Industrial-strength April Patch Tuesday covers 135 CVEs
One actively exploited issue patched; five Critical-severity Office vulns exploitable via Preview Pane
Similar Posts
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
Bys sA recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Bys sAdobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM). Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in…
Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools
Bys sMicrosoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system “automates what is considered the gold
Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
Bys sMartin Fornusek reports: Aeroflot, Russia’s largest airline, reported a massive malfunction in its information system on July 28, forcing the cancellation of dozens of flights to and from Moscow. “There has been a failure in the airline’s information systems. Service disruptions are possible,” the Russian flag carrier said on Telegram without clarifying the cause of the disruptions….
Texas Man Convicted of Sabotaging his Employer’s Computer Systems and Deleting Data
Bys sThere’s an update to an indictment announced by the DOJ in April 2021. In today’s reminder of the insider threat, DOJ announced: A federal jury in Cleveland convicted a Texas man today for writing and deploying malicious code on his former employer’s network. According to court documents and evidence presented at trial, Davis Lu, 55,…
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Bys sCybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging functionality that can report back to a…