Daily Threat Briefing – April 26, 2026

**Executive Summary:** This briefing reports critical, actively exploited threats: a persistent FIRESTARTER backdoor compromising Cisco Firepower/ASA devices despite patches; Russian military-linked exploitation of legacy routers to mass-harvest Microsoft Office authentication tokens; and four actively exploited vulnerabilities added to CISA's KEV with federal patching deadlines — alongside multiple APT campaigns targeting U.S. government and defense and rising AI-enabled personalized phishing, with urgent recommendations for forensic hunts, patching, network audits, access controls, and AI agent governance.