HomeIntelligenceBrief
🔓 BREACH BRIEF🟠 High🔍 ThreatIntel

Malwarebytes Weekly Threat Roundup (April 13‑19) Highlights Phishing Surge, Booking.com Breach, and Active Zero‑Day Exploits

Malwarebytes Labs flagged a spike in phishing scams impersonating shipments, iCloud, Slack, and YouTube, disclosed a Booking.com data breach, and warned of two zero‑day vulnerabilities actively exploited in the wild. The mix of social‑engineering and technical attacks raises immediate third‑party risk for organizations that rely on these services.

🛡️ LiveThreat™ Intelligence · 📅 April 21, 2026· 📰 malwarebytes.com
🟠
Severity
High
🔍
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
malwarebytes.com

Malwarebytes Weekly Threat Roundup (April 13‑19): Surge in Phishing Scams, Zero‑Day Exploits, and Booking.com Data Breach

What Happened — Malwarebytes Labs identified a wave of active phishing campaigns (shipment‑arrival, iCloud‑storage, fake Slack, fake YouTube copyright notices) and disclosed a recent Booking.com breach that exposed guest data. The week also featured two actively‑exploited zero‑day vulnerabilities (Adobe Reader and an unnamed Windows flaw) and the rise of the Omnistealer infostealer leveraging blockchain.

Why It Matters for TPRM

  • Phishing attacks increasingly impersonate trusted services (e‑commerce, cloud storage, collaboration tools), raising credential‑theft risk for third‑party users.
  • The Booking.com breach illustrates how a single vendor compromise can provide attackers with data to target downstream partners and customers.
  • Zero‑day exploits in widely deployed software (Adobe Reader, Windows) can be weaponized against any organization that relies on these products, bypassing traditional patch‑management controls.

Who Is Affected — Retail/e‑commerce (Booking.com), SaaS/cloud services (iCloud, Slack, Proton VPN), enterprise users of Windows and Adobe products, and any organization handling guest or customer payment data.

Recommended Actions

  • Review all third‑party contracts for exposure to the listed vendors and confirm they have applied the latest patches (Adobe Reader, Windows).
  • Enforce multi‑factor authentication and phishing‑resistance training for users who access cloud storage, collaboration platforms, and travel booking services.
  • Validate that vendors have incident‑response plans for data‑breach notifications and that breach‑related data (e.g., Booking.com guest lists) is being monitored for credential‑stuffing attacks.

Technical Notes

  • Phishing vectors: spoofed “Your shipment has arrived”, “iCloud storage is full”, fake Slack download, and counterfeit YouTube copyright notices.
  • Zero‑day CVEs: two undisclosed Windows flaws (active exploitation) and an Adobe Reader remote‑code‑execution vulnerability triggered by opening a malicious PDF.
  • Malware: Omnistealer infostealer uses blockchain for C2; Windows infostealer distributed via fake Proton VPN sites and gaming mods.

Source: Malwarebytes Labs – A week in security (April 13‑19)

📰 Original Source
https://www.malwarebytes.com/blog/news/2026/04/a-week-in-security-april-13-april-19

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →