Daily Threat Briefing – April 25, 2026

The briefing details multiple concurrent, high-severity threats including a persistent FIRESTARTER backdoor compromising Cisco Firepower appliances in a U.S. federal agency, Russian military-linked harvesting of Microsoft Office authentication tokens via exploited routers, Chinese APT spear-phishing and custom C2 deployments (including Tropic Trooper/AdaptixC2), widespread AI-driven personalized phishing and FakeWallet credential theft on mobile platforms, and extortion/data-theft activity (ShinyHunters, BlackFile, Lazarus) — providing urgent mitigation steps such as device/firmware audits, patching/replacement of legacy routers, token revocation and MFA enforcement, endpoint scans for trojanized software, and user awareness actions.