Cybersecurity Flash Notices

Microsoft April 2026 Patch Tuesday – Multiple High-Impact Vulnerabilities

Microsoft’s April 2026 Patch Tuesday addresses 163+ vulnerabilities across Windows, Office, SharePoint, Microsoft Defender, and more.

Vercel Breach Highlights OAuth-Based AI Supply Chain Risk

Vercel confirms a security incident involving unauthorized access to internal systems after attackers abused OAuth access granted to a third-party AI tool.

Stored XSS in Adobe Commerce

CVE-2026-21284 is a Cross-Site Scripting (XSS) vulnerability in Adobe Commerce, allowing attackers to inject malicious scripts into vulnerable form fields.

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

CVE-2026-21536 is a critical unauthenticated RCE in Microsoft Devices Pricing Program that lets attackers upload and execute malicious files on servers.

Fortinet Addresses Critical FortiCloud SSO Authentication Bypass Under Active Exploitation

Fortinet released guidance addressing CVE-2026-24858, a critical auth. bypass vulnerability affecting its FortiOS, FortiManager, & FortiAnalyzer products.

UAT-8616 Exploits Cisco SD-WAN Zero-Day for Persistent Access

Cisco Talos revealed active exploitation of CVE-2026-20127, a max-severity authentication bypass vulnerability by the sophisticated threat actor UAT-8616.

Cisco Catalyst SD-WAN Authentication Bypass Vulnerability

CVE-2026-20127 is a critical authentication bypass vulnerability (CVSS 10.0) in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller.

Microsoft Word Security Feature Bypass Vulnerability

CVE-2026-21514 is a security feature bypass vulnerability in Microsoft Word due to reliance on untrusted inputs in a security decision.

Windows Shell Security Feature Bypass Vulnerability

CVE-2026-21510 is a Windows Shell security feature bypass vulnerability that allows an unauthorized attacker to bypass protection prompts over a network.

Notepad++ Supply Chain Attack: Undetected Chains and Evolving Payloads

Kaspersky researchers uncovered multiple undocumented infection chains in a supply chain attack targeting Notepad++ users from July to October 2025.

Prev 1 2 3 4 Next