Cyber Intelligence Daily — Apr 27, 2026

The throughline today is patches that didn't hold and windows that didn't last. CISA's Known Exploited Vulnerabilities catalog gained six new entries this past week, including a Marimo notebook flaw that went from advisory to active exploitation in under ten hours — with no public proof-of-concept code; telemetry suggests someone built one shortly after the advisory. Meanwhile, Fortinet customers learned that the SSO bypass they patched twice has a third variant, Anatsa cracked Russia's Google Play top 200, and Clop's Oracle leak site is adding names again. Nothing here is a singular catastrophe — it's the cumulative weight of fast-moving attackers and slow-closing windows.

• CVE-2026-39987 — Marimo (all versions before 0.23.0): patched upstream, actively exploited, on CISA KEV with a May 7 federal deadline. Pre-auth RCE via an unauthenticated WebSocket terminal endpoint; per Sysdig, first exploited 9 hours 41 minutes after disclosure.
• CVE-2024-7399 — Samsung MagicINFO 9 Server: patched, actively exploited, added to KEV April 24 with a May 8 federal deadline. Unauthenticated JSP upload leading to system-level RCE; linked to Mirai botnet recruitment.
• CVE-2024-57726 / CVE-2024-57728 — SimpleHelp remote support: patched, actively exploited, KEV-listed with May 8 deadline. Missing-authorization and path-traversal flaws that chain to full server admin.
• CVE-2025-29635 — D-Link DIR-823X: command injection on potentially end-of-life hardware, KEV-listed May 8 deadline. CISA's guidance for EoL gear is "discontinue use."
• CVE-2025-32463 PoC — Linux sudo chroot local privilege escalation: working proof-of-concept published to GitHub in the last 24 hours. Lowers the bar for post-compromise root on any unpatched Linux box.
• Bitwarden CLI npm poisoning — @bitwarden/[email protected]: malicious package live for ~90 minutes on April 22, harvested developer credentials and environment variables via preinstall hook before removal.

If your data science team uses Marimo — the open-source Python notebook gaining ground on Jupyter — someone may already have a shell on your server.

CVE-2026-39987 is a pre-authenticated remote code execution flaw in Marimo's terminal WebSocket endpoint, which forgot to call the authentication validator that every other endpoint correctly invokes. "Pre-authenticated" means no login required: an attacker who finds your server on the internet gets a shell. The fix is in version 0.23.0.

The part that should rearrange your patching priorities: per Sysdig's Threat Research Team, the first in-the-wild exploitation attempt landed 9 hours and 41 minutes after the advisory was published. There was no public proof-of-concept; Sysdig's timeline suggests the exploit was developed during a single workday. From April 11 to 14, Sysdig observed 11 unique source IPs across 10 countries generating 662 exploit events — credential theft, DNS exfiltration, lateral movement to PostgreSQL and Redis using stolen credentials, and deployment of a novel malware variant through a typosquatted HuggingFace Space using blockchain-based command and control.

What changes if this pattern holds: AI/ML tooling becomes the highest-priority advisory class for any team that runs it on the open internet. The CISA federal deadline is May 7; for a vulnerability already weaponized earlier in April, that deadline functions as a ceiling, not a floor. The signal to watch is whether Sysdig or other telemetry providers report similar advisory-to-exploit windows for the next AI-tooling CVE. If three out of the next five look like this, treat any internet-exposed inference, notebook, or model-serving stack as standing-up emergency triage. What failure looks like: organizations keep treating AI tooling like ordinary web apps with weekly patch cycles, and the next blockchain botnet runs on enterprise GPU clusters.

This is the scenario defenders dread: you did the work, you patched on schedule, and you're still exposed.

CVE-2026-24858 is a newly disclosed authentication flaw in Fortinet's FortiCloud single sign-on. A user with a FortiCloud account and one registered device can log in to separate devices registered to other users — across FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer. Per the CISA advisory aggregator, the patches for the two earlier SSO bypasses (CVE-2025-59718 and CVE-2025-59719) do not protect against this one. Three holes below the waterline; the first two repairs missed the third.

What changes if this succeeds as a tradecraft pattern: "fully patched" stops meaning much for SSO logic generally, and defenders have to start treating authentication subsystems as a class to be re-audited rather than a checkbox to be ticked. What to watch: whether independent researchers confirm active exploitation in the wild, and whether Fortinet's next advisory addresses a fourth variant. If it does, the underlying authentication logic needs a rewrite, not another patch.

Most banking malware stories run West-to-East. This one runs the other way, and it hasn't reached English-language press yet.

Russian security outlet Xakep.ru reported Sunday — citing Kaspersky research — that Anatsa, the Android banking trojan also known as TeaBot, surfaced inside the top 200 most-downloaded apps on Russia's Google Play Store. The specific dropper reached around No. 185 in the Tools category and accumulated more than 10,000 downloads before removal. The playbook is unchanged from earlier Anatsa campaigns documented by The Hacker News: ship a genuinely useful app, pass review, build an audience in the tens of thousands, then push an update that embeds the malware. Once installed, Anatsa overlays counterfeit login screens on top of legitimate banking apps — pixel-perfect fakes — and harvests credentials as users type.

Per Security Affairs, the latest variant targets more than 831 financial institutions worldwide, including cryptocurrency platforms.

What changes if this is geographic expansion rather than a one-off: Russian-speaking mobile banking users become the next major harvest, and the operators demonstrate that the update-after-approval model scales across language markets. What failure looks like for defenders: treating mobile security as an install-time problem when the actual risk is the silent update three weeks later. The signal to watch: whether other Anatsa droppers appear in productivity and finance categories on the Russian Play store in the next two weeks.

A lot of ransomware coverage still treats every attack like a smash-and-grab. Check Point Research's new DFIR report on The Gentlemen is a better mental model: ransomware operators are increasingly behaving like franchisors.

Per Check Point, The Gentlemen has publicly claimed more than 320 victims, with roughly 240 of those compromises occurring in the first months of 2026 alone. Affiliates are using SystemBC — a proxy and tunneling tool — to build resilient, hidden channels for lateral movement and data exfiltration. Related command-and-control infrastructure has been tied to more than 1,570 victims globally, concentrated in the United States, the United Kingdom, and Germany. The lockers are multi-platform: Windows, Linux, NAS, BSD, and ESXi all in one campaign.

What changes if this is the new operating model: the encryptor stops being the interesting part. The interesting part is the standardized middle of the kill chain — the tunnels, the credential validation, the lateral-movement playbook — sold as a kit to affiliates. What to watch: whether SystemBC keeps showing up consistently across Gentlemen-attributed incidents. If it does, network-layer detection of tunneling traffic becomes the highest-leverage defensive investment for the next twelve months.

CERT-UA published an advisory documenting the UAC-0247 cluster (also tracked as UAC-0244), describing a March–April surge of phishing operations against Ukrainian clinical hospitals, emergency services, municipal authorities, and operators of first-person-view drones. The lures are humanitarian aid notifications. The targeting profile — civilian medical infrastructure plus the operators of the cheapest, most-used battlefield drone in Ukraine — suggests intelligence collection feeding kinetic operations. Western press has not covered this advisory. Source: CERT-UA — Ukrainian. No English-language coverage confirmed at time of publication.

Per a Beelzebub research team report carried by Tencent News, a threat actor tracked as PCPcat compromised more than 59,000 Next.js servers in a 48-hour window by chaining CVE-2025-29927 and CVE-2025-66478 to manipulate JSON payloads into remote code execution. The campaign reportedly achieved a 64% success rate against scanned targets during the 48-hour window, calling home to 67.217.57.240. Once inside, the attackers strip cloud credentials, vacuum .env files, steal SSH keys, and install GOST and FRP backdoors to enlist hosts as botnet nodes. No English-language outlet has picked this up. If you run Next.js in containers, audit egress now. Source: Tencent News / Beelzebub — Chinese. No English-language coverage confirmed at time of publication.

A lobby TV server quietly enlisted in a Mirai botnet, a Python notebook compromised in less time than a workday, and a password manager that briefly poisoned its own command line. Somewhere a security team is congratulating itself on patching twice while the third Fortinet advisory drafts itself.

Stay paranoid.

Forward this to the colleague who still thinks "we patched it" is a sentence with a period at the end.