The Lyceum: Cyber Intelligence Daily — Apr 13, 2026

The theme this week isn't one spectacular breach — it's the systematic collapse of time. Adobe patched a PDF zero-day that attackers had been running since December. A Marimo notebook flaw was weaponized in under ten hours. A Cisco SD-WAN exploit that nation-states have used since 2023 just got a public proof-of-concept anyone can download. And CERT-UA quietly published advisories on four new Russian threat actor campaigns that haven't made it into English yet. The defenders' window is shrinking on every front, and the attackers are reading the same advisories you are — they're just reading them faster.

• CVE-2026-34621 — Adobe Acrobat/Reader: actively exploited zero-day (since ~December 2025), CVSS 8.6, emergency out-of-band patch to version 26.001.21411. Prototype pollution enables code execution on PDF render — no click required.
• CVE-2026-39987 — Marimo Python notebook ≤0.20.4: pre-auth RCE via unauthenticated WebSocket, CVSS 9.3, actively exploited within 10 hours of disclosure. Patch to 0.23.0.
• CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM): added to CISA KEV, confirmed in-the-wild exploitation. Federal remediation deadline will apply; treat as same-day triage.
• CVE-2026-20127 PoC — Cisco Catalyst SD-WAN Controller/Manager: public pre-auth RCE proof-of-concept now on GitHub. Nation-state exploitation (UAT-8616) reported since 2023; CISA Emergency Directive 26-03 in effect.
• FortiWeb 8.0.2 RCE PoC — Exploit-DB entry for remote code execution against FortiWeb WAF. No confirmed mass exploitation yet, but public code accelerates the timeline.
• ZSH 5.9 RCE exploit — Local RCE exploit published on Exploit-DB, no CVE assigned, no vendor patch. ZSH is the default shell on macOS and common across Linux dev environments.

If you open PDFs at work — and everyone does — this is urgent. Adobe released an emergency out-of-band update for CVE-2026-34621, a critical flaw in Acrobat Reader with a CVSS score of 8.6 that has been actively exploited in the wild. According to The Hacker News, the vulnerability is a "prototype pollution" issue — a JavaScript flaw that lets an attacker manipulate an application's internal objects — which means a booby-trapped PDF can run malicious code the moment it renders, no clicks required.

The timeline is what makes this genuinely alarming. According to Cyber Kendra, there is evidence suggesting exploitation dates back to December 2025, giving attackers a four-month head start before the patch landed. The malicious PDFs observed in the wild contained Russian-language lures referencing the oil and gas industry, according to Cyber Kendra — suggesting targeted espionage, not spray-and-pray crime.

Adobe's security bulletin assigns this a Priority 1 rating. The fix is version 26.001.21411, available now via Help → Check for Updates. Enterprise admins can deploy via AIP-GPO or SCUP/SCCM on Windows, Apple Remote Desktop on macOS. The out-of-band release cadence — outside Adobe's normal patch schedule — is itself a reliable signal that exploitation is active and serious. Watch for CISA to add this to the Known Exploited Vulnerabilities catalog in the coming days; when that happens, federal agencies get a hard deadline, and historically that deadline leaves less than a week. Treat that timeline as yours too.

What failure looks like: any organization that waits for the next scheduled patch cycle is running four-month-old exploit code on every machine that opens a PDF. The observable signal is simple — check your fleet's Adobe version number today.

The window between "vulnerability disclosed" and "actively exploited" used to be measured in days. For CVE-2026-39987, it was nine hours and forty-one minutes.

According to Sysdig's Threat Research Team, as reported by The Hacker News, a critical pre-authentication remote code execution flaw in Marimo — an open-source Python notebook used for data science — was exploited within hours of public disclosure, with credential theft completed in under three minutes. The CVSS score is 9.3. "Pre-authenticated" means the attacker needs zero credentials: the terminal WebSocket endpoint /terminal/ws lacks authentication validation entirely, giving anyone who connects a full interactive shell.

What makes this devastating for organizations running AI infrastructure, according to the Cloud Security Alliance's research note, is what lives inside a typical Marimo environment: active API keys for OpenAI, Anthropic, Google, and cloud providers are common fixtures. A compromised notebook doesn't just expose data — it hands over the keys to an organization's entire AI stack.

The fix is Marimo version 0.23.0. If upgrading isn't immediate, block external access to /terminal/ws at the firewall. Rotate every API key and cloud credential that environment could have touched. The broader signal, noted by Security Affairs, is that attackers may be leveraging AI to build exploits from advisories — the advisory itself is now the attack surface. A similar pattern hit Langflow (CVE-2026-33017) at 20 hours; Marimo cut that in half. The trend line points one direction.

What to watch: if Jupyter, n8n, or other notebook platforms disclose similar unauthenticated endpoint flaws in the next two weeks, it means researchers — and attackers — are systematically auditing this class of tool.

[First in English] While Western outlets focused on the Adobe patch, Ukraine's CERT-UA published a cluster of new advisories documenting active Russian campaigns that haven't crossed into English-language reporting.

The most operationally significant: UAC-0190 is conducting targeted attacks against Ukrainian defense-sector organizations using a previously undocumented implant called PLUGGYAPE (CERT-UA#19092). Separately, UAC-0241 targeted an educational institution in eastern Ukraine with malware called GAMYBEAR (CERT-UA#18329) — targeting a school is consistent with Russia's documented pattern of attacking civilian infrastructure. UAC-0239 is running OrcaC2 paired with a stealer called FILEMESS (CERT-UA#17691), and UAC-0245 is deploying a backdoor called CABINETRAT against defense targets (CERT-UA#17479).

These four UAC designations are new to public reporting. None have been attributed to named APT groups yet. The volume of simultaneous campaigns is consistent with CERT-UA's April 10 report noting Russian hackers are shifting from quick data theft to long-term persistent access — these aren't smash-and-grab operations.

A separate advisory documents UAC-0255 impersonating CERT-UA itself, sending fake branded security bulletins that instruct targets to apply "urgent mitigations" — following those instructions installs a remote access trojan called AGEWHEEZE. In a high-alert environment, attackers will weaponize trust in official channels. Verify any advisory-style alert directly on CERT-UA's site before acting on it.

What changes: if PLUGGYAPE, GAMYBEAR, or CABINETRAT indicators start appearing in threat intel feeds outside Ukraine, it means Russian offensive tooling is being repurposed for broader targeting.

Most malware stories begin with "don't download weird files from weird places." This one is nastier because the weird place was the normal place.

According to BleepingComputer and Tom's Hardware, attackers compromised a download API on CPUID's official website and swapped legitimate installers for CPU-Z and HWMonitor — two of the most commonly used hardware diagnostic tools in IT — with trojanized executables for roughly six hours. The Hacker News reports the payload was a Remote Access Trojan called STX RAT, giving attackers full remote control of any machine that ran the installer during the window.

Xakep.ru's coverage adds that the attackers specifically targeted administrator tooling — these are utilities IT staff run with elevated privileges, which makes the initial foothold immediately valuable. The payload was designed to be stealthy and staged, suggesting deliberate preparation rather than opportunistic defacement.

If you downloaded CPU-Z, HWMonitor, or PerfMonitor from CPUID's site around April 9–11, treat the machine as potentially compromised until you verify the installer hash and signature. In a business environment, that means isolation first, certainty later. The next thing to watch: whether this actor reuses the same download-API poisoning technique against other trusted utility sites. When attackers can corrupt the source people already trust, traditional user-awareness advice stops helping — the weight shifts entirely to code-signing verification, hash checks, and having a plan for "we installed a trusted thing and now we're not sure it was trusted."

CERT-UA published an advisory documenting a significant expansion of the offensive toolkit used by UAC-0099, a Russian-aligned threat actor. The advisory names three new malware families — MATCHBOIL, MATCHWOK, and DRAGSTARE — representing active development of new capabilities rather than reuse of known tools. This matters because UAC-0099 has historically targeted Ukrainian government and defense networks, and an "updated toolkit" advisory signals the actor is investing in evasion and persistence. No Western outlet has picked this up, and the new tool names have not appeared in English-language threat intelligence feeds.

Source: CERT-UA — Ukrainian. No English-language coverage confirmed at time of publication.

Russian security outlet Xakep.ru, citing research from Lumen Black Lotus Labs and Microsoft, reported that APT28 (Fancy Bear) compromised consumer and small-office routers — primarily MikroTik and TP-Link devices — and modified their DNS settings to redirect victims' traffic through attacker-controlled infrastructure. The campaign, dubbed "Operation Masquerade," represents an infrastructure-first approach: rather than targeting endpoints, the attackers poisoned the network layer itself, making detection significantly harder for traditional endpoint security tools. If you manage SOHO routers, audit DNS settings immediately. [Source: Xakep.ru — Russian]

A PDF that's been spying on oil executives since Christmas. A data science notebook that lasted nine hours in the wild before someone owned it. A hardware diagnostic tool that diagnosed your machine as "now belongs to someone else."

Somewhere, a Russian threat actor is sending fake CERT-UA advisories telling people to install malware for their own protection — which is either the most cynical social engineering of the year or the most honest description of the patch cycle.

Eyes open, hashes checked.

If someone you know opens PDFs, runs notebooks, or downloads CPU-Z — so, everyone — forward this their way.