This Week's Cyber Pulse β€” April 14, 2026

Your weekly intelligence brief for small and mid-size businesses. Sourced, rated, and written in plain English.

Threat Roundup

πŸ”΄ HIGH SEVERITY: Ransomware Surge Targeting SMB Cloud Storage

Ransomware groups have significantly shifted their primary attack vector over the past 60 days. The target: cloud storage buckets and file sync services used by small businesses β€” specifically misconfigured AWS S3, Azure Blob, and Google Cloud Storage instances, plus popular SMB-facing tools like Dropbox Business and SharePoint Online.

Why this matters: Unlike traditional ransomware that encrypted your local servers, this wave exfiltrates data first, then threatens public exposure if ransom isn't paid (double extortion). Your cyber insurance policy may not cover "reputational damage from data exposure" β€” check your coverage now.

What to do immediately:

  • Audit who has public access to your cloud buckets (AWS: S3 Block Public Access; Azure: Storage Account > Networking)

  • Enable versioning on all business-critical storage (allows rollback without paying ransom)

  • Review SharePoint and OneDrive sharing settings β€” "Anyone with the link" is the #1 misconfiguration

  • Confirm your cyber insurance policy explicitly covers cloud data exfiltration events

Severity: Critical | Affected: All SMBs with cloud storage | Source: Coalition Cyber Threat Report, CISA Advisory AA26-089A

🟑 MEDIUM SEVERITY: Microsoft 365 OAuth App Consent Abuse on the Rise

Threat actors are increasingly using Microsoft 365's OAuth app consent framework to gain persistent access to business email and file systems β€” without ever needing your password. The attack works by tricking employees into approving a malicious third-party app that requests broad email read/write permissions.

Once approved, the attacker has permanent access until the consent is revoked β€” and most IT teams never audit which third-party apps have been granted permissions.

What to do:

  • Review your Microsoft 365 tenant's approved apps: Admin Center > Azure Active Directory > Enterprise Applications

  • Enable "Admin consent required" for high-privilege scopes (Mail.ReadWrite, Files.ReadWrite.All)

  • Run a quarterly audit of third-party app permissions

Severity: Medium | Affected: Microsoft 365 Business users | Source: Microsoft Threat Intelligence, Proofpoint Q1 2026 Report

🟑 MEDIUM SEVERITY: Phishing Campaigns Impersonating Payroll Providers

A coordinated phishing campaign is targeting SMB finance teams by impersonating ADP, Gusto, and Paychex with fraudulent "payroll update required" emails. The goal: redirect payroll direct deposits to attacker-controlled accounts.

What to do:

  • Alert finance and HR teams immediately

  • Verify all payroll provider communications by calling the provider directly (not via numbers in the email)

  • Enable email authentication (DMARC/DKIM/SPF) on your domain

Severity: Medium | Affected: SMBs using third-party payroll | Source: FBI IC3 Alert, Cofense Intelligence

Compliance Deadline Watch

CMMC Level 2 β€” Rolling DoD Contract Requirements

If your company sells to the Department of Defense (directly or as a subcontractor), CMMC Level 2 certification is now a hard requirement for many contract renewals and new awards. The grace period that allowed self-attestation for Controlled Unclassified Information (CUI) handling is narrowing significantly.

Key dates:

  • Now: All new DoD contracts with CUI requirements mandate CMMC Level 2 planning documentation

  • Q3 2026: Third-party assessments (C3PAO) required for most Level 2 contracts

  • What to do: If you're in the defense supply chain, conduct a gap assessment against NIST SP 800-171 controls immediately. CyberStackHub's free Compliance Gap Tool covers the 110 NIST 800-171 practices.

HIPAA Security Rule Modernization β€” Comment Period

HHS published proposed updates to the HIPAA Security Rule (RIN 0945-AA22) with stronger technical safeguard requirements. While final rules aren't enacted yet, the proposed changes signal where covered entities and business associates need to invest.

Key proposed additions: mandatory encryption at rest, documented annual risk analyses, and MFA requirements for all ePHI access. Start building toward these controls now β€” they will be law.

Insurance Market Update

Cyber insurers are tightening underwriting standards in Q2 2026 following a 34% increase in claims frequency. Coalition, Corvus, and Beazley have all updated their application questionnaires to require evidence of EDR deployment, documented backup testing, and MFA on all internet-facing systems. Expect premium increases of 8–15% at renewal if you can't demonstrate these controls. The carriers rewarding strong security posture with flat or reduced premiums: Chubb Cyber and Travelers CyberRisk.

Tool Spotlight: Free Cybersecurity Risk Assessment

This week's spotlight: our Free Cybersecurity Risk Assessment β€” the fastest way to understand your current posture before your next insurance renewal or compliance review.

What it covers: 8 security domains (access control, endpoint security, backup & recovery, network security, phishing defense, cloud security, incident response, vendor risk). Takes under 5 minutes. No signup required.

Why it matters this week: The ransomware campaigns above specifically target misconfigurations in cloud storage and endpoint gaps. The assessment flags both.

β†’ Run your free assessment now

Run The Cyber Pulse Stack β€” Free

The Cyber Pulse Stack takes your business profile and delivers a personalized security brief covering your specific risk areas, compliance gaps, and insurance readiness β€” emailed, texted, or downloaded as a PDF.

What you get:

  • Threat alerts relevant to your industry and tech stack

  • Compliance deadline tracker tailored to your obligations

  • Insurance readiness score

  • Prioritized action checklist

Get your full Cyber Pulse brief β€” emailed, texted, or downloaded as a PDF.

β†’ Run The Cyber Pulse Stack free

Frequently Asked Questions

What is This Week's Cyber Pulse?
A weekly cybersecurity intelligence brief for small and mid-size businesses. Each edition covers the most relevant current threats (with severity ratings), upcoming compliance deadlines, cyber insurance market trends, and a featured tool. Published every Monday.

What is CMMC Level 2 and who needs it?
Cybersecurity Maturity Model Certification (CMMC) Level 2 is required for companies in the U.S. defense supply chain that handle Controlled Unclassified Information (CUI). If you have any DoD contracts or are a subcontractor to a prime defense contractor, you likely need CMMC Level 2 certification.

How does ransomware target cloud storage specifically?
Attackers scan for misconfigured cloud storage buckets (publicly accessible, weak credentials, no MFA) and either encrypt files in place (if they have write access) or exfiltrate data for double-extortion. Enabling MFA, storage versioning, and strict access controls prevents most of these attacks.

What is double extortion ransomware?
Double extortion ransomware exfiltrates your data before encrypting it, then threatens to publish the stolen data publicly if you don't pay the ransom. This creates two sources of pressure and means that even companies with good backups face reputational damage if they don't pay.

Previous edition: This Week's Cyber Pulse Archive

⚑ Run The Cyber Pulse Stack

Get a personalized security brief covering your specific threats, compliance gaps, and insurance readiness β€” emailed, texted, or as a PDF.

Run The Cyber Pulse Stack free β†’ Download PDF security brief β†’