CVEs, zero-days, PoCs, patch advisories
A researcher has detailed a new AI attack method dubbed 'Comment and Control' which exploits prompt injection vulnerabilities in AI tools. This attack targets Claude Code, Gemini CLI, and GitHub Copilot Agents by leveraging comments to manipulate their behavior.
Microsoft is investigating an issue where the April security update KB5082063 is failing to install on some Windows Server 2025 systems. This problem prevents the update from being applied, potentially leaving servers vulnerable. Microsoft is actively working on a resolution.
A critical vulnerability in Nginx UI, specifically affecting its Model Context Protocol (MCP) support, is actively being exploited in the wild. Attackers can leverage this flaw to gain full server control without needing any authentication.
A critical vulnerability in the nginx-ui component allows attackers to abuse a near-maximum severity flaw. This flaw enables attackers to restart, create, modify, and delete NGINX configuration files, posing a significant risk to web server security.
Anthropic's Project Glasswing allows over 50 organizations to test its Mythos LLM for security vulnerabilities in their own products. However, the exact number of vulnerabilities discovered remains undisclosed, mirroring the situation with other companies participating in similar initiatives.
A critical vulnerability, dubbed 'MCPwn' and identified as CVE-2026-33032, has been discovered in the nginx UI web server configuration tool. This flaw allows unauthenticated attackers to gain full control of web servers by injecting malicious configurations, with active exploitation noted since March.
A security researcher has developed a tool called "TotalRecall Reloaded" that can access the data stored by Windows 11's controversial Recall feature, even when encryption is enabled. This tool bypasses the intended security measures by exploiting a vulnerability in how the data is stored, allowing unauthorized access.
A suite of over 30 WordPress plugins, known as EssentialPlugin, has been compromised with malicious code. This allows attackers to gain unauthorized access to websites that use these plugins, potentially leading to further compromise or data theft.
Two critical vulnerabilities have been discovered in Fortinet's sandbox solutions that could allow unauthenticated attackers to bypass login mechanisms and execute commands over HTTP. While there are no reports of active exploitation yet, these flaws present a significant risk to organizations using the affected Fortinet products.
CISA has issued a warning to U.S. government agencies regarding a Windows Task Host vulnerability that can be exploited for privilege escalation. Successful exploitation allows attackers to gain SYSTEM privileges on affected systems, posing a significant security risk.
Hackers are actively exploiting a critical remote takeover vulnerability, identified as CVE-2026-33032, affecting the Nginx UI management tool. This exploit allows unauthorized access and control over Nginx servers.
Researchers have identified a design flaw in Anthropic's Model Context Protocol (MCP) that allows for the silent execution of unsanitized commands. This vulnerability could be exploited to compromise entire AI systems and facilitate widespread AI supply chain attacks.
A critical vulnerability, CVE-2026-33032, affecting the nginx-ui management tool is being actively exploited. This authentication bypass flaw allows attackers to gain full control of the Nginx server. The vulnerability has been nicknamed MCPwn by Pluto Security.
Microsoft's April Patch Tuesday addressed several critical vulnerabilities affecting major software vendors including Adobe, Fortinet, and SAP. A particularly severe SQL injection flaw in SAP Business Planning and Consolidation and SAP Business Warehouse is highlighted, carrying a CVSS score of 9.9. The patches aim to mitigate risks of unauthorized data access and code execution.
Security researchers have discovered prompt-injection vulnerabilities in Microsoft Copilot Studio and Salesforce Agentforce, allowing attackers to exfiltrate sensitive data by tricking the AI agents into executing malicious instructions. These flaws exploit the way AI agents process user input, blurring the lines between trusted commands and untrusted data, leading to potential theft of PII and business information.
Microsoft Copilot and Salesforce Agentforce have been patched to address prompt injection vulnerabilities. These flaws could have allowed external attackers to access and leak sensitive data from the AI agents.
A 17-year-old critical vulnerability in Microsoft Excel has been added to CISA's list of actively exploited vulnerabilities. This flaw, despite its age, is now being leveraged by attackers.
Microsoft has acknowledged that the April 2026 security update (KB5082063) for Windows Server 2025 is causing some devices to unexpectedly prompt for BitLocker recovery keys upon booting. This issue appears to be triggered by the update, leading to potential operational disruptions for affected servers.
Ivanti has released patches for two vulnerabilities in its Neurons for ITSM product. These flaws could allow attackers to maintain access even after their accounts are disabled and to access sensitive information from other user sessions.
Raspberry Pi OS has updated its default configuration to require a password for the `sudo` command. This change aims to enhance security by preventing unauthorized privilege escalation on devices.
Microsoft has released a fix for a bug that caused unintended automatic upgrades from Windows Server 2019 and 2022 to Windows Server 2025. This issue could have disrupted operations and caused compatibility problems for organizations.
Fortinet has released patches for critical vulnerabilities found in its FortiSandbox product. These flaws could be exploited by attackers to bypass authentication or execute arbitrary code and commands.
Microsoft has released updates to fix a record 169 security vulnerabilities across its products. Notably, one of these flaws was a zero-day vulnerability that had already been actively exploited in the wild. The majority of the vulnerabilities are rated as Important, with a smaller number classified as Critical.
Security researchers discovered a new prompt injection attack targeting AI agents integrated with GitHub Actions. This attack allows them to steal API keys and access tokens, with vendors like Anthropic, Google, and Microsoft failing to disclose the vulnerabilities to users.
Eight major industrial automation companies, including Siemens, Schneider Electric, and Mitsubishi Electric, have released new security advisories as part of ICS Patch Tuesday. These advisories address vulnerabilities within their operational technology (OT) products.
Microsoft's April Patch Tuesday addresses 167 security issues, with a particular focus on critical vulnerabilities in Windows Internet Key Exchange, Microsoft SharePoint, and a SAP SQL injection flaw. One of the most pressing is an actively exploited zero-day vulnerability in SharePoint Server (CVE-2026-32201), which allows attackers to spoof the platform and access sensitive information.
Microsoft has implemented new security measures in Windows to combat phishing attacks that leverage malicious Remote Desktop connection (.rdp) files. These protections include displaying warnings to users and disabling risky shared resources by default, aiming to prevent unauthorized access through compromised RDP files.
Microsoft's April Patch Tuesday addresses 167 vulnerabilities, including a zero-day in SharePoint Server and a disclosed weakness in Windows Defender. Additionally, Google Chrome has patched its fourth zero-day of 2026, and an Adobe Reader update fixes an actively exploited flaw allowing remote code execution.
Microsoft's latest patch update addresses 165 vulnerabilities, with a significant portion, over half, being privilege escalation flaws. Two of these patched vulnerabilities were zero-days, meaning they were exploited in the wild before a fix was available.
Microsoft's April Patch Tuesday addresses a significant number of vulnerabilities, including one actively exploited SharePoint Server spoofing flaw and another disclosed by a researcher. A total of 163 bugs were patched across various Microsoft products.
Microsoft has released its latest Patch Tuesday, addressing a total of 161 vulnerabilities, including a zero-day flaw in SharePoint that was actively being exploited. This makes it the second-largest Patch Tuesday in terms of the number of CVEs addressed by Microsoft.
Microsoft has released the Windows 10 KB5082200 extended security update, addressing vulnerabilities that would have expired in April 2026. This update includes fixes for two zero-day vulnerabilities, along with other security improvements to protect users.
Microsoft has released Windows 11 cumulative updates KB5083769 and KB5082052. These updates address security vulnerabilities, fix bugs, and introduce new features for different versions of Windows 11.
Microsoft's April 2026 Patch Tuesday release is substantial, but a closer examination is needed to understand the full scope of updates and their implications.
Microsoft's April 2026 Patch Tuesday addresses 167 vulnerabilities, two of which are zero-day flaws that have been actively exploited. The updates cover various Microsoft products and are crucial for mitigating security risks.
Adobe has released patches for 55 vulnerabilities affecting 11 of its products. The company has identified critical ColdFusion vulnerabilities as being the most susceptible to exploitation in ongoing attacks.
Two high-severity vulnerabilities have been discovered in PHP's Composer package manager, specifically within its Perforce VCS driver. These flaws allow for arbitrary command execution if exploited. Patches have been released to address these issues.
Google has integrated a new Rust-based DNS parser into the modem firmware for Pixel devices. This move aims to enhance device security by mitigating a class of vulnerabilities often found in critical network parsing components.
CISA has added two new vulnerabilities, CVE-2009-0238 and CVE-2026-32201, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of their active exploitation. These vulnerabilities represent significant risks and frequent attack vectors for cyber actors. Federal agencies are required to remediate these, and all organizations are strongly urged to prioritize them in their vulnerability management.
SAP has released 19 new security notes to address vulnerabilities in its enterprise products. Among these is a critical vulnerability in ABAP, SAP's proprietary programming language.
Google has incorporated a DNS parser written in Rust into Pixel phones, aiming to enhance security by addressing memory safety bugs common in lower-level programming environments. This move is intended to mitigate an entire class of vulnerabilities.
OX Security's analysis of 216 million security findings from 250 organizations revealed a 52% year-over-year increase in raw security alerts. More significantly, the prioritized critical risk saw a nearly 400% surge, indicating a growing density of high-impact vulnerabilities.
RCI Hospitality, a nightclub operator, has reported a data breach stemming from an Insecure Direct Object Reference (IDOR) vulnerability within its RCI Internet Services. This vulnerability led to the exposure of data belonging to contractors.
Organizations have been alerted to actively exploited vulnerabilities in Windows and Adobe Acrobat. These security flaws enable attackers to gain elevated privileges and execute code remotely on affected systems.
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-0520, has been discovered in ShowDoc, a popular document management service. This flaw allows for unrestricted file uploads due to improper validation and is reportedly being actively exploited in the wild on unpatched servers. The vulnerability has a high CVSS score of 9.4.
CISA has added six known exploited vulnerabilities to its KEV catalog, including flaws in software from Fortinet, Microsoft, and Adobe. These additions indicate active exploitation in the wild, urging organizations to prioritize patching these vulnerabilities.
A new briefing by the Cloud Security Alliance (CSA) argues that Anthropic's Glasswing, an AI system capable of autonomously identifying and exploiting vulnerabilities, is not an outlier but an early indicator of a significant shift in cybersecurity. This AI capability dramatically accelerates the process of finding flaws and developing exploits, potentially overwhelming security teams with a surge of disclosures and autonomous attacks.
Threat actors are exploiting four Microsoft vulnerabilities, including one patched nearly 14 years ago and another linked to ransomware. The US cybersecurity agency has issued a directive for federal agencies to patch these vulnerabilities within two weeks.
The Cloud Security Alliance (CSA) is warning CISOs to prepare for a potential "AI vulnerability storm" following the introduction of Anthropic's Claude Mythos. This development suggests that new AI models could lead to an increase in exploitable vulnerabilities in AI systems.
Adobe has released patches for a critical zero-day vulnerability in Acrobat and Reader that has been actively exploited by attackers for at least four months. The vulnerability was leveraged through maliciously crafted PDF files, allowing attackers to execute arbitrary code on affected systems. This patch addresses a significant security risk that has been present for an extended period.
