Cyber Intelligence Daily — Apr 20, 2026

The story today is that your attack surface now includes the AI tools your coworkers signed up for without telling you. Vercel confirmed yesterday that attackers walked in through a compromised Context.ai OAuth token, hijacked a Google Workspace account, and ended up inside internal systems — with a forum seller now shopping the spoils on BreachForums. Meanwhile, Microsoft Defender is being weaponized against the machines it's supposed to protect, and CERT-UA quietly documented APT28 still burning a nearly three-month-old Office bug through EU governments like it just dropped.

• CVE-2026-34197 — Apache ActiveMQ (Classic before 5.19.4, 6.0.0–6.2.3): added to CISA KEV, actively exploited, CVSS 8.8. A 13-year-old RCE via the Jolokia JMX bridge that has been hiding in plain sight; federal agencies have until April 30 to patch.
• CVE-2009-0238 — Microsoft Office legacy VBA: added to CISA KEV, actively exploited. A 17-year-old memory corruption bug resurrected in current attack chains; federal due date April 28.
• CVE-2026-32201 — Microsoft SharePoint Server: added to CISA KEV, actively exploited. On-prem SharePoint remains one of the most productive entry points for intrusion operators; due date April 28.
• Microsoft Defender "RedSun" (CVE-2026-33825): unpatched Defender privilege escalation abusing the cloud file rollback mechanism for SYSTEM-level code execution; Huntress telemetry confirms active in-the-wild exploitation alongside companion zero-day UnDefend.
• FortiWeb 8.0.2 authenticated RCE PoC: public exploit on Exploit-DB against Fortinet's web application firewall; authenticated command injection — audit any exposed management panels now.
• ZSH 5.9 code execution PoC: public exploit against the default shell on macOS since Catalina; no coordinated upstream patch tied to this vector yet.

If your team deploys anything on Vercel — and a generous slice of the modern web does — open your dashboard before you finish this paragraph.

Vercel CEO Guillermo Rauch disclosed on April 19 that an attacker reached internal Vercel systems after a breach at Context.ai, a third-party AI platform used by a Vercel employee. The chain: Context.ai was compromised first, the employee's Google Workspace account was taken over through that foothold, and the attacker pivoted into Vercel by enumerating environment variables flagged "non-sensitive" — think of those as sticky notes on a whiteboard containing API keys, database connection strings, and tokens that nobody bothered to lock in the vault.

A forum seller claiming to be ShinyHunters posted on BreachForums offering what they described as Vercel access keys, source code, database data, NPM tokens, and GitHub tokens for $2 million. Threat actors linked to recent ShinyHunters activity told BleepingComputer they aren't involved in this one, which is either true or exactly what a brand-conscious extortion crew would say. Rauch explicitly confirmed Next.js, Turbopack, and Vercel's open-source projects remain safe after a supply-chain audit — rebutting the forum post's framing as a Next.js-wide catastrophe — and Vercel is now working with Mandiant and law enforcement.

What changes if this unravels further: if forensics confirm GitHub or npm tokens were used before rotation, this escalates from an identity incident to a supply-chain event touching any app built on Vercel. What success looks like: Vercel publishes a clean forensic report, no token reuse is observed, and Context.ai turns out to be the only casualty. What failure looks like: unusual npm publishes or unexpected CI/CD changes in Vercel-connected repos over the next 72 hours. Vercel has shared a malicious OAuth App ID as an indicator of compromise for Google Workspace admins: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.

If you use Vercel, rotate every environment variable not explicitly marked "sensitive" — now, not after standup. And if anyone at your company uses Context.ai independently of Vercel, you have your own exposure window.

This is the ironic one: the antivirus is the privilege escalation vector.

In a 13-day window this month, three Defender zero-days landed in public view — BlueHammer (patched in April's Patch Tuesday), then UnDefend (which degrades Defender's update mechanism), then RedSun. According to Picus Security's analysis, RedSun (CVE-2026-33825) abuses Defender's cloud file rollback feature: when Defender detects a cloud-tagged file, it tries to restore it to its original location without validating the target path. The exploit triggers a detection with a crafted file, swaps in a cloud placeholder via the Windows Cloud Files API, and when Defender resumes the rollback, it writes the attacker's file into a privileged directory with SYSTEM-level permissions. No elevation required, no user interaction.

Huntress observed BlueHammer being blocked in the wild on April 10, and on April 16 observed RedSun and UnDefend PoCs being actively used — the attacker dropping exploit files into users' Pictures and Downloads folders and renaming them to avoid suspicion, per Help Net Security. The Hacker News confirms all three are now exploited in the wild; two remain unpatched. Vulnerability analyst Will Dormann noted to CSO Online that Defender itself doesn't currently detect the exploit.

What changes if RedSun goes broad: any initial-access implant, even one running as a low-privilege user, gets a reliable path to SYSTEM using a component that's on virtually every Windows machine. The observable signal to watch: anomalous Defender file write activity, particularly involving cldapi.dll operations targeting C:\Windows\System32. Until Microsoft ships a fix, telemetry rules flagging oplock-assisted file redirection are the compensating control.

Ukraine's national cybersecurity agency published advisory #19542 this week documenting that UAC-0001 — the Ukrainian designation for APT28, the GRU's Unit 26165 hacking team — is still burning CVE-2026-21509, a Microsoft Office security feature bypass that Microsoft patched on January 26. Nearly three months later, unpatched environments are getting rolled.

Zscaler's ThreatLabz observed APT28 weaponizing the flaw on January 29 — three days after disclosure — in a campaign Zscaler named Operation Neusploit, targeting Ukraine, Slovakia, and Romania. The Hacker News and CXO Digitalpulse report the lures are geopolitically tuned: phishing emails about transnational weapons smuggling, military training programs, and meteorological emergency bulletins carry weaponized RTF documents that exploit CVE-2026-21509 on open — no macros, no "Enable Content" prompt. One variant drops MiniDoor, an Outlook email-stealing implant; the other deploys PixyNetLoader, which stages a Covenant Grunt backdoor for persistent remote control. Cyberpress reports target sets now include military, transport, and diplomatic entities in Poland, Slovenia, Turkey, Greece, the UAE, and Ukraine.

What changes if you're still unpatched: a nation-state adversary with a head start, an open-on-open exploit, and a demonstrated appetite for EU government targets has your Outlook. What success looks like: you apply the January patch that has been sitting on your WSUS server since January. Watch for CERT-UA to publish fresh IOCs as the target set keeps widening — the advisory backlog has been running ahead of Western reporting on this campaign for weeks.

This hasn't crossed into Western press yet, and it's the most interesting story of the day.

Telega — an unofficial Telegram client that surged in popularity inside Russia as pressure on the official app mounted — was found to have activated a hidden feature on March 18. According to HackMag's reporting, Telega replaces Telegram's data center addresses with its own, uses an additional RSA key absent from the official app, and routes MTProto traffic (Telegram's encrypted messaging protocol) through Russian-controlled proxies. In plain language: a classic man-in-the-middle, silently undoing the encryption users thought they had.

On April 9, Apple pulled Telega from the App Store. iOS then started refusing to launch already-installed copies, displaying: "Unable to open the app 'Telega' because it contains malicious code. Delete this app from your device." Cloudflare flagged the project's domains as spyware. Per reporting from www1.ru, one user who updated three iPhones simultaneously said only the one with Telega installed failed to boot, even after ten hours.

What changes beyond Russia's borders: researchers at RKS Global found three of eight popular alternative Android Telegram clients — Telega, Graph Messenger, and iMe — sending data to Russian servers. If your BYOD policy allows unofficial clients of any E2E messenger, this is the conversation starter. The observable signal to watch: whether Google Play removes Telega, and whether the same teardown gets applied to the other two.

Xakep published a consolidated technical account this morning pulling together the Telega timeline with detail still missing from Western coverage: independent analysts accuse Telega of routing traffic to VK-related infrastructure and transmitting analytics payloads that include device identifiers and VPN-use status. That element — systematic telemetry back to Russian domestic platform infrastructure, not just MITM of messages — is why App Store removal, Cloudflare's spyware designation, and certificate revocation flipped simultaneously. The brick-on-update reports over the weekend appear tied to iOS's new launch-blocking behavior interacting poorly with Telega's modified binary during 26.4.1 installation. Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

CERT-UA's latest advisory on the UAC-0247 cluster documents an intensifying March–April campaign using humanitarian-aid-themed phishing against Ukrainian clinical hospitals, emergency services, municipal bodies, and operators of first-person-view combat drones. The targeting pattern is deliberate: civilian medical infrastructure and the civilian-military seam where volunteer FPV operators coordinate with defense forces. The advisory publishes IOCs that have not yet appeared in Western threat intel feeds. Source: CERT-UA Advisory #6288271 — Ukrainian. No English-language coverage confirmed at time of publication.

Xakep reported a critical vulnerability in Nginx UI — the open-source dashboard for managing Nginx — that allows an attacker to gain complete control of the underlying server. Given how much of the web sits behind Nginx and how many small teams install management UIs without locking down exposure, this is the kind of bug that tends to surface in incident response engagements weeks after disclosure. If you run Nginx UI, patch status is the only question worth asking today. Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Today's picture: a meeting-summary AI handing over the keys to Next.js, an antivirus politely escorting SYSTEM privileges to whoever asks nicely, and an iPhone in Moscow refusing to turn on because it knew too much. Somewhere in this, the lesson is that the threat model now includes the helpful little tool nobody remembers signing up for — and the one that came pre-installed to protect you.

Stay patched. Stay suspicious of anything that makes your life easier.

Forward this to the friend who still has Context.ai connected to their calendar and hasn't thought about it since onboarding.