April 2026 Patch Tuesday forecast: Spring-cleaning of a preview
I just blinked and the first quarter of the year is GONE. Where does the time go?
Advisory
20 articles
Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
A social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren mailing list, a pu...
Critical Chrome Flaws Let Attackers Execute Arbitrary Code
Google has released an urgent security update for its Chrome browser, resolving multiple dangerous vulnerabilities. The Chrome team promoted version 147 to t...
GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection
GitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Orga...
US: Iranian-linked actors are actively exploiting our critical infrastructure
Joint advisory says likely targets include the energy, water, and transportation sectors, as well as the defense industrial base.
Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microso...
Iranian cyber activity hits US energy, water, and government networks
U.S.
U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs
U.S.
FBI, Pentagon warn of Iran hacking groups targeting operational technology
The advisory said Iranian actors are targeting local municipal governments, water and wastewater systems and the energy sector.
Fortinet issues Easter weekend hotfix for FortiClient EMS
Experts warn to apply hotfix right away for critical bug exploited in the wild.
Singapore, US warn of latest Fortinet bug being exploited in wild
The Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Thursday to apply the hotfix.
FBI Warns Chinese Mobile Apps Could Expose User Data to Cyberattacks
The Federal Bureau of Investigation (FBI) has issued a public warning about potential data security risks associated with foreign-developed mobile applicatio...
CrowdStrike’s Falcon platform receives cloud security update
The platform’s new capabilities are designed to support enterprises in safeguarding complex, AI-driven environments, and are in response to a security enviro...
Node.js Releases Urgent Patches for Multiple Vulnerabilities Exposing Systems to DoS and Crashes
The Node.js project issued a critical security update for its Long-Term Support (LTS) branch, marking version 20.
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware f...
Cisco Catalyst SD-WAN Vulnerabilities
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges ...
Microsoft Fixes Two Publicly Disclosed Zero-Days
March Patch Tuesday sees Microsoft release updates for 79 flaws
Multiple Cisco Products Snort 3 Denial of Service Vulnerabilities
Multiple Cisco products are affected by vulnerabilities in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Sno...
Multiple Cisco Products Snort 3 Visual Basic for Applications Denial of Service Vulnerabilities
Multiple Cisco products are affected by vulnerabilities in the Snort 3 Visual Basic for Applications (VBA) Decompression Engine that could allow an unauthent...
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerabilities
Multiple vulnerabilities in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco...