Daily Threat Briefing – April 27, 2026

This briefing reports multiple high-severity threats: the FIRESTARTER backdoor persisting on federal Cisco Firepower/ASA devices despite patches; Russian military-intelligence actors harvesting Microsoft Office authentication tokens via compromised routers; China-linked APT GopherWhisper using Go-based backdoors and spear-phishing against government targets; four actively exploited CISA KEV vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9, and D-Link routers with a May 2026 federal patch deadline; and UNC6692 distributing the multi-component 'Snow' malware via Microsoft Teams. The report urges immediate auditing and forensic review of affected devices, emergency patching and replacement of unsupported routers, enforcement of MFA and conditional access, enhanced threat hunting for IoCs, and tightened Teams/extension controls.