Microsoft released April 2026 patches and more - Apr 26, 2026

Weekly Roundup
Written By RF Wave

Featured

Home security giant ADT confirmed a data breach

The attackers threatened to leak stolen data

This Week’s Updates

Breaches

Vercel confirms breach after hackers claim to be selling stolen data, disclosing a security incident affecting its cloud development platform

French government agency France Titres confirmed a breach after a threat actor offered stolen citizen data for sale

Dutch cosmetics giant Rituals disclosed a data breach exposing personal information of "My Rituals" membership database customers

Checkmarx confirmed a supply chain breach impacting its KICS analysis tool, with compromised Docker images and VSCode/Open VSX extensions used to harvest developer data

Bitwarden's CLI npm package was briefly compromised with a credential-stealing payload capable of spreading to other projects

Vulnerabilities

Over 6,400 Apache ActiveMQ servers remain exposed to a high-severity code injection flaw under active exploitation

CISA flagged a new Cisco Catalyst SD-WAN Manager vulnerability as actively exploited

Microsoft released out-of-band emergency security updates for a critical ASP.NET Core privilege escalation vulnerability

Apple released out-of-band iOS/iPadOS security updates fixing a Notification Services flaw that retained data marked for deletion

CISA ordered federal agencies to patch a Microsoft Defender privilege escalation flaw (BlueHammer) exploited as a zero-day

Hackers are actively exploiting a critical unauthenticated file-upload vulnerability in the WordPress Breeze Cache plugin

CISA confirmed active exploitation of a Zimbra Collaboration Suite XSS flaw, with over 10,000 instances still vulnerable

A newly disclosed Pack2TheRoot vulnerability in the Linux PackageKit daemon allows local users to escalate to root

RF Wave
Next

Microsoft released April 2026 patches and more - Apr 19, 2026