vulnerability-management

Actively exploited SharePoint spoofing bug continues to threaten over 1,300 instances

• patchconfiguration-management
• vulnerability-management

Actively exploited SharePoint spoofing bug continues to threaten over 1,300 instances

SC Staff April 23, 2026

More than 1,300 internet-exposed Microsoft SharePoint servers remain vulnerable to ongoing intrusions weaponizing the zero-day spoofing flaw,...

Read More Read more about Actively exploited SharePoint spoofing bug continues to threaten over 1,300 instances

Discontinued D-Link routers subjected to Mirai botnet targeting

• iot
• network-security
• threat-intelligence
• vulnerability-management

Discontinued D-Link routers subjected to Mirai botnet targeting

SC Staff April 23, 2026

Security Affairs reports that vulnerable end-of-life D-Link DIR-823X routers impacted by the command injection flaw, tracked as...

Read More Read more about Discontinued D-Link routers subjected to Mirai botnet targeting

Microsoft patches critical ASP.NET Core privilege escalation vulnerability

• patchconfiguration-management
• vulnerability-management

Microsoft patches critical ASP.NET Core privilege escalation vulnerability

SC Staff April 23, 2026

The vulnerability stems from a regression in specific versions of the Microsoft.AspNetCore.DataProtection NuGet packages.

Read More Read more about Microsoft patches critical ASP.NET Core privilege escalation vulnerability

Apple patches iPhone notification bug after reports of deleted data recovery

• data-security
• patchconfiguration-management
• Privacy
• vulnerability-management

Apple patches iPhone notification bug after reports of deleted data recovery

SC Staff April 23, 2026

The vulnerability, identified as CVE-2026-28950, was patched on April 22, 2026, in iOS 26.4.2 and iPadOS 26.4.2,...

Read More Read more about Apple patches iPhone notification bug after reports of deleted data recovery

Critical Microsoft vulnerabilities surge as total flaw prevalence declines

• patchconfiguration-management
• vulnerability-management

Critical Microsoft vulnerabilities surge as total flaw prevalence declines

SC Staff April 22, 2026

A BeyondTrust report found a twofold increase in critical flaws in Microsoft software despite a 6% drop...

Read More Read more about Critical Microsoft vulnerabilities surge as total flaw prevalence declines

Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

• patchconfiguration-management
• vulnerability-management

Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

SC Staff April 22, 2026

Active intrusions exploiting the high-severity Apache ActiveMQ code injection flaw, tracked as CVE-2026-34197, could compromise 6,476 internet-exposed...

Read More Read more about Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission

• application-security
• devsecops
• supply-chain
• vulnerability-management

Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission

Laura French April 22, 2026

Attackers could have extracted a GITHUB_TOKEN secret, potentially enabling unauthorized changes.

Read More Read more about Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission

Several flaws found in serial-to-IP converters used in critical sectors

• patchconfiguration-management
• vulnerability-management

Several flaws found in serial-to-IP converters used in critical sectors

SC Staff April 21, 2026

SecurityWeek reports that Forescout Technologies identified 20 new vulnerabilities in Sliex and Lantronix serial-to-IP converters, or serial...

Read More Read more about Several flaws found in serial-to-IP converters used in critical sectors

Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More… – SWN #574

• ai-benefitsrisks
• ot-security
• vulnerability-management

Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More… – SWN #574

Doug White April 21, 2026

Read More Read more about Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More… – SWN #574

Another Cisco Catalyst SD-WAN Manager bug added to CISA list

• network-security
• patchconfiguration-management
• security-operations
• soc
• vulnerability-management

Another Cisco Catalyst SD-WAN Manager bug added to CISA list

Steve Zurier April 21, 2026

CISA flags new Cisco SD-WAN flaw amid active exploit chains, urging rapid patching.

Read More Read more about Another Cisco Catalyst SD-WAN Manager bug added to CISA list