.
Google Chrome: Version 146 Security Update
21 vulnerabilities patched including CVE-2026-5281 (4th zero-day of 2026).
AI Security Threats
PraisonAI, CrewAI, OpenClaw: AI Agent Frameworks Under Siege
Multiple critical vulnerabilities across AI agent frameworks this week:
- PraisonAI: CVE-2026-34938 (CVSS 10.0, sandbox escape to host RCE) and CVE-2026-34934 (SQL injection)
- CrewAI: Four CVEs allowing chained prompt injection into RCE, SSRF, and file read
- OpenClaw: Local WebSocket gateway vulnerability allows malicious websites to hijack developer AI agents without user interaction
- Chrome Gemini Live (CVE-2026-0628): Unit 42 discovered malicious extensions could hijack the privileged Gemini Live AI assistant panel, gaining camera and microphone access
RSAC 2026: Agentic AI Dominates the Conference
The entire conference centered on agentic AI as the defining security challenge:
- 85% of enterprises have AI agent pilots; only 5% in production
- AI agent activity is indistinguishable from human activity in most default logging configurations
- CrowdStrike: fastest adversary breakout now 27 seconds
- Google Mandiant M-Trends 2026: median time from initial access to secondary action fell to 22 seconds
- Human-only SOC response is functionally obsolete for initial containment at these speeds
U.S. Intelligence Community Annual Threat Assessment
Released April 2, the IC placed AI at the center of national security threats. Adversaries are weaponizing AI for military power, cyber capabilities, and global influence operations.
Shadow AI Crisis Deepens
- 76% of organizations report shadow AI as a definite or probable problem (up from 61% in 2025)
- 1 in 8 companies report AI breaches linked to agentic systems
- Source: Cisco State of AI Security 2026
CIS Formal Warning on Prompt Injection
The Center for Internet Security released a formal warning that prompt injection attacks are a "serious and growing threat." Attackers hiding malicious instructions in documents, emails, and websites that AI tools access. Prompt injection attacks surged 340% in 2026.
Google Workspace Prompt Injection Mitigations
Google published its continuous approach to mitigating indirect prompt injections in Workspace products, acknowledging the systemic nature of the problem.
International AI Safety Report Finding
Sophisticated attackers bypass the best-defended LLM models approximately 50% of the time with just 10 attempts.
AI-Powered Threats in the Wild
VoidLink: Production-Grade AI Malware Confirmed
Check Point Research analysis confirms VoidLink as 88,000+ lines of code: C2, eBPF/LKM rootkits, 30+ post-exploitation plugins. Built almost entirely by a single developer using ByteDance's TRAE SOLO AI IDE. First documented case of a fully AI-developed advanced malware framework.
Polymorphic AI Malware in Russian Government Attacks
Google Mandiant found polymorphic AI malware using model APIs to generate code on-demand during execution, altering signatures in real-time. Observed in Russian government-backed attacks against Ukraine.
APT36: First Nation-State AI Malware Assembly Line
First documented nation-state actor using AI as a "malware assembly line" for polymorphic malware variant production at scale.
Slopoly: AI-Generated Ransomware Loader
IBM X-Force documented Hive0163 using AI-generated "Slopoly" malware for persistent access during ransomware attacks, maintaining server access for over a week.
Threat Actor Activity
EU Commission Breach: TeamPCP via Trivy Supply Chain
The largest EU government breach in recent years. TeamPCP compromised a Trivy update to harvest AWS API keys from the Europa.eu cloud hosting platform. 340GB stolen (91.7GB compressed) including mail servers, databases, confidential documents, and contracts. Up to 71 clients on Europa web hosting, 29+ EU entities affected. Data published by ShinyHunters on dark web March 28.
APT28 (Russia): Microsoft Office Exploitation
Targeting government and military entities using CVE-2026-21509 (Microsoft Office vulnerability) in multi-stage stealth attack chain.
North Korea: Axios npm Supply Chain Compromise
North Korean hackers hijacked the popular Axios npm project, inserting malware into a tool downloaded tens of millions of times weekly.
Iran: Post-Strike Retaliatory Cyber Operations
Following February 2026 U.S.-Israel strikes, surge of retaliatory cyber operations from pro-Iranian and pro-Palestinian groups. DDoS, defacement, and claimed data breaches targeting Israel, U.S., and allies.
DarkSword Operators
Multi-nation spyware campaigns observed in Saudi Arabia, Turkey, Malaysia, and Ukraine using the DarkSword iOS exploitation toolkit. Both commercial surveillance vendors and state-backed actors involved.
Ransomware & Data Breaches
| Target | Operator | Details |
|---|---|---|
| EU Commission | TeamPCP | 340GB via Trivy supply chain; 29+ entities |
| Mercor | Lapsus$ | $10B AI startup; LiteLLM supply chain cascade |
| Nissan | Everest | Full scope under investigation |
| T-Mobile | Insider | Limited insider breach; restricted account data |
| ComTec Systems | TBD | Disclosed to Maine AG April 1 |
| WhatsApp users | N/A | 200 users tricked into spyware app; targets Italy |
Weekly metrics: 168 ransomware victims across 43 countries claimed by 31 operators, including 3 newly discovered groups.
Supply chain dominance: Three major supply chain attacks in one week (Trivy, LiteLLM, Axios) confirms supply chain as the preferred APT playbook for 2026.
Recommended Actions
Immediate (24-48 hours)
- Patch FortiClient EMS: CVE-2026-35616 actively exploited today. Apply Fortinet emergency hotfix
- Update Chrome: CVE-2026-5281, all Chromium browsers. Federal deadline April 15
- Update iOS: 18.7.7 or 26.4 to block DarkSword exploitation toolkit
- Audit AKS clusters: CVE-2026-33105 (CVSS 10.0) allows unauthenticated privilege escalation
Short-Term (This Week)
- Audit AI agent framework sandboxes: PraisonAI (CVSS 10.0), CrewAI (4 CVEs), OpenClaw all had critical vulns
- Check supply chain exposure: Review dependencies for Trivy, LiteLLM, Axios compromise indicators
- Review Gemini Live extensions: CVE-2026-0628 allows camera/mic hijack via Chrome extensions
- Plan for Microsoft Patch Tuesday: April 14, expected 80-100+ vulnerabilities
Strategic
- Prepare Secure Boot certificate rotation: Certificates expire June 26, 2026. April update adds health check
- Deploy AI agent telemetry: RSAC confirmed agent activity is invisible in default logging configs
- Reassess SOC response times: 22-27 second attacker breakout means automated containment is mandatory
- Implement supply chain integrity verification: Three attacks in one week through trusted update channels
Sources
- FortiClient EMS Zero-Day - Help Net Security
- FortiClient EMS Zero-Day - Cybersecurity News
- PraisonAI RCE - TheHackerWire
- Azure AKS CVE-2026-33105 - TheHackerWire
- Azure AKS - Windows News
- Budibase RCE - TheHackerWire
- Chrome Zero-Day - The Hacker News
- Chrome Zero-Day - BleepingComputer
- Apple DarkSword - MacRumors
- Apple DarkSword - The Hacker News
- DarkSword Analysis - Google Cloud Blog
- Agentic AI CVEs - Adversa AI
- RSAC 2026 - SiliconANGLE
- RSAC 2026 - VentureBeat
- AI Threat Assessment - The Defense Post
- CIS Prompt Injection Warning
- Google Workspace Prompt Injection - Google Security Blog
- Prompt Injection Unpatchable - Arnav.au
- Cisco State of AI Security 2026
- VoidLink - Check Point Research
- Polymorphic AI Malware - SiliconANGLE
- Slopoly Malware - IBM
- EU Commission Breach - TechCrunch
- EU Commission Breach - Help Net Security
- Mercor Breach - Fortune
- CISA KEV Catalog
- Secure Boot Deadline - Windows News