← Latest brief

Security news.

·Afternoon Brief

Today's security news is dominated by Microsoft's April Patch Tuesday, addressing a significant number of vulnerabilities including actively exploited zero-days. Several data breaches have also been reported, impacting major companies and their customers, alongside warnings about the increasing sophistication of AI-driven threats and malicious applications.

SECURITYWEEKZERO-DAY
Apr 14READ

Microsoft Patches Exploited SharePoint Zero-Day and 160+ Vulnerabilities

Microsoft's April Patch Tuesday is one of its largest ever, fixing 167 flaws, including two zero-days actively exploited in the wild (CVE-2026-32201 in SharePoint and another undisclosed).

CISAKEV
Apr 14READ

CISA Adds Two Known Exploited Vulnerabilities to KEV Catalog

CISA has added CVE-2009-0238 (Microsoft Office RCE) and CVE-2026-32201 (Microsoft SharePoint Server Improper Input Validation) to its Known Exploited Vulnerabilities Catalog, urging immediate patching.

SECURITYWEEKPATCH
Apr 14READ

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe has released security updates for 11 products, addressing 55 vulnerabilities, with critical ColdFusion flaws identified as high-risk for exploitation.

BLEEPINGBREACH
Apr 14READ

McGraw-Hill Confirms Data Breach Following Extortion Threat

Education company McGraw-Hill confirmed a data breach due to a Salesforce misconfiguration, leading to unauthorized access to internal data.

BLEEPING
Apr 14READ

Fake Ledger Live App on Apple’s App Store Stole $9.5M in Crypto

A malicious Ledger Live app for macOS, distributed via Apple's App Store, has reportedly stolen approximately $9.5 million in cryptocurrency from 50 victims.

THNVULN
Apr 14READ

New PHP Composer Flaws Enable Arbitrary Command Execution

Two high-severity command injection vulnerabilities (CVE-2026-40176, CVE-2026-40177) have been disclosed in Composer, the PHP package manager, allowing arbitrary command execution.

SECURITYWEEKBREACH
Apr 14READ

Europe’s Largest Gym Chain Basic-Fit Says Data Breach Impacts 1 Million Members

Basic-Fit, a major European gym chain, reported a data breach impacting 1 million members, with stolen data including names, dates of birth, and bank account details.

THNEXPLOIT
Apr 14READ

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware

A new ad fraud scheme leverages AI-generated content and SEO poisoning to push deceptive news stories into Google Discover, tricking users into enabling notifications for scareware and scams.

Generated twice daily from public security RSS feeds. Informational only.