Daily Threat Briefing – April 22, 2026

**Executive Summary:** The briefing reports critical, actively exploited threats including Russian state-linked harvesting of Microsoft Office authentication tokens via compromised routers, active remote code execution vulnerabilities in Catalyst SD‑WAN Manager and Bomgar RMM, weaponization of Windows Defender (BlueHammer), and an ongoing Gentlemen ransomware campaign with 1,570+ confirmed victims; it urges immediate patching, forensic hunting for SystemBC and APT token IoCs, and emergency containment actions across government, technology, finance, and healthcare sectors.