OSINT DAILY THREAT PRÉCIS
Date: April 09, 2026
Classification: UNCLASSIFIED//FOR OFFICIAL USE ONLY
Prepared by: SuperGrok for PrepperPrecis.com
Distribution: Security Professionals and Informed Citizens

Executive Summary

• Threat Level Assessment: Moderate. Elevated by fresh CISA disclosure of Iranian-affiliated actors exploiting programmable logic controllers (PLCs) in U.S. critical infrastructure sectors, alongside scattered data breaches and severe weather disrupting Hawaii and the Midwest. Civil unrest simmers from anti-war protests tied to U.S.-Iran tensions, but no kinetic escalations today.[1][2][3]
• Key Developments: (1) CISA alerts on Iranian cyber ops targeting ICS/OT devices across multiple U.S. sectors (April 7 disclosure, active exploitation ongoing); (2) DocketWise data breach exposing 116,000+ records announced today, under investigation; (3) Heavy rains, thunderstorms, and flooding in Hawaii prompt high surf advisories and shelter openings; anti-war rallies in DC and Philadelphia protest Trump’s Iran policy.[1][2][3][4]
• Priority Alerts: Patch PLC/ICS exposures immediately per CISA; prepare for Hawaii flooding through Friday; monitor East Coast protests for spillovers amid Iran ceasefire fragility.
• Source URLs: https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a https://www.morningstar.com/news/pr-newswire/20260409dc30383/privacy-alert-docketwise-under-investigation-for-data-breach-of-over-116000-records https://www.hawaiicounty.gov/Home/Components/News/News/4477/720 https://www.usatoday.com/story/news/2026/04/07/dc-protest-set-for-white-house-ahead-of-president-trumps-iran-ultimatum/89504446007

Physical Security

Civil Unrest

• Grassroots “emergency rallies” against U.S. strikes on Iran held outside White House (DC, 6 p.m. yesterday, echoes today) and planned in Philadelphia tonight, triggered by Trump’s two-week pause on further attacks—organizers cite escalation risks.[4][5]
• Scattered tax refusal actions nationwide protesting Trump policies, amplified online but no mass mobilizations reported today.[6]
• No new “No Kings” events since March peak (8 million participants), but Iran war rhetoric sustains low-level chatter.

Terrorism/Extremism

No credible threats, arrests, or chatter reported in past 24 hours.

Criminal Activity & Infrastructure

No notable spikes or disruptions today.

Analyst’s Comments: These Iran-focused protests feel more like policy venting than revolutionary sparks—smaller than March’s megamarches, but the ceasefire’s shakiness could ignite if Trump resumes strikes. Eyewitness social media from Philly/DC shows peaceful crowds so far, yet police presence is heavy; watch for opportunists amid economic gripes from Hormuz shipping woes.

Source URLs: https://www.usatoday.com/story/news/2026/04/07/dc-protest-set-for-white-house-ahead-of-president-trumps-iran-ultimatum/89504446007 https://www.usatoday.com/story/news/2026/04/08/iran-war-protest-national-day-of-action-planned-in-philadelphia/89513817007 https://www.nbcnews.com/video/some-americans-say-they-re-refusing-to-pay-federal-taxes-in-protest-against-trump-260953157970

Cyber Threats

Active Incidents

• DocketWise (immigration law platform) breach confirmed, 116,000+ records compromised; Schubert Jonckheer & Kolbe investigating unauthorized access disclosed today.[2]
• Mercor.io Corporation data breach announced today, details emerging on exposed records.[7]
• CISA: Iranian actors exploiting PLCs in U.S. critical infrastructure (energy, water, etc.) via known vulns—active since at least April 7.[1]

Emerging Vulnerabilities

• Docker Engine CVE-2026-34040 (high-severity auth bypass) disclosed recently, PoC available.[8]
• GitLab patches critical DoS/code execution bugs today.[9]

Nation-State Operations

• Iranian ops per CISA directly target OT/ICS; Reddit OSINT notes broader April cyber offensive.[1][10]

No major personal/consumer trends today.

Analyst’s Comments: Iranian PLC hits aren’t novel post-Stuxnet, but CISA’s timing amid Hormuz tensions screams retaliation—energy/water sectors are prime, and unpatched legacy gear is the weak link. DocketWise breach hits legal/immigration data, ripe for doxxing; pair it with war hype, and targeted harassment spikes. Docker/GitLab fixes are routine, but ICS focus demands OT pros prioritize over IT.

Source URLs: https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a https://www.morningstar.com/news/pr-newswire/20260409dc30383/privacy-alert-docketwise-under-investigation-for-data-breach-of-over-116000-records https://www.morningstar.com/news/pr-newswire/20260409dc30385/privacy-alert-mercorio-corporation-under-investigation-for-data-breach-of-records https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.html https://cyberpress.org/gitlab-fixes-critical-bugs https://www.reddit.com/r/threatintel/comments/1sf5tna/iranian_cyber_offensive_april_2026_threat

Public Health

Active Weather Events

• Hawaii: Heavy rains/thunderstorms causing floods; NWS High Surf Advisory south shores all islands until 6 a.m. April 10; Maui shelters open preemptively.[3][11]
• Midwest: NWS Chicago extends Flood Warning; cold front severe weather risks.[12]
• Guam: Tropical Depression approaching Marianas, heavy rain bands expected.[13]

Disease Outbreaks & Geological

No outbreaks or quakes reported past 24 hours.

Analyst’s Comments: Hawaii’s surf/flood combo is classic spring setup, but back-to-back with Guam TD raises Pacific ripple risks—evacuations low now, but power outages could strand vulnerable elderly. No health crises, but cyber breaches like DocketWise indirectly threaten immigrant communities via exposed personal data during unrest.

Source URLs: https://www.hawaiicounty.gov/Home/Components/News/News/4477/720 https://data.usatoday.com/severe-weather-alerts-warnings-watches/detail/flood-forecast-warning-2026-04-09-1200000000/9999-17754401400-17757360000-lot-fl-w-ext-ilc097 https://www.facebook.com/GHSOCD/posts/graphic-from-nws-guamfor-immediate-releaseapril-9-2026-520-pm-chsttropical-depre/1368341118668954 https://www.mauicounty.gov/CivicAlerts.aspx?AID=18677

Key Indicators

Economic and Supply Chain

• Strait of Hormuz disruptions from U.S.-Iran war strain global shipping: Hyundai reroutes shipments, fertilizer shortages hit U.S. food supply.[14][15]
• NY Fed: March supply chain pressures at multi-year high, spilling into April.[16]

Information Operations

No coordinated disinfo campaigns pinned today; war narratives dominate organic social chatter.

Key Indicators (24-72 Hours)

• Iranian Cyber on ICS: Iranian actors exploiting PLC vulns in U.S. CI; High likelihood (CISA evidence); nationwide but energy/water focus; operators at risk; impacts: outages/service halts; actions: inventory PLCs, apply patches, segment OT; watch CISA updates/escalations. Analyst’s Comments: This isn’t blind probing—geopolitics ties it to Hormuz, unlike routine scans; expect copycats if unmitigated.
• Hawaii Flooding/Surf: Heavy rain/high surf through April 10; Medium-High likelihood; Big Island/Maui; coastal/residents; impacts: road closures, property damage; actions: elevate valuables, avoid beaches; monitor NWS HFO. Analyst’s Comments: Preemptive shelters smart, but tourism rebound post-war could overload response.
• East Coast Protests: Iran policy rallies; Medium likelihood escalation; DC/Philly; urban crowds; impacts: traffic/violence; actions: avoid downtowns; watch local PD feeds.

Analyst’s Comments: War’s shadow looms largest—cyber/supply hits are direct blowback, weather isolated. Gaps in real-time X eyewitnesses limit granularity.

Source Assessment

• Source Reliability: CISA (A: official, timely); Morningstar/PRNewswire (B: breach notifications, verified firms); USA Today (B: regional protest coverage); HawaiiCounty.gov/NWS (A: primary alerts); Reddit/threatintel (C: OSINT aggregation, merits-based).
• Information Confidence: Medium—strong cyber/weather signals, thin on physical escalation.
• Collection Gaps: No X posts fetched (tool limits); scant crime/health specifics; economic war impacts inferred.
• Source URLs: https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a (A) https://www.morningstar.com/news/pr-newswire/20260409dc30383/privacy-alert-docketwise-under-investigation-for-data-breach-of-over-116000-records (B) https://www.hawaiicounty.gov/Home/Components/News/News/4477/720 (A) https://www.usatoday.com/story/news/2026/04/07/dc-protest-set-for-white-house-ahead-of-president-trumps-iran-ultimatum/89504446007 (B) https://www.reuters.com/markets/us/ny-fed-says-supply-chain-pressures-heated-up-march-2026-04-06 (A) https://www.reddit.com/r/threatintel/comments/1sf5tna/iranian_cyber_offensive_april_2026_threat (C)