📋 Top Headlines at a Glance

1. Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast
2. Adobe Patches Reader Zero-Day Exploited for Months
3. CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
4. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
5. Over 20,000 crypto fraud victims identified in international crackdown

   Executive Summary: Today's intelligence highlights a critical convergence of immediate and emerging threats. Multiple zero-day vulnerabilities, including one impacting Windows and another actively exploited in Adobe Reader, demand urgent patching. A significant supply chain compromise via the CPUID website distributed a remote access trojan, underscoring software integrity risks. Concurrently, nation-state actors continue to target internet-exposed Operational Technology (OT) in critical infrastructure, while law enforcement efforts reveal the vast scale of international cryptocurrency fraud. Organizations must prioritize rapid vulnerability management, supply chain security validation, and robust OT/IT network segmentation.

🌍 Technical Intelligence Breakdown

🚨 Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast

This report highlights a leaked zero-day exploit impacting Windows systems, signaling an immediate and high-risk threat. The leak precedes an anticipated Patch Tuesday, emphasizing the critical need for rapid patch deployment once available.

Key points:

• An Unknown zero-day exploit for Windows has been publicly leaked.
• Organizations should prepare for an upcoming Patch Tuesday to address this and other potential vulnerabilities.
• The report also touches on Cloudflare's accelerated timeline for post-quantum security, targeting 2029 for full product suite implementation, including post-quantum authentication. This follows Google's revised roadmap based on improved quantum algorithms for breaking elliptic curve cryptography.

Defensive Actions:

• Monitor official vendor channels for emergency patches or advisories regarding the leaked Windows zero-day.
• Prepare for rapid deployment of all security updates released on the upcoming Patch Tuesday.
• Implement robust endpoint detection and response (EDR) solutions to detect anomalous activity potentially leveraging the leaked exploit.

🩹 Adobe Patches Reader Zero-Day Exploited for Months

Adobe has released a patch for a zero-day vulnerability in Reader, identified as CVE-2026-34621, which has been actively exploited for an extended period. This vulnerability allows for arbitrary code execution, posing a severe risk to affected systems.

Key points:

• A zero-day vulnerability, CVE-2026-34621, in Adobe Reader has been patched.
• This vulnerability was actively exploited for several months prior to the patch release.
• Successful exploitation could lead to arbitrary code execution on a victim's system.

Defensive Actions:

• Immediately apply the latest security updates for Adobe Reader across all endpoints.
• Educate users on the risks of opening untrusted PDF documents.
• Ensure endpoint protection solutions are up-to-date and configured to detect and prevent exploit attempts against document readers.

⛓️ CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised the CPUID website (cpuid[.]com), a popular source for hardware monitoring tools, to distribute malicious executables. This supply chain attack led to the deployment of the STX RAT (Remote Access Trojan) on user systems.

Key points:

• The cpuid[.]com website was compromised for less than 24 hours, specifically from April 9, 15:00 UTC, to April 10, 10:00 UTC.
• During the compromise window, downloads for legitimate tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor were replaced with trojanized versions.
• The malicious executables deployed the STX RAT, granting attackers remote access to infected systems.

Defensive Actions:

• Organizations that downloaded software from cpuid[.]com between April 9, 15:00 UTC, and April 10, 10:00 UTC, should assume compromise and initiate incident response procedures.
• Scan all systems that downloaded these tools during the specified period for the STX RAT or other indicators of compromise.
• Implement software integrity checks (e.g., hash verification) for all downloaded third-party utilities.
• Review and strengthen supply chain security protocols, particularly for software acquisition.

🏛️ Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

Censys researchers identified over 5,000 internet-exposed Rockwell PLCs, primarily located in the U.S., making them vulnerable to attacks by Iranian APTs. This finding aligns with warnings from U.S. agencies regarding nation-state targeting of Operational Technology (OT) in critical infrastructure sectors.

Key points:

• 5,219 Rockwell PLCs were found to be internet-exposed by Censys researchers.
• The majority of these exposed devices are located in the United States.
• U.S. agencies (FBI, CISA, NSA) previously warned on April 7, 2026, about Iran-linked APTs exploiting internet-connected OT devices.
• These Unknown threat actors are actively targeting critical infrastructure sectors.

Defensive Actions:

• Immediately identify and secure or disconnect any internet-exposed Rockwell PLCs or other OT devices.
• Implement strict network segmentation between IT and OT environments.
• Deploy robust firewalls and intrusion detection/prevention systems at OT network perimeters.
• Conduct regular vulnerability assessments and penetration tests on OT systems.
• Ensure strong authentication and access control mechanisms are in place for all OT components.

💸 Over 20,000 crypto fraud victims identified in international crackdown

An international law enforcement operation, spearheaded by the U.K.'s National Crime Agency (NCA), has identified more than 20,000 victims of cryptocurrency fraud. The victims are spread across Canada, the United Kingdom, and the United States, highlighting the global scale of such financial crimes.

Key points:

• Over 20,000 victims of cryptocurrency fraud have been identified.
• The victims are located in Canada, the United Kingdom, and the United States.
• This identification is the result of an international law enforcement action led by the U.K.'s National Crime Agency (NCA).
• Dataset provides limited detail on the specific fraud methods or actors involved.

Defensive Actions:

• Educate employees and stakeholders on common cryptocurrency fraud schemes (e.g., phishing, investment scams, fake exchanges).
• Implement multi-factor authentication (MFA) for all cryptocurrency-related accounts.
• Advise caution against unsolicited cryptocurrency investment opportunities.
• Report suspicious activity to relevant law enforcement agencies.

📉 Threat Landscape & Trends

The current threat landscape is characterized by a high volume of critical vulnerabilities and targeted attacks. Zero-day exploits, both newly leaked and actively exploited for months, underscore the persistent challenge of rapid patching and the need for proactive threat hunting. Supply chain attacks remain a potent vector, as demonstrated by the CPUID compromise, allowing threat actors to distribute malware through trusted channels. Furthermore, nation-state actors continue to demonstrate a clear intent to target critical infrastructure's Operational Technology (OT), highlighting the escalating risks to essential services. Concurrently, the sheer scale of international cryptocurrency fraud points to a pervasive financial crime ecosystem, demanding continued vigilance and cross-border law enforcement cooperation.

📌 Strategic Takeaway

Organizations must adopt an aggressive, layered defense strategy focused on accelerated vulnerability management, rigorous supply chain security validation, and robust segmentation of critical IT/OT infrastructure to mitigate the immediate and evolving threats from zero-day exploits, sophisticated supply chain attacks, and nation-state targeting.

---

🔗 References

1. Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast
2. Adobe Patches Reader Zero-Day Exploited for Months
3. CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
4. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
5. Over 20,000 crypto fraud victims identified in international crackdown