Cyber Intelligence Daily — Apr 25, 2026

Today's news has a hardware-meets-helpdesk flavor. CISA added four more actively-exploited bugs to the KEV catalog yesterday — including a CVSS 9.9 in SimpleHelp, the remote-support tool your IT team uses to fix your laptop — and Kaspersky disclosed a hardware-level flaw in Qualcomm Snapdragon chips that lives below the operating system. Meanwhile, a newly named espionage group called Geo Likho has been quietly running 200+ attacks against Russian aviation and maritime targets since last summer, and almost nobody in the Western press has noticed.

• CVE-2026-33825 (BlueHammer) — Microsoft Defender on Windows: patched April 14, actively exploited as a zero-day, CVSS rated high (operational maturity per KEV). Low-privileged local user escalates to SYSTEM; CISA federal deadline May 6.
• CVE-2024-57726 — SimpleHelp remote support: patched, actively exploited, CVSS 9.9. Low-privileged technicians can mint API keys with admin permissions — clean privilege escalation in software MSPs run for hundreds of clients. KEV deadline May 8.
• CVE-2024-57728 — SimpleHelp: patched, actively exploited, CVSS 7.2. Path traversal via crafted ZIP upload chains cleanly with 57726 for full RCE.
• CVE-2025-29635 — D-Link DIR-823X: actively exploited, possibly end-of-life (no patch path). Command injection via crafted POST; Mirai-variant scanning already observed.
• CVE-2024-7399 — Samsung MagicINFO 9 Server: actively exploited; KEV deadline May 8.
• CVE-2026-25262 — Qualcomm Snapdragon BootROM (Sahara protocol): no patch possible (hardware-level flaw); requires physical access; bypasses secure boot on MDM9x07/45/65, MSM8909/16/52, SDX50 chipsets.
• ThrottleStop kernel driver 0-day — Public PoC on Exploit-DB; out-of-bounds write yields instant SYSTEM. No patch. Classic bring-your-own-vulnerable-driver vector for ransomware crews to disable EDR.

If your organization uses SimpleHelp — the remote-support platform IT staff use to take control of employee computers — patch it before the weekend ends.

CISA on Friday added four vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers to its Known Exploited Vulnerabilities catalog. The KEV catalog is the government's running list of bugs being used against real targets right now, not theoretical risks. The most urgent is CVE-2024-57726, a missing-authorization flaw with a CVSS of 9.9: a low-privileged technician can quietly create API keys with admin-level permissions and promote themselves. The companion bug, CVE-2024-57728, lets that admin upload a crafted ZIP that traverses the filesystem and executes arbitrary code. Together they form a clean foothold-to-RCE chain.

This matters beyond the obvious: SimpleHelp is heavily used by managed service providers — the IT companies that run networks for dozens or hundreds of smaller businesses. One compromised SimpleHelp server becomes a pivot point into every client downstream. That's the same blast-radius geometry that turned the 2021 Kaseya VSA incident into a ransomware event across two continents.

If this succeeds as a campaign, expect ransomware deployments at MSPs within days; watch incident reports next week from the managed-services sector. If it fizzles, it'll be because organizations actually patched on time — which would be a first. The federal deadline is May 8. The D-Link entry, CVE-2025-29635, is the one to feel uneasy about: the device may already be end-of-life, meaning the only fix is replacement, and Mirai-like scanning has already been observed targeting it.

A flaw in Microsoft Defender — the antivirus built into Windows — has been exploited as a zero-day. Microsoft patched it on April 14; CISA added it to the KEV catalog on April 23 with a federal deadline of May 6. SecurityWeek and BleepingComputer report that CVE-2026-33825, nicknamed BlueHammer, lets an attacker who already has limited access on a machine escalate to SYSTEM privileges — full control of the device. Microsoft frames it as an elevation-of-privilege issue caused by insufficient access-control granularity.

If this succeeds as an exploitation campaign, BlueHammer becomes a standard post-foothold step in ransomware playbooks — particularly because Defender is the default endpoint protection on most enterprise Windows fleets, meaning the bug is widespread. If it fades, it'll show up in a few intrusion writeups and then disappear into the patch graveyard. The signal to watch: how often "BlueHammer" appears in Huntress or Microsoft incident reporting over the next two weeks. A separate concern lurks behind it — researchers have publicly disclosed PoCs for two other Defender LPE bugs ("RedSun" and "UnDefend") that, per techjacksolutions reporting, remain unpatched.

Most threat-actor stories run West-to-East. This one runs the other way, and it hasn't appeared in English-language press yet.

Kaspersky researchers have named an APT group Geo Likho that has conducted more than 200 attacks in the past seven months and has been active since at least July 2024, primarily against aviation and maritime shipping companies — but also government agencies, educational institutions, and machine-building enterprises. Per Kaspersky and Russian outlet Xakep, the group is linked retrospectively to a spyware trojan called Batavia. The attack chain begins with a phishing link that delivers a TAR archive containing a VBE script; samples sometimes include a hard-coded victim ID, and some payloads abuse legitimate Windows binaries like computerdefaults.exe to bypass User Account Control. Lures are written almost entirely in Russian; isolated infections in Germany, Serbia, and Hong Kong appear incidental.

What makes Geo Likho unusual, according to Kaspersky's Alexey Shulmin, is the level of customization — the group builds tooling tailored to each victim's specific infrastructure. If this is what it looks like, Geo Likho is a well-resourced foreign intelligence operation pre-positioning inside Russian transport sectors; the enumeration profile (lists of installed programs, drivers, OS components) is consistent with staging for a follow-on disruptive campaign. If it's something else — say, a freelance intelligence vendor selling to multiple buyers — the tradecraft signature would diverge across targets. Kaspersky has not publicly attributed the group to a country. Watch for Western pickup and a second-vendor attribution; that's when this story actually breaks.

Source: Xakep.ru and CNews — Russian. No English-language coverage confirmed at time of publication.

Most software bugs can be patched. CVE-2026-25262 cannot — at least not on existing hardware.

Kaspersky ICS CERT discovered a flaw in the BootROM of multiple Qualcomm chipsets — the very first code that runs when a device powers on, before the operating system loads. The bug lives in Qualcomm's Sahara protocol, the low-level channel used when a chip enters Emergency Download Mode for repair or recovery. An attacker with physical access can use it to bypass the chip's secure boot chain and, in some scenarios, plant backdoors at the application processor level — beneath where any antivirus, EDR, or operating system can see. Affected silicon includes MDM9x07, MDM9x45, MDM9x65, MSM8909/16/52, and SDX50 series chipsets, which sit in hundreds of millions of phones, tablets, vehicle components, and industrial IoT devices. Kaspersky reported it to Qualcomm in March 2025; Qualcomm acknowledged it in April 2025; the research was presented this week at Black Hat Asia 2026.

The good news: physical access is required, which rules out mass exploitation. The bad news: physical access can occur at border crossings, during device seizures, at repair shops, and in customs inspections. If this becomes operationalized for targeted attacks, expect quiet advisories from journalist-protection and civil-society groups about device handling. If Qualcomm or handset makers ship practical end-user mitigations, that will be the signal worth reading. There is no patch for the affected hardware; the only real mitigation is restricting who gets to hold your device.

Ukraine's national cyber agency published a detailed advisory on threat cluster UAC-0255, which sent phishing emails between March 26-28 styled as official CERT-UA security notifications — including a lookalike domain (cert-ua[.]tech) whose HTML was copied wholesale from the real cert.gov.ua. The lure is a ZIP file labeled "CERT_UA_protection_tool" hosted on Files.fm; the payload is the AGEWHEEZE remote access trojan. Targets included government bodies, hospitals, security companies, and educational institutions. CERT-UA assesses the campaign as largely unsuccessful, with infections limited to personal devices — but the technique matters: when defenders are trained to trust the very people impersonating them, the social-engineering perimeter collapses inward.

Source: CERT-UA Advisory #21075 — Ukrainian. No English-language coverage confirmed at time of publication.

Russian outlet Xakep, summarizing OX Security research published this week, reports that a design issue in the Model Context Protocol — Anthropic's open standard for wiring AI agents to outside systems — can lead to arbitrary command execution on more than 7,000 publicly exposed servers. The flaw affects MCP's STDIO transport across official SDKs in Python, TypeScript, Java, and Rust, and propagates into popular agent frameworks: LiteLLM, LangChain, LangFlow, Flowise, GPT Researcher, Windsurf. Per OX Security's account relayed by Xakep, Anthropic treated the underlying behavior as expected and updated guidance rather than the protocol itself. The practical consequence: a meaningful slice of "AI productivity" stacks have shipped remote-shell behavior under a friendlier name. Sandbox MCP services, never expose them publicly, and treat external configs as untrusted.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

A help-desk tool with a 9.9 hiding in plain sight, an antivirus that hands attackers the keys to their own house, and a chip flaw so deep the only patch is "don't let anyone touch your phone." Somewhere in Russia, a Snapdragon-powered cargo ship is being phished in fluent Russian by people who probably don't work for the Kremlin, and Anthropic just told 7,000 exposed MCP servers that getting a shell is the feature, not the bug.

Patch what you can reach.

Forward this to the friend who still thinks "endpoint protection" means the endpoint is protected.