Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...

Microsoft fixes 167 security flaws in April, second biggest Patch Tuesday ever

This month's Patch Tuesday includes an actively exploited Office zero-day vulnerability and several critical RCE bugs in ...
SecurityWeek

SAP Patches Critical ABAP Vulnerability

SAP has released 19 new security notes on its April 2026 security patch day, including one that resolves a critical-severity ...
SecurityWeek

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical Nginx UI vulnerability that allows attackers to take full control of servers has been exploited in the wild.
The Hacker News

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST limits CVE enrichment after 263% surge since 2020, prioritizing KEV and federal software, shifting thousands to “Not ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...

Microsoft Denies a New Recall Security Vulnerability Claim

A security researcher claims to have found a security vulnerability in Recall, but Microsoft correctly disagrees.

Adobe fixes PDF zero-day security bug that hackers have exploited for months

It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were ...
CSO Online

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities, ...

SANS Institute, Cloud Security Alliance, [un]prompted, and OWASP GenAI Security Project Release Emergency Strategy Briefing as AI-Driven Vulnerability Discovery Co…

Building a Mythos-Ready Security Program” delivers a risk register, 11 priority actions, and board briefing framework built ...

EngageLab Issues Official Security Statement on Android SDK Vulnerability Identified in Microsoft Defender Research

Vulnerability fully resolved in SDK v5.2.1 five months prior to public disclosure; no exploitation in the wild confirmedSINGAPORE, April 15, 2026 (GLOBE NEWSWIRE) -- EngageLab, an AI-first customer ...

Security vulnerability: wolfSSL library accepts manipulated certificates

Due to a security vulnerability in the TLS library wolfSSL, attackers can lure victims to servers they control under the ...