Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.

Abstract: With the rapid development of the Internet of Vehicles (IoV) and Intelligent Transportation, connected vehicles can access a variety of latency-sensitive cloud services to improve real-time ...

Without an identity layer, AI agents accessing enterprise tools create real exposure: data exfiltration through unscoped ...

Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday ...

Microsoft this week says it has uncovered a large-scale, sophisticated AI-driven phishing campaign that uses automation and legitimate authentication processes to compromise accounts more effectively ...

Recent SQL Server 2025, Azure SQL, SSMS 22 and Fabric announcements highlight new event streaming and vector search capabilities, plus expanding monitoring and ontology tooling -- with tradeoffs in ...

Fortinet issues emergency patches for CVE-2026-35616, a FortiClient EMS zero-day vulnerability that has been exploited in the ...

Threat actors have started exploiting CVE-2026-21643, a critical vulnerability in Fortinet FortiClient EMS leading to remote ...

Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, ...