Risks This Week — 2026-04-03
The pattern this week was simple: teams are still over-trusting the systems they depend on most. Trusted login flows, trusted tooling, and trusted mobile devices all stayed inside the real attack surface.
What stood out this week
Trusted Microsoft login flows are being weaponized
Device-code phishing is getting easier to operationalize, which means attackers can abuse legitimate prompts and token flows instead of building noisy fake portals.
Exploited vulnerabilities are outrunning routine patch lanes
CISA’s KEV additions, including active exploitation tied to Trivy, reinforced that exploit reality should drive priority faster than ordinary maintenance cycles.
Mobile patching is still business risk management
Apple’s expanded protections against active iPhone exploitation were a reminder that executive and admin phones are part of continuity and identity risk.
1 Action Step
Pick one trusted system this week and test whether your team is over-trusting it. If abuse could look legitimate long enough to pass unnoticed, the control story is not strong enough yet.
Want the full breakdown?
The full weekly brief on Substack includes the ranked synthesis, business impact framing, and practical response guidance behind these signals.
Click the link below this card on the page.