← Latest brief

Security news.

·Morning Brief

Microsoft's April Patch Tuesday delivered a record 167 security fixes including two actively exploited zero-days, while critical vulnerabilities in AI agents, Android malware, and malicious browser extensions pose immediate threats. Multiple CISA KEV additions and ongoing exploitation campaigns underscore the urgency of rapid patching across enterprise and consumer systems.

BLEEPINGPATCH
Apr 14READ

Microsoft April 2026 Patch Tuesday: 167 Flaws, 2 Zero-Days

Microsoft released updates for 167 vulnerabilities including a SharePoint Server zero-day (CVE-2026-32201) actively exploited in the wild and Windows Defender "BlueHammer" flaw.

DARK READINGBREACH
Apr 15READ

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot could have enabled external attackers to leak sensitive data; both have been patched.

BLEEPINGBREACH
Apr 14READ

Over 100 Malicious Chrome Extensions Steal User Data

More than 100 extensions in the official Chrome Web Store steal Google OAuth2 Bearer tokens, deploy backdoors, and conduct ad fraud, affecting 20,000+ users.

SECURITYWEEKMALWARE
Apr 15READ

Mirax RAT Targeting Android Users in Europe

A nascent Android remote access trojan offered as MaaS to Russian-speaking affiliates turns devices into SOCKS5 proxies; campaigns reached 220,000+ accounts via Meta ads.

READ

Fake Ledger Live App Steals $9.5M in Crypto from Apple App Store

A malicious Ledger Live app for macOS drained approximately $9.5 million from 50 victims in just days this month before removal.

BLEEPINGBREACH
Apr 14READ

Kraken Crypto Exchange Extorted After Insider Breach

Cybercriminals are extorting Kraken by threatening to release internal system videos obtained via an insider breach containing client data.

SECURITYWEEKBREACH
Apr 15READ

$10 Domain Could Have Exposed 25K Endpoints in OT and Government Networks

Researchers discovered adware capable of killing cybersecurity products and pushing dangerous payloads to infected systems across critical infrastructure.

CISAKEV
Apr 14READ

CISA Adds Two Known Exploited Vulnerabilities to KEV Catalog

CISA added CVE-2009-0238 (Microsoft Office RCE) and CVE-2026-32201 (SharePoint improper input validation) based on active exploitation evidence.

Generated twice daily from public security RSS feeds. Informational only.