Too many flaws, not enough time.
NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels.
Today is Thursday April 16th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
NIST deals with an NVD backlog.
The US National Vulnerability Database (NVD), operated by the National Institute of Standards and Technology (NIST), is shifting to a risk-based prioritization model after a sharp surge in reported vulnerabilities outpaced its processing capacity. CVE submissions rose 263% between 2020 and 2025, and early 2026 reporting is already about one-third higher than the same period last year. Although the NVD enriched nearly 42,000 CVEs in 2025, officials say the backlog continues to grow.
Under the new approach, the NVD will stop enriching vulnerabilities reported before March 1, 2026, unless specifically requested. Priority will go to vulnerabilities affecting US federal systems, software identified as critical under Executive Order 14028, and entries on CISA’s Known Exploited Vulnerabilities list. Other CVEs will still be listed but marked “Not Scheduled.”
The NVD will also reduce duplicate severity scoring and limit reanalysis of modified CVEs, focusing resources on high-impact risks as vulnerability discovery accelerates, partly driven by AI-based tools.
Cisco patches four critical Webex vulnerabilities.
Cisco has released patches for four critical vulnerabilities affecting its Webex Services platform and Identity Services Engine (ISE), including a high-risk single sign-on (SSO) flaw tracked as CVE-2026-20184. The Webex issue stemmed from improper certificate validation in Control Hub integration and could allow unauthenticated remote attackers to impersonate users and access legitimate services. Although Cisco fixed the flaw server-side, customers using SSO must upload a new SAML certificate to prevent service disruption.
Cisco also addressed three critical ISE vulnerabilities that could allow attackers with administrative credentials to execute arbitrary operating system commands. In addition, ten medium-severity issues were patched, including flaws enabling authentication bypass, privilege escalation, and denial-of-service conditions. Cisco said it has no evidence of active exploitation so far.
Splunk patches multiple issues.
Splunk has released security updates addressing vulnerabilities in Splunk Enterprise, Cloud Platform, MCP Server, and several third-party components. A high-severity flaw, CVE-2026-20204, could allow low-privileged users to upload malicious files and achieve remote code execution due to improper handling of temporary files. Another high-severity issue, CVE-2026-20205, exposed session and authorization tokens in clear text under limited access conditions. Splunk also patched two medium-severity issues affecting username formatting and data model settings. No active exploitation has been reported. Users are urged to upgrade to supported fixed versions.
Researchers identify a “critical, systemic” vulnerability in Anthropic’s open source Model Context Protocol.
Security researchers at Ox Security have identified a “critical, systemic” vulnerability in Anthropic’s open source Model Context Protocol (MCP) that could enable arbitrary command execution across affected systems. The issue stems from the protocol’s STDIO interface, which executes commands even if a server process fails to start, potentially exposing sensitive data, API keys, databases, and chat histories. Researchers say the behavior is embedded in MCP software development kits across multiple programming languages and may affect over 200 open source projects and up to 200,000 instances.
Anthropic reportedly described the behavior as expected and placed responsibility for sanitization on developers. Ox Security issued more than 30 disclosures to affected projects. Experts warn organizations using MCP should treat the issue as a serious supply chain risk.
ShinyHunters leaks 13.5 million McGraw Hill user accounts.
The ShinyHunters extortion group has leaked data linked to 13.5 million McGraw Hill user accounts after exploiting a misconfiguration in the company’s Salesforce environment earlier this month. McGraw Hill confirmed unauthorized access to a limited dataset from a Salesforce-hosted webpage but said its Salesforce accounts, courseware, customer databases, and internal systems were not affected. According to Have I Been Pwned, more than 100GB of leaked files include email addresses and, in some cases, names, phone numbers, and physical addresses. The attackers had previously claimed to steal up to 45 million records and threatened to release them unless a ransom was paid. The exposed data could enable spear-phishing targeting customers. ShinyHunters also reportedly leaked separate data from Rockstar Games’ Snowflake environment.
Cybercriminal groups targeting transportation and logistics firms to enable cargo theft.
Cybercriminal groups are increasingly targeting transportation and logistics firms with malware campaigns designed to enable cargo theft through credential compromise and remote system control. According to Proofpoint, attackers commonly deploy remote monitoring and management (RMM) tools after phishing victims with malicious Visual Basic Script attachments disguised as broker agreements. These tools allow threat actors to access freight platforms, redirect shipments, and monetize stolen goods.
In a recent campaign, researchers observed a small threat group using 13 PowerShell scripts to gather credentials, extract browser data, and search for financial assets such as PayPal accounts and cryptocurrency wallets. The attackers also installed multiple RMM tools, including ScreenConnect, Pulseway, and SimpleHelp, emphasizing persistence and redundancy. Notably, they used a fraudulent code-signing service to disguise malware installers and evade detection.
Researchers estimate cargo-theft cyber activity contributes to roughly $35 billion in annual global losses, with multiple threat groups actively targeting the sector.
A Tennessee hospital ransomware breach affects over 337,000.
Cookeville Regional Medical Center in Tennessee disclosed a ransomware-related data breach affecting more than 337,000 individuals after attackers accessed and stole files in July 2025. Compromised data may include names, Social Security numbers, driver’s license details, financial information, and medical records. The Rhysida ransomware group later listed the data for sale for 10 bitcoin, then reportedly released it publicly after failing to find a buyer. The hospital said it has no evidence of misuse so far, though identity-theft risks remain significant.
Two U.S. nationals are in prison for helping fake North Korean remote IT workers.
Two U.S. nationals have been sentenced to prison for helping North Korean remote IT workers fraudulently obtain jobs at more than 100 U.S. companies, including Fortune 500 firms. Between 2021 and 2024, Kejia Wang and Zhenxing Wang generated over $5 million for the North Korean government by enabling workers to use stolen identities from more than 80 Americans. The scheme involved shell companies, fake websites, financial accounts, and hosting company-issued laptops inside the United States to mask foreign access to corporate networks. Prosecutors said the operation exposed U.S. systems and supported North Korea’s weapons programs. Kejia Wang received a 108-month sentence, and Zhenxing Wang received 92 months. Authorities continue pursuing additional suspects tied to the operation.
OpenAI lets security teams take off the training wheels.
For years, cybersecurity defenders have played a familiar game: attackers need one open door, defenders need to check every window, vent, and suspicious-looking broom closet. Now OpenAI says it would like to loan defenders a better flashlight.
Enter GPT-5.4 Cyber, a specialized version of its flagship model built not for polite chatbot duties, but for serious defensive work like malware analysis and binary reverse engineering, tasks most AI tools usually avoid like awkward small talk at conferences. Access is restricted to verified professionals through OpenAI’s Trusted Access for Cyber program, part of a broader push to prepare defenders for faster-arriving, more capable AI on both sides of the keyboard.
The timing is deliberate. Rival models are already uncovering decades-old vulnerabilities at scale, which suggests attackers will not be standing still. OpenAI’s bet is simple: give more defenders sharper tools now, before the next wave arrives uninvited.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry. Learn how at n2k.com.
N2K’s lead producer is Liz Stokes. We’re mixed by Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.
