Weekly Cyber Update: 17 April 2026

The Cyber Threat Intelligence Briefing is a weekly round-up of the latest cybersecurity news, trends and indicators, curated by our CISO, Nick Harris. Here’s our pick of the top stories, and why you should care.

---

Systemic MCP vulnerability could have “massive” supply chain consequences

Ox Security has published details of a critical vulnerability in Anthropic’s model context protocol (MCP) which could have a major impact on the AI supply chain. MCP has become a vital way for models to connect with external data and systems. But the newly discovered flaw could allow arbitrary command execution.

Why it matters

Exploitation could allow threat actors to access sensitive user data internal databases, API keys, and chat histories, as well as complete takeover of a targeted system. Anthropic has refused to fix the flaw at an architectural level, which pushes responsibility down to developers. Ox Security claims over 200 open source projects, 150 million downloads, 7000+ publicly accessible servers and up to 200,000 vulnerable instances may be exposed.

Assured’s recommended action

Audit for use of MCP-based tools in the organisation. Upgrade affected services to the latest versions. If one doesn’t exist, consider disabling until it’s patched. Run MCP-powered services in a sandbox so exposed services can’t reach external databases, configurations and API keys. Only install MCP servers from official sources like the GitHub MCP Registry. Block public IP access to sensitive services like LLM and AI enablers.

---

OpenAI follows Anthropic with vulnerability-hunting GPT‑5.4 model

Following the much-publicised launch of Anthropic’s Mythos Preview last week, OpenAI has showcased ChatGPT 5.4. Like its rival, OpenAI is not putting the model on general release. That’s partly because it deems the technology too powerful at finding novel vulnerabilities in products. This could be an aid to both attackers and defenders.

Why it matters

There will inevitably be a democratisation of these capabilities in time – either from leaks or open source/Chinese alternatives. This will effectively collapse the exploit window for network defenders to patch, and could lead to an influx of vendor fixes. Vulnerability discovery-as-a-service may become a new offering on the cybercrime underground.

Assured’s recommended action

Update patch management programmes with a focus on continuous and automated risk-based patching. AI-powered vulnerability discovery tools will help you to find and fix bugs before your adversaries. Strong safeguards are a must to avoid operational disruption. The AI Security Institute and NCSC also recommend a focus on best practices: accurate asset inventories, robust access controls, secure configuration and comprehensive logging.

---

Adobe releases patch for exploited zero-day vulnerability

Adobe has released an emergency update to fix a high-severity zero-day vulnerability that has been exploited in the wild since at least December 2025. CVE-2026-34621 is a “prototype pollution” vulnerability in Adobe Acrobat Reader with a CVSS score of 8.6. It enables hackers to circumvent Adobe’s security sandbox to read and steal files and take full control of a victim’s machine. Affected versions are:

• Acrobat DC versions 26.001.21367 and earlier
• Acrobat Reader DC versions 26.001.21367 and earlier
• Acrobat 2024 versions 24.001.30356 and earlier on Windows, and version 24.001.30360 on Mac

Why it matters

Researchers have discovered a “highly sophisticated, fingerprinting-style PDF exploit” for the vulnerability, which has been in use for months. No user interaction is required to trigger it aside from opening a malicious PDF.

Assured’s recommended action

Adobe recommends that users of affected versions update their applications through ‘Help > Check for Updates,’ which will update products automatically. Users can also download the full Acrobat Reader installer from the Acrobat Reader Download Center.

---

Critical WebEx flaw urgently requires customer attention

Cisco has patched a critical vulnerability in its Cisco Webex Services platform. CVE-2026-20184 is an improper certificate validation flaw with a CVSS score of 9.8 which impacts the single sign-on (SSO) integration with Control Hub. It could allow an unauthenticated, remote attacker to impersonate any user on the service.

Why it matters

Cisco has already patched the flaw, as WebEx is cloud-based. But customers are urged to take action to avoid service interruption.

Assured’s recommended action

Customers who use SSO integration must upload a new SAML certificate for their identity provider (IdP) to Control Hub, as per Cisco’s instructions. Organisations concerned about historic weaponisation of the flaw can ask their SecOps team to review WebEx access logs for unusual activity over the past month or so.