🤠 The Monday Morning 5: Your Pre-Week IT Survival Checklist

Sponsored by

This is an IT Support Group

Monday Morning Prep 🤠

A short one. Five things to check this morning so the rest of the week doesn't wreck you.

GM IT pros!

Happy Monday! This one's quick — I promise. You got the full news dump on Friday, so this morning is just the stuff that'll save the rest of your week from becoming a dumpster fire.

Five things. That's it. Coffee in one hand, checklist in the other. Let's go.

-Stetson

The Monday Morning 5

Your start-of-week survival checklist

✅ 1. Patch Tuesday Fallout — Verify Your Rollouts Landed

Microsoft dropped 167 fixes this past Tuesday, including two zero-days. The big one is CVE-2026-32201 — an actively exploited SharePoint spoofing flaw that CISA wants patched by April 28th. If your WSUS or Intune policies pushed updates mid-week, take five minutes this morning to spot-check a handful of endpoints. Look for machines that rebooted but didn't finish installing, stuck in "pending restart" limbo, or that weird subset of laptops that somehow dodged the deployment entirely. If you run SharePoint on-prem, this one's non-negotiable — threat actors are already using it in the wild.

✅ 2. Adobe Acrobat Reader — Emergency Patch, Don't Sleep On It

Adobe pushed an emergency fix for CVE-2026-34621 in Acrobat Reader (CVSS 8.6), and it's being actively exploited. This is the kind of thing where someone in Accounting opens a "totally legit invoice PDF" and suddenly you're having a very different Monday. If you manage Adobe deployments, confirm the update went out. If you don't manage Adobe deployments... maybe you should start, because your users definitely aren't updating it themselves.

✅ 3. Apache ActiveMQ — CISA Deadline Is April 30th

CVE-2026-34197 in Apache ActiveMQ Classic is under active exploitation and has a CVSS score of 8.8. CISA added it to the KEV catalog with a remediation deadline of April 30th. If you're running ActiveMQ anywhere in your environment (and you might not even know — check with your dev teams), this needs to be on someone's plate first thing Monday morning. This flaw is old enough to have a driver's license and attackers love it.

✅ 4. Check Your Cisco Gear — Four Critical Flaws

Cisco dropped patches for four critical vulnerabilities hitting Identity Services Engine and Webex Services. The nastiest one, CVE-2026-20184, scores a 9.8 — that's about as close to "hair on fire" as CVSS gets. It's an improper certificate validation bug in Webex Services. If your org runs Webex (and statistically, a lot of you do), make sure these patches are queued up for your Monday change window. Nothing ruins a Monday standup like finding out your video conferencing platform is the attack vector.

✅ 5. Ransomware Radar — Healthcare and Education Under Fire

It was a rough week for ransomware. Spring Lake Park School District in Minnesota got hit on April 13th and had to shut everything down. Multiple healthcare facilities including Gritman Medical Center in Idaho went dark, forcing clinic closures across locations. And Dutch healthcare vendor ChipSoft got popped, taking 11 hospitals offline. If you work in healthcare or education, take an extra look at your backup verification and incident response runbook this morning. If you work somewhere else, take an extra look anyway — these groups aren't picky about industry.

🎁 Bonus Round

A few quick extras while you're at it:

🔍 RDP File Warnings — Starting with April's security update, Windows now shows better warning dialogs when users interact with potentially malicious RDP files. Nice quality-of-life improvement, but only if you've actually deployed the update.

🎣 PHANTOMPULSE RAT — There's a new social engineering campaign using Obsidian (the note-taking app) to distribute a Windows RAT targeting finance and crypto workers. If your users are Obsidian fans, might be worth a heads-up in the Monday morning email.

📊 Booking.com Breach — Reservation details including names, addresses, and contact info got exposed on April 12th. Not directly an IT ops issue, but if anyone on your team traveled recently and used Booking.com, they might want to keep an eye on their inbox for phishing attempts riding the breach.

A Quick Word From The Shameless Plug Department

If one of your goals this week is "finally learn Linux properly" — or you've got a junior admin who keeps asking you how to grep things — check out Shell Samurai. It's hands-on Linux training that teaches by doing, not by lecturing. I built it. Shameless plug, zero regrets. Try it at app.shellsamurai.com.

What Will Your Retirement Look Like?

Retirement looks different for everyone. What it costs, where the income comes from, how long it needs to last. Those answers are specific to you.

The Definitive Guide to Retirement Income helps investors with $1,000,000 or more work through the questions that matter and build a plan around the answers.

Download your free guide to start turning a savings number into an actual retirement income strategy.

That's it. Five things. You're now more prepared than 90% of the people walking into the

office today. Go get 'em.

Back to the regular snark-filled roundup next Friday.

Stay paranoid. Stay patched. See you next Friday 🤠