2026 Week 15 Privacy Threat Report

Report Period: April 6-12, 2026
Published: April 13, 2026

Executive Summary

Week 15 of 2026 has been marked by significant cybersecurity incidents across multiple sectors. A critical Fortinet vulnerability (CVE-2026-35616) was added to CISA's Known Exploited Vulnerabilities catalog, Google's fourth Chrome zero-day of 2026 was patched, and major data breaches affected healthcare, cryptocurrency, and AI sectors.

Key Statistics:

15+ major security incidents recorded
2 critical zero-day vulnerabilities actively exploited
$280M+ in cryptocurrency losses (Drift Protocol)
56,000+ patients' data exposed (Hong Kong Hospital Authority)
2.9M accounts compromised (SongTrivia)

Critical Vulnerabilities

CVE-2026-35616 - Fortinet FortiClient EMS

Severity: Critical (CVSS N/A)
Status: Actively Exploited
Disclosure Date: April 4, 2026
CISA KEV Added: April 6, 2026

Fortinet released an out-of-band patch for a critical improper access control vulnerability in FortiClient Enterprise Management Server (EMS). The vulnerability allows pre-authentication remote code execution (RCE) and was being actively exploited in the wild before the patch was released.

Affected Versions: FortiClient EMS 7.4.5 and 7.4.6

Recommendations:

Immediately update to Fortinet's patched version
Review Fortinet security bulletin FG-IR-26-099
Implement network segmentation for endpoint management systems

CVE-2026-5281 - Google Chrome Zero-Day

Severity: Critical
Status: Actively Exploited
Disclosure Date: April 1, 2026
Patch Released: April 7, 2026

Google confirmed active exploitation of a zero-day vulnerability in Chrome's WebGPU component (Dawn layer). This marks Chrome's fourth zero-day exploit of 2026, affecting an estimated 3.5 billion users worldwide.

Impact: Full device compromise possible through malicious web pages

Recommendations:

Update Chrome immediately to latest version
Consider using Chromium-based browsers with automatic updates enabled
Enable Chrome's Enhanced Protection mode

Major Data Breaches

ChipSoft Ransomware Attack (Healthcare - Netherlands)

Date: April 7, 2026
Impact: Disruption of healthcare services

ChipSoft, a Netherlands-based healthcare software firm providing patient record software to most facilities in the country, suffered a ransomware attack that took their website offline. Z-CERT confirmed the attack. The full extent of data compromise is under investigation.

Hong Kong Hospital Authority Data Breach

Date: April 2026
Impact: 56,000+ patients' data exposed

The Hospital Authority detected unauthorized access to patient information that was leaked on a third-party platform. Exposed data includes:

Patient names
Genders
Dates of birth
Dates of visits
Surgical procedure details

Mercor AI Data Breach

Date: April 2026
Impact: Training data exposed

Mercor, an AI company providing training data for OpenAI and Anthropic, reported a breach of their open-source project LiteLLM (created by Berrie AI). The breach exposed Slack data and videos of conversations between contractors and the AI system.

Drift Protocol - $280M Hack

Date: April 1, 2026
Impact: $280 million in user assets lost

Drift Protocol, a cryptocurrency futures and options trading platform, discovered an attack that had been planned for at least six months. The hack resulted in losses exceeding $280 million in user assets.

SongTrivia Data Breach

Date: April 2026
Impact: 2.9 million accounts compromised

SongTrivia, a Seattle-based entertainment company, discovered their data had been published on a breach forum following a ransomware attack. Exposed data includes:

2.9 million account credentials
Email addresses
Auth tokens
Passwords and usernames

Ransomware Groups Activity

Everest Ransomware - Nissan

Date: April 1, 2026
Victim: Nissan (Renault-Nissan-Mitsubishi Alliance)

The Everest ransomware group claimed responsibility for attacking Nissan. The Japanese automaker is part of the Renault-Nissan-Mitsubishi Alliance. The scale and nature of compromised data remain undisclosed.

Interlock Ransomware Group

Active this week with attacks on:

Alamo Heights School District (Texas)
The Center for Hearing & Speech (Healthcare)

Worldleaks Ransomware Group

Active this week with attacks on:

National Aerospace Fasteners (Taiwan - Aerospace/Manufacturing)

Healthcare Sector Alert

Healthcare organizations were heavily targeted this week with multiple ransomware incidents:

ChipSoft (Netherlands)
Gritman, Mosco, and Idaho (USA)
The Center for Hearing & Speech (USA)
Hong Kong Hospital Authority (data breach)

Security Recommendations

Immediate Actions

Patch Fortinet FortiClient EMS to latest version
Update Chrome to latest version (148.0.7778.5 or later)
Review endpoint management security configurations
Audit third-party platform access permissions

Ongoing Security Hygiene

Enable automatic updates for all software
Implement network segmentation for critical systems
Regular backup verification and offline backups
Monitor for unusual network traffic patterns
Implement multi-factor authentication everywhere

Browser Security

Use our tools to check your browser's security posture:

Browser Fingerprint Test - Check if your browser leaks identifying information
DNS Leak Test - Verify your DNS queries are properly secured

Conclusion

Week 15 2026 demonstrates the continued high-threat environment in cybersecurity. Organizations must prioritize:

Rapid patching of actively exploited vulnerabilities
Enhanced monitoring of endpoint management systems
Healthcare sector security improvements
Cryptocurrency platform security audits

Stay vigilant and keep systems updated.

Report generated: April 13, 2026
Data sources: CISA, Fortinet, Google, Z-CERT, industry threat intelligence