A busy week: an insider at a ransomware negotiation firm pleads guilty to feeding BlackCat the exact numbers they needed, an over-permissioned AI tool turns into a Vercel breach, Microsoft and Oracle both drop massive patch loads, a new ransomware gang experiments with post-quantum encryption, and NIS2 enforcement goes live across the EU.
Key Takeaways#
- A Florida man working as a ransomware negotiator pleaded guilty to secretly sharing victims’ insurance limits and negotiation strategies with BlackCat, enabling over $75 million in ransoms across multiple attacks
- Vercel was breached via Context.ai after an employee granted an AI productivity tool broad OAuth permissions; the attack chain started with a Lumma Stealer infection in February
- Microsoft’s April Patch Tuesday addressed 163 CVEs including an actively exploited SharePoint zero-day (CVE-2026-32201) and a CVSS 9.8 RCE in Windows IKE
- Kyber ransomware is targeting Windows and VMware ESXi; the Windows variant genuinely implements Kyber1024 post-quantum key encapsulation, the ESXi variant does not despite claiming to
- Oracle patched 481 vulnerabilities this month, more than 300 of them remotely exploitable without authentication
- April 18 was the NIS2 enforcement milestone across the EU; organizations in scope now need documented controls ready for inspection and must meet a three-stage incident reporting timeline: 24-hour early warning, 72-hour full notification, 30-day final report
The Negotiator Who Was Working Both Sides#
The ransomware negotiation business runs on trust. Victims hire firms to act as intermediaries, believing those negotiators are working to drive the ransom down and protect their interests. That is not what Angelo Martino was doing.
Martino, 41, of Land O’Lakes, Florida, pleaded guilty this week to conspiracy charges after admitting he fed BlackCat (ALPHV) the insurance policy limits and internal negotiation positions of five victims his firm, DigitalMint, was hired to protect. He did this without his employer’s knowledge or the clients’ consent. BlackCat used the information to extract the maximum possible ransom from each target.
Total ransoms across the insider-assisted attacks exceeded $75 million. Two individual payments topped $25 million each. Martino faces up to 20 years at sentencing on July 9. Law enforcement seized cryptocurrency, vehicles, a food truck, and a luxury fishing boat purchased with the proceeds.
Two other negotiators from DigitalMint and Sygnia are charged alongside him.
The takeaway isn’t just that Martino was corrupt. It’s that ransomware negotiation firms sit at an extraordinarily sensitive intersection of victim strategy, insurance data, and attacker access, and there is no standardized vetting, credentialing, or oversight for them. Hiring a negotiator requires the same due diligence you’d apply to any vendor with access to your most sensitive financial positions. Most organizations don’t treat it that way.
An Employee Clicked “Allow All” and Vercel Got Breached#
On April 19, Vercel disclosed a security incident that started with Context.ai, a third-party AI productivity tool, and ended with an attacker enumerating and decrypting Vercel environment variables. A threat actor is now claiming $2 million for the stolen data.
The attack chain: in February, a Context.ai employee got infected with Lumma Stealer while downloading Roblox exploit scripts. That infection gave attackers access to Context.ai’s systems. A Vercel employee had signed up for Context.ai using their enterprise account and granted the tool broad OAuth permissions. Vercel’s internal configurations allowed that grant to extend into the enterprise Google Workspace. From there, the attacker pivoted into Vercel’s environment.
Vercel confirmed no npm packages were compromised. The investigation involved Microsoft, GitHub, npm, and Socket.
Trend Micro’s analysis frames this correctly: the vulnerability wasn’t a zero-day. It was OAuth permissions that were too broad, an enterprise configuration that shouldn’t have allowed individual sign-ups to access workspace-level resources, and a third-party tool that didn’t have sufficient security posture for the level of access it was granted.
The question every organization should be asking right now: which of your employees has granted an AI productivity tool access to your enterprise Google Workspace, Microsoft 365, or Slack? The answer is probably “more than you think,” and the permissions are probably broader than you’ve reviewed.
April Patch Tuesday: 163 CVEs, One Being Actively Exploited Right Now#
Microsoft’s April 2026 Patch Tuesday is substantial. 163 CVEs patched. The one that matters most is already being used against real targets.
CVE-2026-32201 is a SharePoint Server Spoofing vulnerability being actively exploited in the wild. Unauthenticated remote attackers can exploit it with no user interaction required and low attack complexity. If you run SharePoint on-premises, this is not a “patch during the next maintenance window” situation.
Also in this release:
- CVE-2026-33824: CVSS 9.8. Remote code execution in Windows Internet Key Exchange (IKE) Service Extensions via a double-free flaw. No authentication, no user interaction required.
- CVE-2026-33826: Critical RCE in Windows Active Directory via malformed RPC calls. Requires an authenticated attacker, which is still a realistic threat model in any environment with phishing exposure.
- CVE-2026-33827: Critical RCE in Windows TCP/IP via race condition. CVSS 8.1.
Cisco Talos and CrowdStrike both have detailed breakdowns if you need to triage for your environment.
A New Ransomware Gang Is Testing Post-Quantum Encryption. One Variant Actually Works.#
Kyber ransomware is targeting Windows and VMware ESXi environments, and it’s advertising post-quantum encryption as a feature. Rapid7 analyzed two variants recovered during a March 2026 incident response, and the reality is more interesting than the headline.
The Windows variant, written in Rust, genuinely implements Kyber1024 and X25519 for key protection. That aligns with the post-quantum claims in the ransom note. The ESXi variant tells a different story: it advertises Kyber1024 but actually uses ChaCha8 for file encryption and RSA-4096 for key wrapping. The post-quantum branding on the Linux side is marketing, not math.
The ESXi variant includes datastore encryption, optional VM termination, and defacement of management interfaces. Both variants were deployed on the same network, targeting Windows file servers and VMware infrastructure simultaneously.
The operational significance of the Windows variant is real. If ransomware key material is wrapped with Kyber1024, law enforcement and incident responders lose a recovery path they’ve historically relied on: the eventual possibility of decrypting seized keys as cryptographic capability improves. Post-quantum key encapsulation closes that door. The ESXi variant lying about its crypto is arguably more telling than the Windows variant telling the truth: this gang understands that post-quantum claims have marketing value, which tells you something about where the threat landscape is heading even when the implementation isn’t fully there yet.
Oracle’s April CPU: 481 Patches, 300+ Without Authentication Required#
Oracle’s April 2026 Critical Patch Update includes 481 new security patches across Oracle product lines. More than 300 address vulnerabilities that are remotely exploitable without authentication.
Oracle CPUs come out quarterly and routinely get deprioritized because Oracle environments are often treated as stable infrastructure that’s patched on long cycles. That’s the wrong model. Three hundred unauthenticated remote vulnerabilities in a single release are a significant attack surface, and Oracle database and middleware products are consistently targeted in enterprise breaches.
If you manage Oracle infrastructure, the CPU is out. The patch window needs to move up.
NIS2 Enforcement Is Live. No More Transition Period.#
April 18 was the enforcement milestone for NIS2 across the EU. Organizations in scope are now expected to have documented cybersecurity measures actively implemented and evidence ready for regulatory inspection.
NIS2 significantly expanded the scope of its predecessor. It covers essential and important entities across 18 sectors, mandates supply chain security assessments, and holds senior management personally accountable for compliance failures. The incident reporting requirements are more demanding than most organizations realize: an early warning to the relevant national authority within 24 hours of becoming aware of a significant incident, a full incident notification within 72 hours, and a final report within one month.
The transition period being over means enforcement actions can now follow. For EU-based organizations or companies with EU operations that haven’t completed their NIS2 gap assessments, the clock ran out this week.
Greymantle Risk Advisory publishes this weekly digest to keep security practitioners and business leaders current on what actually matters. If you want help thinking through how any of these developments affect your environment, reach out.