< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2059 articles · page 28 of 103

Windows 11 April 2026 Cumulative Updates Released KBs

🛡️ Microsoft has released cumulative updates KB5083769 (25H2/24H2) and KB5082052 (23H2) for Windows 11 as part of the April 2026 Patch Tuesday. These mandatory updates deliver security fixes, bug repairs, and several feature refinements, including the ability to toggle Smart App Control without a clean install and richer Narrator image descriptions on Copilot-enabled systems. After installation, affected builds update to 26200.8246 / 26100.8246 (25H2/24H2) and 22631.6936 (23H2). Install through Settings > Windows Update or the Microsoft Update Catalog.
read more →

Microsoft April 2026 Patch Tuesday: 167 Flaws, 2 Zero-Days

🔒 Microsoft released its April 2026 Patch Tuesday addressing 167 vulnerabilities, including two zero-days and eight Critical flaws. The updates patch an actively exploited SharePoint Server spoofing bug (CVE-2026-32201) and a publicly disclosed Microsoft Defender elevation-of-privilege flaw (CVE-2026-33825) that can grant SYSTEM privileges. Multiple Microsoft Office RCEs exploitable via preview panes or malicious documents were fixed; administrators should prioritize installing these patches immediately.
read more →

Composer Perforce VCS Flaws Enable Command Execution

⚠️ Two high-severity vulnerabilities in Composer's Perforce VCS driver (CVE-2026-40176, CVSS 7.8; CVE-2026-40261, CVSS 8.8) can enable arbitrary command injection when processing a malicious repository configuration or a crafted source reference. The issues affect releases prior to 2.9.6 and 2.2.27 and are fixed in those versions; users should upgrade immediately. If you cannot patch, inspect composer.json files for Perforce fields, restrict repositories to trusted sources, and avoid dist-preferred installs. Composer reported no evidence of public exploitation and disabled Perforce metadata publishing on Packagist.org as a precaution.
read more →

CISA Adds Two Exploited Microsoft Vulnerabilities to KEV

🛡️ CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2009-0238, a Microsoft Office remote code execution flaw, and CVE-2026-32201, an improper input validation vulnerability in Microsoft SharePoint Server. The additions reflect evidence of active exploitation. Under BOD 22-01 FCEB agencies must remediate cataloged CVEs by the due date; CISA urges all organizations to prioritize remediation.
read more →

ShowDoc RCE CVE-2025-0520 Exploited on Unpatched Servers

⚠️ A critical remote code execution vulnerability, tracked as CVE-2025-0520 (aka CNVD-2020-26585), is being actively exploited against unpatched instances of ShowDoc. The flaw is an unrestricted, unauthenticated file upload caused by improper file-extension validation, allowing attackers to deploy PHP web shells and execute arbitrary code. The bug was fixed in ShowDoc 2.8.7 (October 2020) and the project now ships as version 3.8.1, but researchers observed an exploit dropping a web shell on a U.S.-based honeypot and note more than 2,000 internet-facing instances, most located in China. Administrators should upgrade immediately and scan for signs of compromise.
read more →

CISA Adds Six Actively Exploited Flaws in Major Software

🛡️ CISA on Apr 14, 2026 added six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after observing active exploitation. The flaws affect Fortinet FortiClient EMS, Microsoft components (Exchange Server, Windows drivers, Host Process for Windows Tasks, VBA) and Adobe Acrobat Reader, and include SQL injection, deserialization, out-of-bounds read, use-after-free and insecure library loading. Federal civilian agencies must remediate by April 27, 2026.
read more →

April 2026 Patch Tuesday: Two Zero-Days, Eight Critical

⚠️ Microsoft’s April 2026 Patch Tuesday addresses 164 CVEs, including two zero-days and eight Critical vulnerabilities. The release focuses heavily on elevation-of-privilege flaws (57% of patches) and updates for Windows, Office and developer tools. Notable fixes include an exploited SharePoint spoofing zero-day (CVE-2026-32201), a disclosed Defender elevation-of-privilege issue (CVE-2026-33825), and several high‑risk RCEs; deploy patches promptly and apply recommended mitigations.
read more →

Critical wolfSSL vulnerability allows forged certificates

🔒 A critical vulnerability in the wolfSSL TLS/SSL library (tracked as CVE-2026-5194) permits improper verification of hash algorithms and sizes when validating ECDSA and other signatures. Researchers warn attackers can present forged certificates with undersized digests that vulnerable implementations will accept, enabling impersonation of servers, files, or connections. Discovered by Nicholas Carlini of Anthropic, the issue was fixed in wolfSSL 5.9.1 (April 8); administrators should review deployments and apply updates or vendor patches promptly.
read more →

Adobe issues emergency patch for Acrobat/Reader zero-day

🔒 Adobe released an emergency security update to fix a zero-day tracked as CVE-2026-34621, which has been exploited since at least December to bypass Acrobat/Reader sandbox protections. The flaw lets malicious PDFs invoke privileged JavaScript APIs (for example util.readFileIntoStream() and RSS.addFeed()) to read local files and exfiltrate data with no user interaction beyond opening the file. Affected versions of Acrobat DC, Acrobat Reader DC and Acrobat 2024 have fixes available; Adobe urges users to update via Help > Check for Updates or by downloading the installer.
read more →

Critical Pre-Auth RCE in Marimo Exploited Quickly in the Wild

⚠️ A critical pre-authentication remote code execution vulnerability in Marimo (tracked as CVE-2026-39987) allows unauthenticated attackers to obtain a full interactive shell by connecting to the exposed /terminal/ws endpoint. The flaw affects all Marimo versions before 0.23.0 and was exploited in the wild within 9 hours and 41 minutes of disclosure. Sysdig observed an attacker steal cloud credentials in under three minutes. Update to 0.23.0 or block public access and rotate any exposed keys.
read more →

CISA Adds Seven Vulnerabilities to KEV Catalog, 2026

🔔 CISA added seven vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, affecting Microsoft, Adobe, and Fortinet products. The CVEs cover insecure library loading, use‑after‑free, deserialization, out‑of‑bounds read, link following, SQL injection, and prototype pollution. Under BOD 22‑01, Federal Civilian Executive Branch agencies must remediate KEV entries by required dates, and CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Seven IBM WebSphere Liberty Flaws Can Lead to Takeover

🔒 Researchers warn that seven vulnerabilities in IBM WebSphere Liberty can be chained from a pre-authentication SAML Web SSO flaw into full server compromise. The initial defect, tracked as CVE-2026-1561, allows unauthenticated attackers to supply crafted serialized payloads because a String.concat() misuse makes the integrity check ineffective, enabling pre-auth RCE against exposed SAML endpoints. Subsequent AdminCenter weaknesses let low-privileged 'reader' users retrieve keys and sensitive configuration, forge tokens, and abuse an archive-extraction flaw to write arbitrary files; IBM has issued patches and configuration guidance to mitigate the chain.
read more →

Critical Marimo Pre-Auth RCE Now Under Active Exploitation

⚠️ A critical pre-auth remote code execution (RCE) in Marimo (CVE-2026-39987) permits unauthenticated access to an interactive shell via the /terminal/ws WebSocket endpoint in versions 0.20.4 and earlier. Sysdig observed exploitation beginning within 10 hours of the public disclosure, with attackers quickly harvesting .env files, cloud credentials and SSH keys. Marimo released v0.23.0 to patch the issue; users should upgrade immediately, restrict external access, monitor WebSocket connections, and rotate any exposed secrets.
read more →

Adobe Patches Actively Exploited Acrobat Reader Flaw

⚠️ Adobe has released emergency updates to address a critical Acrobat Reader vulnerability, CVE-2026-34621, that is being actively exploited in the wild. The flaw is described as prototype pollution and can enable arbitrary code execution when specially crafted PDF files are opened. Fixed builds are available for affected Windows and macOS releases; users and administrators should update immediately.
read more →

Old Docker AuthZ Bypass Reappears, Patch Released Now

⚠️Researchers from Cyera disclosed a high-severity authorization bypass in Docker Engine (CVE-2026-34040) that allows attackers with Docker API access to evade third-party AuthZ plug-ins and execute privileged commands on hosts. The flaw, rated 8.8 on the CVSS scale, was fixed in Docker Engine 29.3.1 and Docker Desktop 4.66.1. As an interim mitigation, administrators can filter malicious requests by limiting API request size (for example, blocking requests over 512KB) until patches are deployed.
read more →

AirSnitch Wi-Fi Client Isolation: Risks and Mitigation

🔓 The AirSnitch research demonstrates that Wi‑Fi client isolation (guest network/device isolation) can be bypassed through a family of architectural flaws in access points, enabling traffic injection, redirection and even full MitM attacks. The methods exploit GTK handling, broadcast treatment and L2/L3 routing gaps, and affect many home and enterprise APs. Administrators should test equipment with the AirSnitch tooling and implement VLAN segmentation, per-client GTK, strong RADIUS/802.1X configs, and network-layer inspections.
read more →

AI Claude Rapidly Finds 13-Year ActiveMQ RCE Bug Exploit

🔍 Researchers at Horizon3.ai used Anthropic’s Claude to rapidly identify a critical remote code execution vulnerability in Apache ActiveMQ Classic that persisted for roughly 13 years. The flaw (CVE-2026-34197) allows misuse of the Jolokia management API—for example via addNetworkConnector—to load a malicious remote Spring XML and execute arbitrary Java/system commands. While the issue requires authentication in principle, default credentials remain common and a separate vulnerability in some 6.x builds can expose Jolokia without auth, turning it into an unauthenticated RCE. Apache has released patches in 5.19.4 and 6.2.3; administrators should upgrade and restrict access to management interfaces immediately.
read more →

Marimo RCE Exploited Within Hours; Patch Released Urgent

⚠️ A critical pre-auth remote code execution flaw, CVE-2026-39987, in Marimo allowed unauthenticated attackers to obtain a full PTY shell via the /terminal/ws WebSocket endpoint. The issue affected all versions up to and including 0.20.4 and was addressed in Marimo 0.23.0. Security researchers at Sysdig observed exploitation within 9 hours and 41 minutes of public disclosure, with rapid credential-theft activity on a honeypot. Operators were able to explore the file system and access .env and SSH key files without requiring proof-of-concept code.
read more →

Amazon RDS Adds Latest Microsoft SQL Server CU/GDR Patches

🔔 Amazon RDS for SQL Server now supports the latest Microsoft cumulative updates (CU) and General Distribution Release (GDR) packages for SQL Server 2016 SP3, 2017, 2019, and 2022. The GDRs remediate security issues tracked as CVE-2026-21262 and CVE-2026-26115. AWS recommends upgrading RDS instances via the Management Console, AWS SDK, or CLI to apply these fixes. See the Microsoft KBs and the Amazon RDS SQL Server User Guide for upgrade guidance.
read more →

Unpatched Adobe Reader Bug Exploited in Recon Campaign

⚠️ A vulnerability in Adobe Reader has been quietly exploited for months, using malicious PDFs with embedded JavaScript that executes when opened to fingerprint hosts and exfiltrate system details. Researcher Haifei Li traced samples back to at least November and confirmed recent variants still run on current Reader builds. The campaign appears focused on reconnaissance and data theft but could enable remote code execution. Mitigations include disabling Acrobat/Reader JavaScript, filtering non‑standard PDFs, marking external attachments, and reinforcing user training.
read more →