Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

CERT-In flags multiple vulnerabilities in Google Chrome that could allow remote code execution and data theft, urging users ...

Google is bringing memory-safe Rust code to the Pixel 10 modem to protect users from remote hacking and memory-safety ...

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring immediate patching and compromise assessment.

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

Adobe released emergency patches for CVE-2026-34621, a critical Acrobat and Reader zero-day that has been exploited in the wild.

Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix.

CThese vulnerabilities, Cert-In said, could leave Apple users at risk of unauthorised access to sensitive data on their ...

For those who recall the debate surrounding Microsoft Recall not long ago, Claude Code's capture of activity is similar.