2026 Week 16 Privacy Threat Report

Reporting Period: April 13-19, 2026
Published: April 17, 2026

Executive Summary

This week has been particularly intense on the cybersecurity front. Microsoft released its largest Patch Tuesday update in recent memory, addressing 163 vulnerabilities including two zero-days under active exploitation. Meanwhile, the ShinyHunters ransomware group has continued its aggressive campaign, breaching both Rockstar Games and Ryan LLC within days of each other. The European Commission also fell victim to a supply-chain attack originating from a compromised build of Aqua Security's Trivy scanner.

🔴 Critical: Microsoft Patch Tuesday (April 2026)

Microsoft's April 2026 security update addresses 163 vulnerabilities, including 8 critical-severity flaws. Two zero-day vulnerabilities are being actively exploited:

Actively Exploited Zero-Days

CVE	Affected Product	Severity	Description
CVE-2026-32201	Microsoft SharePoint Server	Important	Spoofing vulnerability; CISA mandates patching by April 28, 2026
CVE-2026-33825	Microsoft Defender	Important	Elevation of Privilege; allows local privilege escalation

Critical RCE Vulnerabilities

CVE-2026-32157 - Remote Desktop Client Use-After-Free (RCE)
CVE-2026-33826 - Windows Active Directory (RCE via crafted RPC)
CVE-2026-33827 - Windows TCP/IP (RCE via specially crafted IPv6 packet)
CVE-2026-33824 - Windows IKE Service Extensions (RCE)
CVE-2026-32190 - Microsoft Office (RCE)
CVE-2026-33114/33115 - Microsoft Word (RCE)

Action Required: Organizations must prioritize patching SharePoint and Defender immediately, given active exploitation.

🎮 Rockstar Games Ransomware Attack

The ShinyHunters ransomware group claimed responsibility for an attack against Rockstar Games, the developer behind the highly anticipated Grand Theft Auto VI. The threat actors set an April 14 deadline for ransom payment, threatening to release sensitive data if demands were not met.

Rockstar Games confirmed the breach, stating that internal development materials were accessed. This incident follows a pattern of ShinyHunters targeting high-profile gaming companies.

Impact: Threat actors claim access to GTA VI development assets, internal communications, and source code.

🏢 Ryan LLC: 4.8 Million Records Exposed

On April 12, 2026, ShinyHunters also targeted Ryan LLC, a U.S.-based professional services firm. The attackers claim to have exfiltrated over 4.8 million Salesforce records containing:

Personally Identifiable Information (PII)
Internal corporate data
Client relationship data

This breach represents one of the largest single-data exfiltration incidents of 2026 so far.

💪 Basic-Fit Member Data Breach

Dutch fitness chain Basic-Fit disclosed a data breach affecting approximately 1 million members. The company stated that member account information was accessed by unauthorized parties. Details on the specific data compromised are still being investigated.

🏛️ European Commission Supply-Chain Breach

A supply-chain attack compromised the European Commission's cloud infrastructure. The attack vector was a modified build of Aqua Security's Trivy vulnerability scanner, which was distributed through official channels. Organizations that used the compromised Trivy version between the attack window may have had their systems exposed.

This incident highlights the growing sophistication of supply-chain attacks and the risks associated with trusted third-party software distribution.

🌐 Chrome Security Update (CVE-2026-6364)

Google released a security update for Chrome addressing CVE-2026-6364, an out-of-bounds read vulnerability in the Skia graphics library. This vulnerability could allow a remote attacker to perform actions beyond intended permissions through a crafted HTML page.

Affected Version: Chrome prior to latest update
Severity: Medium
Required Action: Users should immediately update their Chrome installations.

🔒 Qilin Ransomware: Targeting Die Linke

The Qilin ransomware group claimed responsibility for an attack against Die Linke, a major German political party. The attack forced an IT systems outage and threatened to leak sensitive political data. This follows a trend of ransomware groups increasingly targeting political organizations and critical infrastructure.

📊 Privacy Regulation Update: GDPR Enforcement

The European Data Protection Board (EDPB) announced a coordinated enforcement action regarding the implementation of the right to erasure. This action, launched in February 2026, signals intensified enforcement of data subject rights under GDPR.

Additionally, cumulative GDPR fines have now exceeded €7.1 billion, with €1.2 billion in fines issued in 2025 alone. Organizations should expect continued aggressive enforcement throughout 2026.

Recommendations

Patch Immediately: Prioritize Microsoft's April updates, especially SharePoint (CVE-2026-32201) and Defender (CVE-2026-33825)
Verify Trivy Installations: Check for modified Aqua Security Trivy builds in your environment
Update Chrome: Ensure all Chrome installations are running the latest version
Monitor for ShinyHunters Activity: Review Salesforce access logs and implement additional monitoring
Review GDPR Compliance: Ensure right-to-erasure requests are being handled properly

Conclusion

The security landscape this week underscores the importance of timely patching, supply-chain security vigilance, and robust incident response capabilities. With two major zero-days under active exploitation and ransomware groups continuing to target high-value organizations, security teams must remain on high alert.

Monitor our tools for protective measures:

Browser Fingerprint Checker - Verify your browser's security posture
DNS Leak Test - Ensure your DNS queries are not leaking

This report will be updated as new information becomes available.