Today’s security briefing tracks three concrete stories shaping the day: Microsoft’s April Patch Tuesday, a campaign of 100+ malicious Chrome extensions stealing tokens and sessions, and access-governance failures at Kraken and McGraw-Hill.
Top line: The strongest signal this morning is not one ransomware brand. It is the same control debt appearing across multiple incidents: urgent patching, browser-session theft, and access that survives longer than it should.
Microsoft released fixes for 167 vulnerabilities in April 2026, including two zero-days. One of them, a SharePoint Server spoofing vulnerability, was already exploited in the wild. Microsoft also shipped fixes for critical Office remote-code-execution bugs and a Defender privilege-escalation issue that updates through the antimalware platform.
Researchers at Socket linked over 100 malicious Chrome Web Store extensions to one coordinated campaign. The extensions reportedly stole Google OAuth2 bearer tokens, harvested account data, hijacked Telegram Web sessions, and fetched remote commands in the background. That is not “just a browser add-on” risk. It is identity, session, and trust abuse inside the user’s already authenticated environment.
Kraken said an extortion group is threatening to release videos of internal systems after improper access by support employees exposed limited customer-support data affecting roughly 2,000 accounts. McGraw-Hill separately said attackers accessed limited internal data through a Salesforce-hosted webpage misconfiguration, while ShinyHunters claimed a much larger haul. The exact blast radius differs, but the pattern is the same: support workflows and hosted business systems often keep more trust than teams think.
Bottom line: Today’s stories all point to the same operational truth. Attackers are winning in the gap between nominal control and verified control, between “patched” and actually fixed, between “logged in” and truly trusted, between “temporary access” and lingering privilege.
KENSAI helps teams verify exposed trust paths, patch coverage, and internet-facing security reality before attackers turn drift into leverage.
Start Free Scan →Stay sharp.
🗡️ KENSAI Security Team