CVEs, zero-days, PoCs, patch advisories
This week's cybersecurity news includes a Defender 0-day exploit, a brute-force attack targeting SonicWall, and a 17-year-old vulnerability in Microsoft Excel allowing remote code execution. The article highlights a mix of new threats, persistent old vulnerabilities, and supply chain issues affecting defenders.
Researchers have discovered a method to trick Anthropic's Claude AI into approving malicious code changes in Git repositories. By forging Git commit metadata, attackers can make the AI believe that harmful modifications originate from a trusted developer, bypassing security reviews.
Despite security overhauls, Microsoft's Windows Recall feature can still allow malware to silently extract all captured data without administrator privileges. A cybersecurity researcher demonstrated this vulnerability with a proof-of-concept tool, highlighting that decrypted data handled by unprotected processes remains accessible.
Cisco has addressed four critical vulnerabilities affecting its Webex Services platform, including an improper certificate validation flaw. While Cisco has released security updates, customers must take additional action to fully mitigate the risks associated with these issues.
VulnCheck reports that Anthropic's Project Glasswing, a controlled access program for their AI model Mythos, has only one confirmed CVE publicly attributable to its efforts. While Anthropic researchers are contributing to vulnerability discovery, the specific impact of Glasswing itself remains limited based on current public data.
Splunk Enterprise has released an update to address a critical code execution vulnerability. The flaw enables low-privileged users to achieve remote code execution by uploading files to a temporary directory.
Cisco has released patches for four critical vulnerabilities affecting its Identity Services and Webex Services. These flaws could allow attackers to execute arbitrary code and impersonate users within the affected services.
Microsoft's Zero Day Quest 2026 hacking contest awarded over $2.3 million to researchers who discovered more than 80 high-impact vulnerabilities. The event focused on cloud and AI security, with a total prize pool of $5 million.
NIST is changing its approach to enriching CVEs within the National Vulnerability Database (NVD). Enrichment will now be prioritized for CVEs that are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog or are associated with critical software.
Cisco has released patches for critical vulnerabilities affecting its Webex and Identity Services Engine (ISE) products. Exploitation of these flaws could allow remote attackers to impersonate users or execute arbitrary commands on the affected systems.
A researcher has detailed a new AI attack method dubbed 'Comment and Control' which exploits prompt injection vulnerabilities in AI tools. This attack targets Claude Code, Gemini CLI, and GitHub Copilot Agents by leveraging comments to manipulate their behavior.
Microsoft is investigating an issue where the April security update KB5082063 is failing to install on some Windows Server 2025 systems. This problem prevents the update from being applied, potentially leaving servers vulnerable. Microsoft is actively working on a resolution.
A critical vulnerability in Nginx UI, specifically affecting its Model Context Protocol (MCP) support, is actively being exploited in the wild. Attackers can leverage this flaw to gain full server control without needing any authentication.
A critical vulnerability in the nginx-ui component allows attackers to abuse a near-maximum severity flaw. This flaw enables attackers to restart, create, modify, and delete NGINX configuration files, posing a significant risk to web server security.
Anthropic's Project Glasswing allows over 50 organizations to test its Mythos LLM for security vulnerabilities in their own products. However, the exact number of vulnerabilities discovered remains undisclosed, mirroring the situation with other companies participating in similar initiatives.
A critical vulnerability, dubbed 'MCPwn' and identified as CVE-2026-33032, has been discovered in the nginx UI web server configuration tool. This flaw allows unauthenticated attackers to gain full control of web servers by injecting malicious configurations, with active exploitation noted since March.
A security researcher has developed a tool called "TotalRecall Reloaded" that can access the data stored by Windows 11's controversial Recall feature, even when encryption is enabled. This tool bypasses the intended security measures by exploiting a vulnerability in how the data is stored, allowing unauthorized access.
A suite of over 30 WordPress plugins, known as EssentialPlugin, has been compromised with malicious code. This allows attackers to gain unauthorized access to websites that use these plugins, potentially leading to further compromise or data theft.
Two critical vulnerabilities have been discovered in Fortinet's sandbox solutions that could allow unauthenticated attackers to bypass login mechanisms and execute commands over HTTP. While there are no reports of active exploitation yet, these flaws present a significant risk to organizations using the affected Fortinet products.
CISA has issued a warning to U.S. government agencies regarding a Windows Task Host vulnerability that can be exploited for privilege escalation. Successful exploitation allows attackers to gain SYSTEM privileges on affected systems, posing a significant security risk.
Hackers are actively exploiting a critical remote takeover vulnerability, identified as CVE-2026-33032, affecting the Nginx UI management tool. This exploit allows unauthorized access and control over Nginx servers.
Researchers have identified a design flaw in Anthropic's Model Context Protocol (MCP) that allows for the silent execution of unsanitized commands. This vulnerability could be exploited to compromise entire AI systems and facilitate widespread AI supply chain attacks.
A critical vulnerability, CVE-2026-33032, affecting the nginx-ui management tool is being actively exploited. This authentication bypass flaw allows attackers to gain full control of the Nginx server. The vulnerability has been nicknamed MCPwn by Pluto Security.
Microsoft's April Patch Tuesday addressed several critical vulnerabilities affecting major software vendors including Adobe, Fortinet, and SAP. A particularly severe SQL injection flaw in SAP Business Planning and Consolidation and SAP Business Warehouse is highlighted, carrying a CVSS score of 9.9. The patches aim to mitigate risks of unauthorized data access and code execution.
Security researchers have discovered prompt-injection vulnerabilities in Microsoft Copilot Studio and Salesforce Agentforce, allowing attackers to exfiltrate sensitive data by tricking the AI agents into executing malicious instructions. These flaws exploit the way AI agents process user input, blurring the lines between trusted commands and untrusted data, leading to potential theft of PII and business information.
Microsoft Copilot and Salesforce Agentforce have been patched to address prompt injection vulnerabilities. These flaws could have allowed external attackers to access and leak sensitive data from the AI agents.
A 17-year-old critical vulnerability in Microsoft Excel has been added to CISA's list of actively exploited vulnerabilities. This flaw, despite its age, is now being leveraged by attackers.
Microsoft has acknowledged that the April 2026 security update (KB5082063) for Windows Server 2025 is causing some devices to unexpectedly prompt for BitLocker recovery keys upon booting. This issue appears to be triggered by the update, leading to potential operational disruptions for affected servers.
Ivanti has released patches for two vulnerabilities in its Neurons for ITSM product. These flaws could allow attackers to maintain access even after their accounts are disabled and to access sensitive information from other user sessions.
Raspberry Pi OS has updated its default configuration to require a password for the `sudo` command. This change aims to enhance security by preventing unauthorized privilege escalation on devices.
Microsoft has released a fix for a bug that caused unintended automatic upgrades from Windows Server 2019 and 2022 to Windows Server 2025. This issue could have disrupted operations and caused compatibility problems for organizations.
Fortinet has released patches for critical vulnerabilities found in its FortiSandbox product. These flaws could be exploited by attackers to bypass authentication or execute arbitrary code and commands.
Microsoft has released updates to fix a record 169 security vulnerabilities across its products. Notably, one of these flaws was a zero-day vulnerability that had already been actively exploited in the wild. The majority of the vulnerabilities are rated as Important, with a smaller number classified as Critical.
Security researchers discovered a new prompt injection attack targeting AI agents integrated with GitHub Actions. This attack allows them to steal API keys and access tokens, with vendors like Anthropic, Google, and Microsoft failing to disclose the vulnerabilities to users.
Eight major industrial automation companies, including Siemens, Schneider Electric, and Mitsubishi Electric, have released new security advisories as part of ICS Patch Tuesday. These advisories address vulnerabilities within their operational technology (OT) products.
Microsoft's April Patch Tuesday addresses 167 security issues, with a particular focus on critical vulnerabilities in Windows Internet Key Exchange, Microsoft SharePoint, and a SAP SQL injection flaw. One of the most pressing is an actively exploited zero-day vulnerability in SharePoint Server (CVE-2026-32201), which allows attackers to spoof the platform and access sensitive information.
Microsoft has implemented new security measures in Windows to combat phishing attacks that leverage malicious Remote Desktop connection (.rdp) files. These protections include displaying warnings to users and disabling risky shared resources by default, aiming to prevent unauthorized access through compromised RDP files.
Microsoft's April Patch Tuesday addresses 167 vulnerabilities, including a zero-day in SharePoint Server and a disclosed weakness in Windows Defender. Additionally, Google Chrome has patched its fourth zero-day of 2026, and an Adobe Reader update fixes an actively exploited flaw allowing remote code execution.
Microsoft's latest patch update addresses 165 vulnerabilities, with a significant portion, over half, being privilege escalation flaws. Two of these patched vulnerabilities were zero-days, meaning they were exploited in the wild before a fix was available.
Microsoft's April Patch Tuesday addresses a significant number of vulnerabilities, including one actively exploited SharePoint Server spoofing flaw and another disclosed by a researcher. A total of 163 bugs were patched across various Microsoft products.
Microsoft has released its latest Patch Tuesday, addressing a total of 161 vulnerabilities, including a zero-day flaw in SharePoint that was actively being exploited. This makes it the second-largest Patch Tuesday in terms of the number of CVEs addressed by Microsoft.
Microsoft has released the Windows 10 KB5082200 extended security update, addressing vulnerabilities that would have expired in April 2026. This update includes fixes for two zero-day vulnerabilities, along with other security improvements to protect users.
Microsoft has released Windows 11 cumulative updates KB5083769 and KB5082052. These updates address security vulnerabilities, fix bugs, and introduce new features for different versions of Windows 11.
Microsoft's April 2026 Patch Tuesday release is substantial, but a closer examination is needed to understand the full scope of updates and their implications.
Microsoft's April 2026 Patch Tuesday addresses 167 vulnerabilities, two of which are zero-day flaws that have been actively exploited. The updates cover various Microsoft products and are crucial for mitigating security risks.
Adobe has released patches for 55 vulnerabilities affecting 11 of its products. The company has identified critical ColdFusion vulnerabilities as being the most susceptible to exploitation in ongoing attacks.
Two high-severity vulnerabilities have been discovered in PHP's Composer package manager, specifically within its Perforce VCS driver. These flaws allow for arbitrary command execution if exploited. Patches have been released to address these issues.
Google has integrated a new Rust-based DNS parser into the modem firmware for Pixel devices. This move aims to enhance device security by mitigating a class of vulnerabilities often found in critical network parsing components.
CISA has added two new vulnerabilities, CVE-2009-0238 and CVE-2026-32201, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of their active exploitation. These vulnerabilities represent significant risks and frequent attack vectors for cyber actors. Federal agencies are required to remediate these, and all organizations are strongly urged to prioritize them in their vulnerability management.
SAP has released 19 new security notes to address vulnerabilities in its enterprise products. Among these is a critical vulnerability in ABAP, SAP's proprietary programming language.
