CISA added eight newly confirmed exploited vulnerabilities to its KEV catalog on April 22, 2026, covering enterprise VPN appliances, web frameworks, industrial control systems, and security products being actively weaponized in the wild.
CISA added eight newly confirmed exploited vulnerabilities to its KEV catalog on April 22, 2026, covering enterprise VPN appliances, web frameworks, industrial control systems, and security products being actively weaponized in the wild.
Anthropic Claude Mythos Preview found 271 security vulnerabilities in Mozilla Firefox in a single evaluation pass. All bugs are patched in Firefox 150. Here is the full breakdown.
The Interlock ransomware group exploited a Cisco Firewall Management Center zero-day as an initial access vector. Here’s how the attack worked and how to protect your network.
NIST’s NVD will now selectively enrich CVEs after a 263% surge in submissions overwhelmed the team. Here’s how security teams should adapt their vulnerability management.
A high-severity RCE vulnerability in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) is under active exploitation. Thousands of exposed brokers are at immediate risk.
Apple disclosed its first actively exploited zero-day of 2026, CVE-2026-20700, affecting iOS, iPadOS, and macOS. Update to iOS 19.3.2 and macOS 15.3.2 immediately.
Adobe released an emergency patch for CVE-2026-34621, a critical Acrobat Reader flaw with CVSS 8.6 that has been under active exploitation since at least December 2025.
Microsoft’s April 2026 Patch Tuesday addresses 168 CVEs including an actively exploited SharePoint Server zero-day and eight Critical-rated remote code execution flaws.
Google April 2026 Android Security Bulletin addresses 32 vulnerabilities including 3 critical RCE flaws.