April 13, 2026 Emerging Threats Weekly

kroll logo
Kroll
Apr 13, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

00:47 [VULNERABILITY] Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Sees Active Exploitation
A pre-authentication API authentication and authorization bypass in FortiClient EMS 7.4.5 and 7.4.6, allowing unauthenticated attackers to execute arbitrary commands or otherwise take control of endpoint-management operations. Fortinet released emergency hotfixes, while CISA gave U.S. federal agencies a short deadline to patch.

02:16 [RANSOMWARE] Storm-1175 Accelerates Medusa Ransomware Intrusions
Microsoft says the cluster it tracks as Storm-1175 is driving Medusa ransomware intrusions at unusually high speed, with some victims moving from initial access to data exfiltration and encryption in less than 24 hours

03:49 [THREAT ACTOR] Drift Protocol Says DPRK-Linked Social Engineering Ran for Six Months
Drift Protocol said its April 1 exploit was the culmination of a six-month social-engineering operation requiring significant resources and deliberate preparation, according to the project’s public statement as reported by Cointelegraph.

05:40 [PHISHING] Device Code Phishing Industrializes Through EvilTokens and Copycat Kits
A device-code phishing attacks abusing the OAuth 2.0 Device Authorization Grant flow have surged more than 37 times this year. In these attacks, the victim is lured into entering an attacker-provided code on a legitimate login page, authorizing the attacker’s device and yielding valid access and refresh tokens.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.