Daily Threat Briefing – April 20, 2026

Threat briefing: Multiple high-severity, active threats are reported — including two unpatched Microsoft Defender zero-days under active exploitation, a public proof-of-concept remote code execution vulnerability in protobuf.js posing supply-chain risk, Russian state-linked mass harvesting of Microsoft Office authentication tokens via router exploits, and APT28 targeting Ukrainian government entities through Roundcube webmail. The report also identifies unmanaged service accounts and forgotten API keys as the source of 68% of cloud breaches in 2024 and issues an urgent set of mitigations (patching, credential inventory/rotation, EDR/PAM deployment, and supply-chain audits).