I love Sony’s new Bluetooth turntable, so why do I feel so conflicted using it
Sony’s latest turntable is an easy-to-setup upgrade with impressive sound, but a few concerns hold it back.
Latest news – Read More
Setting a MagSafe charger on my nightstand was the iPhone upgrade I didn’t know I needed
Sure, using a charging cable works great. But a MagSafe wireless setup offers even more benefits, including greater safety.
Latest news – Read More
Privilege Elevation Dominates Massive Microsoft Patch Update
Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix.
darkreading – Read More
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.
Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.
Mike Walters, president and co-founder of Action1, said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments.
“This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,” Walters said. “The presence of active exploitation significantly increases organizational risk.”
This flaw drops alongside a separate SQL Server remote code execution vulnerability (CVE-2026-33120), notes Ryan Braunstein, manager of Security and IT at Automox.
“One bug allows an attacker to get into your SQL instance from the network,” Braundstein said. “The other lets someone already inside promote themselves to full control.”
Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code for it after notifying Microsoft and growing exasperated with their response. Will Dormann, senior principal vulnerability analyst at Tharros, says he confirmed that the public BlueHammer exploit code no longer works after installing today’s patches.
Satnam Narang, senior staff research engineer at Tenable, said April marks the second-biggest Patch Tuesday ever for Microsoft. Narang also said there are indications that a zero-day flaw Adobe patched in an emergency update on April 11 — CVE-2026-34621 — has seen active exploitation since at least November 2025.
Adam Barnett, lead software engineer at Rapid7, called the patch total from Microsoft today “a new record in that category” because it includes nearly 60 browser vulnerabilities. Barnett said it might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing — a much-hyped but still unreleased new AI capability from Anthropic that is reportedly quite good at finding bugs in a vast array of software.
But he notes that Microsoft Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday.
“A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,” Barnett said. “We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.”
Finally, no matter what browser you use to surf the web, it’s important to completely close out and restart the browser periodically. This is really easy to put off (especially if you have a bajillion tabs open at any time) but it’s the only way to ensure that any available updates get installed. For example, a Google Chrome update released earlier this month fixed 21 security holes, including the high-severity zero-day flaw CVE-2026-5281.
For a clickable, per-patch breakdown, check out the SANS Internet Storm Center Patch Tuesday roundup. Running into problems applying any of these updates? Leave a note about it in the comments below and there’s a decent chance someone here will pipe in with a solution.
Krebs on Security – Read More
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.
darkreading – Read More
How Digital Annotations Are Replacing Paper Markups in Business
Digital Annotations replace paper markups in business, enabling real time collaboration, version control, and secure document workflows across teams.
Hackread – Cybersecurity News, Data Breaches, AI and More – Read More
Microsoft Patch Tuesday for April 2026 – Snort Rule and Prominent Vulnerabilities
Microsoft has released its monthly security update for April 2026, which includes 165 vulnerabilities affecting a wide range of products, including eight Microsoft marked as “critical.”
CVE-2026-23666 is a critical Denial of Service (DoS) vulnerability that affects the .NET framework. Successful exploitation could allow the attacker to deny service over the network.
CVE-2026-32157 is a critical use after free vulnerability in the Remote Desktop Client that results in code execution. Attack requires an authorized user on the client to connect to a malicious server, which could result in code execution on the client.
CVE-2026-32190 is a critical user after free vulnerability in Microsoft Office that can result in local code execution. Attacker is remote but attack is carried out locally. Code from the local machine needs to be executed to exploit the vulnerability.
CVE-2026-33114 is a critical untrusted pointer deference vulnerability in Microsoft Office Word that could allow the attacker to execute code locally. Code from the local machine needs to be executed to exploit this vulnerability.
CVE-2026-33115 is a critical use after free vulnerability in Microsoft Office word that can result in local code execution. Similar to CVE-2026-33114 and CVE-2026-32190 the attacker is remote, but code needs to be executed from the local machine to exploit the vulnerability.
CVE-2026-33824 is a critical double free vulnerability in the Widows Internet Key Exchange (IKE) extension, allowing remote code execution. An unauthenticated attacker can send specially crafted packets to a Windows machine with IKE version 2 enabled to potentially enable remote code execution. Additional mitigations can include blocking inbound traffic on UDP ports 500 and 4500 if IKE is not in use.
CVE-2026-33826 is a critical improper input validation in Windows Active Directory that can result in code execution over an adjacent network. Requires an authenticated attacker to send specially crafted RPC calls to an RPC host. Can result in remote code execution. Note that successful exploitation requires the attacker be in the same restricted Active Directory domain as the target system.
CVE-2026-33827 is a critical race condition vulnerability in Windows TCP/IP that can result in remote code execution. Successful exploitation requires the attacker to win a race condition along with additional actions prior to exploitation to prepare the target environment. An unauthenticated actor can send specially crafted IPv6 packets to a Windows node where IPSec is enabled to potentially achieve remote code execution.
CVE-2026-32201 is an important improper input validation vulnerability in Microsoft Office SharePoint that can allow an unauthorized user to perform spoofing. An attacker that successfully exploits this vulnerability could view some sensitive information and make changes to disclosed information. This vulnerability has already been detected as being exploited in the wild.
The majority of the remaining vulnerabilities are labeled as important with a two moderate and one low vulnerability also being patched. Talos would like to highlight the several additional important vulnerabilities that Microsoft has deemed as “more likely” to be exploited.
· CVE-2026-0390 – UEFI Secure Boot Security Feature Bypass Vulnerability
· CVE-2026-26151 – Remote Desktop Spoofing Vulnerability
· CVE-2026-26169 – Windows Kernel Memory Information Disclosure Vulnerability
· CVE-2026-26173 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
· CVE-2026-26177 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
· CVE-2026-26182 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
· CVE-2026-27906 – Windows Hello Security Feature Bypass Vulnerability
· CVE-2026-27908 – Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
· CVE-2026-27909 – Windows Search Service Elevation of Privilege Vulnerability
· CVE-2026-27913 – Windows BitLocker Security Feature Bypass Vulnerability
· CVE-2026-27914 – Microsoft Management Console Elevation of Privilege Vulnerability
· CVE-2026-27921 – Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
· CVE-2026-27922 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
· CVE-2026-32070 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
· CVE-2026-32075 – Windows UPnP Device Host Elevation of Privilege Vulnerability
· CVE-2026-32093 – Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
· CVE-2026-32152 – Desktop Window Manager Elevation of Privilege Vulnerability
· CVE-2026-32154 – Desktop Window Manager Elevation of Privilege Vulnerability
· CVE-2026-32155 – Desktop Window Manager Elevation of Privilege Vulnerability
· CVE-2026-32162 – Windows COM Elevation of Privilege Vulnerability
· CVE-2026-32202 – Windows Shell Spoofing Vulnerability
· CVE-2026-32225 – Windows Shell Security Feature Bypass Vulnerability
· CVE-2026-33825 – Microsoft Defender Elevation of Privilege Vulnerability
A complete list of all other vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are: 1:65902-1:65903, 1:66242-1:66251, 1:66259-1:66260, 1:66264-1:66267, 1:66275-1:66276
The following Snort 3 rules are also available: 1:301398, 1:301468-1:3101472, 1:301475, 1:301477-1:301478, 1:301480
Cisco Talos Blog – Read More
Tired of Gemini interrupting you? This Google Home update fixes that and more
Google Home’s latest update should make your Gemini experience more reliable. Look for these other improvements and bug fixes too.
Latest news – Read More
New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments
The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation.
The Record from Recorded Future News – Read More
In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy
OpenAI says its safeguards “sufficiently reduce cyber risk” for now, while GPT-5.4-Cyber is a new cybersecurity-focused model.
Security Latest – Read More