TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Weekly Threat Bulletin – April 1st, 2026

2026-04-01 · Read original ↗

ATT&CK techniques detected

15 predictions
T1190Exploit Public-Facing Application
90%
“##flow - flaw - actively - exploited - to - hijack - ai - workflows / https : / / www. infosecurity - magazine. com / news / hackers - exploit - critical - langflow / https : / / www. techzine. eu / news / security / 139999 / langflow - rce - flaw - exploited - within - hours - c…”
T1012Query Registry
85%
“##caremed [. ] com, gateway. filen. io, ingest. filen. io, and egest. filen. io. - use your edr or endpoint scanning tools to search all systems for the file hash sha256 : aefd15e3c395edd16ede7685c6e97ca0350a702ee7c8585274b457166e86b1fa. - use your edr or endpoint scanning tools …”
T1566.002Spearphishing Link
85%
“includes regular phishing simulations, focusing on educating users to identify and report suspicious emails with attachments or links. https : / / buaq. net / go - 399399. html https : / / cyberinsider. com / apt28 - revives - advanced - malware - toolkit - used - in - cyber - es…”
T1486Data Encrypted for Impact
77%
“storage ( nas ) devices. exploitation of this memory corruption could lead to ransomware deployment, sensitive data theft, or using the compromised nas as a pivot point for further network attacks. affected versions include dsm 7. 3, 7. 2. 2, 7. 2. 1, and dsmuc 3. 1, with patches…”
T1053.005Scheduled Task
67%
“weekly threat bulletin – april 1st, 2026 pawn storm campaign deploys prismex, targets government and critical infrastructure entities the pawn storm ( apt28 ) campaign, active since september 2025 and escalating in january 2026, deploys the modular prismex malware suite to target…”
T1071.001Web Protocols
65%
“##fdoor operates with a passive backdoor component that installs a bpf filter to detect magic packets and spawn a remote shell, alongside a controller that sends these packets and can operate within the victim ' s environment to facilitate lateral movement. advanced variants of b…”
T1588.006Vulnerabilities
62%
“discover - ios - exploit - kit / https : / / gbhackers. com / apple - releases - emergency - ios - 15 - 8 - 7 - update / https : / / gbhackers. com / iphone - hacking - toolkit - may - have - originated - in - the - u - s / https : / / gbhackers. com / thousands - of - iphones - …”
T1190Exploit Public-Facing Application
60%
“##s. com / synology - diskstation - manager - vulnerability / https : / / sploitus. com / exploit? id = b6e4e8d1 - b299 - 56a2 - 9043 - 5fbf111f3729 https : / / thehackernews. com / 2026 / 03 / critical - telnetd - flaw - cve - 2026 - 32746. html https : / / www. cyberkendra. com…”
T1566.001Spearphishing Attachment
52%
“includes regular phishing simulations, focusing on educating users to identify and report suspicious emails with attachments or links. https : / / buaq. net / go - 399399. html https : / / cyberinsider. com / apt28 - revives - advanced - malware - toolkit - used - in - cyber - es…”
T1190Exploit Public-Facing Application
48%
“- 5650 - add1 - 0a440f38d03b https : / / sploitus. com / exploit? id = 81f563ea - f160 - 582d - aaa5 - d5964e5ef53e https : / / support. apple. com / en - us / 126632 https : / / thehackernews. com / 2026 / 03 / apple - issues - security - updates - for - older. html https : / / …”
T1588.006Vulnerabilities
44%
“beardshell - and - covenant. html https : / / www. helpnetsecurity. com / 2026 / 03 / 10 / sednit - espionage - toolkit - stealing - data / https : / / www. scworld. com / brief / russian - phishing - campaign - hits - ukraine - with - novel - malware https : / / www. securitylab…”
T1598.002Spearphishing Attachment
37%
“includes regular phishing simulations, focusing on educating users to identify and report suspicious emails with attachments or links. https : / / buaq. net / go - 399399. html https : / / cyberinsider. com / apt28 - revives - advanced - malware - toolkit - used - in - cyber - es…”
T1190Exploit Public-Facing Application
36%
“espionage into broader cybercriminal use, underscoring the importance of immediate ios updates and activating lockdown mode for defense. severity : critical threat details and iocs mitigation advice - force an immediate update of all corporate - managed iphones to the latest avai…”
T1204.002Malicious File
33%
“weekly threat bulletin – april 1st, 2026 pawn storm campaign deploys prismex, targets government and critical infrastructure entities the pawn storm ( apt28 ) campaign, active since september 2025 and escalating in january 2026, deploys the modular prismex malware suite to target…”
T1080Taint Shared Content
31%
“storage ( nas ) devices. exploitation of this memory corruption could lead to ransomware deployment, sensitive data theft, or using the compromised nas as a pivot point for further network attacks. affected versions include dsm 7. 3, 7. 2. 2, 7. 2. 1, and dsmuc 3. 1, with patches…”

Summary

These are the top threats you should know about this week.