Hello all,
Since the month started on Wednesday, it has seemed like a long time since there was a major release of patches and updates. Never fear, your wait is over! Adobe, Apache, Cisco, Microsoft, PHP, SAP, Splunk and more released updates to fix holes, defects, and vulnerabilities this past week. Some are highlighted in our Headline News, and others are linked elsewhere in this week’s newsletter. Anthropic Mythos and Claude 4.7 are continuing to make news, as is Adobe with their Creative Cloud’s move into the world of AI. Regarding AI, there are some interesting developments in the news that singularly are interesting, but when taken together are starting to make my “Spidey senses tingle”. More on that in my Musings section.
Headline NEWS:
- Adobe Acrobat patched a zero-day last week. This week Adobe coughed up fixes for Illustrator, Reader, Acrobat, Photoshop, Bridge, ColdFusion, Connect, FrameMaker, Experience Manager, InCopy, and InDesign. Basically, if you have anything Adobe, check for updates if you are not already applying them automatically.
- Cisco released patches for multiple Webex components, Identity Services Engine, Unity Connection, and ThousandEyes Enterprise Agent. Some of these are rated critical and can allow for remote code execution and user impersonation. There is no known active exploitation of these, yet.
- Fortinet can’t stay out of the news and has a pair of critical FortiDefects in their FortiSandbox. Both can enable an “unauthenticated attacker to execute unauthorized code or commands”, according to FortiGuard Labs. They are currently not known to be exploited, so patch quickly.
- Microsoft nearly broke a record this month with the second largest patch release in a single month with 167 defects, two of which are actively being exploited already. The most serious of these is the SharePoint Server flaw which allows an unauthenticated threat actor to view and tamper with information on the server. Microsoft advises the updates be applied as soon as possible. And if that wasn’t bad enough, a security researcher named Chaotic Eclipse, in a bit of spite due to a disagreement with Microsoft, published a zero-day vulnerability that weaponizes Microsoft Defender against itself. Microsoft patched for that vulnerability with this month’s update. Chaotic Eclipse then promptly released two more defects in how Windows Defender functions, ensuring it was after the Microsoft released patches. Thank you for making everyone’s life more difficult with your temper tantrum Chaotic Eclipse. Your actions are marginally better than that of a threat actor.
- Splunk Enterprise and Cloud Platform has a defect in how Splunk processes temporary files that enables a remote code execution attack. To be successful, the attacker only needs to have low privilege account access. There is a mitigation available if you can’t update immediately, however admins are advised to update to the latest version as soon as possible to fix this flaw.
In Ransomware, Malware, and Vulnerabilities News:
- Microsoft vulnerabilities continued. In addition to the major Patch Tuesday defects that everyone talks about, there are some additional vulnerabilities for which Microsoft has released updates. They are a BitLocker bypass, an Active Directory vulnerability involving Remote Procedure Call (RPC) that enables compromise if the threat actor already has any level of access to the target network, and believe it or not, the Windows Snipping Tool can be used to steal a user’s credentials. Naturally, it involves Server Message Block (SMB) and malicious links that reach out to threat actor-controlled infrastructure. We’ve seen this type of attack using Outlook, all of the MS Office product suite, File Explorer, and now the Snipping Tool. All of the aforementioned vulnerabilities received patches in the April Patch Tuesdy release from Microsoft.
In Other News Events of Note and Interest:
- Microsoft Remote Desktop has changed the way that .RDP files function after you apply the April Patch Tuesday updates. If you attempt to launch a Remote Desktop session by opening a file with a .RDP extension, you will receive a dialog box that requires you to approve the connection, and to select which local device resources to bring to the RDP session. I expect that this will catch quite a few Remote Desktop users by surprise, they won’t enable access to their devices, and then they’ll call tech support to help. But hey, that’s why we exist, right?
Musings
Artificial Intelligence continues to surprise those of us watching from the sidelines with how quickly it is advancing in capability. The one-upmanship game is extreme among the major vendors such as Anthropic, Microsoft, OpenAI, Google, Meta, and X AI. Every week we read about a new major development or breakthrough in how the AI “thinks” and behaves. Thankfully, at least some of them appear to be putting up guardrails and walled gardens around their most potent creations.
I read a lot of tech headlines and articles and several that caught my attention in the past two weeks dealt with AI, robotics, and autonomous flight. As mentioned, AI is advancing at unbelievable speed. Last week I noted that China’s Alibaba marketplace is expected to start selling incredibly dexterous robots for a mere $4,300 soon. China just conducted a half-marathon where hundreds of robots were entered into the competition. Some were laughably bad. But others were shocking in their speed and fluidity, with the winner breaking the human world record time. This week I read about both the US Army and US Air Force successfully flying autonomous helicopters and fighter jets. I saw another article this week that spoke of deploying drone swarms from the back of the same model helicopter from the autonomous test. Drone swarms are already computer controlled. We are very close to a technology convergence where AI will be able to drive our cars, direct our robots, fly our planes and helicopters, and wage warfare. Didn’t I see this movie?
All is not lost. one of this week’s linked articles talks about the beginning of scarcity in AI – and it makes a lot of sense. Presently, there is only so much compute power and space to be had. As new AI models are introduced, they demand increased capacity and power at a rate that cannot be kept up with necessitating rationing and significantly increased costs, which will slow adoption. So perhaps the prior observations will take a bit longer to come to fruition, we can only hope.
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Adobe fixes PDF zero-day security bug that hackers have exploited for months
- Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
- Cisco Webex Services Vulnerability Let Remote Attacker Impersonate Any User
- Critical Fortinet sandbox bugs allow auth bypass and RCE
- Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
- April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
- Microsoft SharePoint Server 0-Day Vulnerability Actively Exploited in Attacks
- Microsoft Defender 0-Day Vulnerability Enables Privilege Escalation Attack
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
- Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
- Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution Attacks
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- AI Companies To Play Bigger Role in CVE Program, Says CISA
- CISA flags Windows Task Host vulnerability as exploited in attacks
- CISA tells feds to patch 13-year-old Apache ActiveMQ bug
- NIST to limit work on CVE entries as submissions surge
- Vance, Bessent questioned tech giants on AI security before Anthropic’s Mythos release
- North Korea targets macOS users in latest heist
- Why the Iran cyberattack everyone warned about hasn’t really happened yet
- FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
- Europol-supported global operation targets over 75 000 users engaged in DDoS attacks – Operation PowerOFF is a global effort aimed at dismantling criminal DDoS-for-hire infrastructure
- Americans behind Nork IT fraud sentenced to 200 months
- Vulnerabilities and Exploits
- Microsoft adds Windows protections for malicious Remote Desktop files
- Signed Adware Operation Disables Antivirus Across 23,000 Hosts
- Critical flaw in Protobuf library enables JavaScript code execution
- Mirax Android Trojan Turns Devices Into Residential Proxy Nodes
- Two Vulnerabilities Patched in Ivanti Neurons for ITSM
- PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands
- Anthropic’s Project Glasswing CVE count is still guesswork
- Critical flaw in wolfSSL library enables forged certificate use
- Apache Tomcat Flaws Enable EncryptInterceptor Bypass
- Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
- New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
- “TotalRecall Reloaded” tool finds a side entrance to Windows 11’s Recall database
- Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature
- Windows Active Directory Vulnerability Allow Attackers to Execute Malicious Code
- Windows Snipping Tool Vulnerability Allows Attacker to Perform Spoofing Over a Network
- Report: Cellular modules from Chinese companies in smart home devices are national security risk
- China tests deep-sea electro-hydrostatic actuator that can cut undersea cables at a depth of 3,500 meters — state hails successful trial and hints at deployment readiness
- The exploit gap is closing, and your patch cycle wasn’t built for this
- The Flipper Zero is now rickrolling electronic price tags at retail
- Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
- New Research Claims Google, Microsoft, and Meta Track Users Even After Opt-Out
- Phishing, Malware, and similar
- The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
- CISA and FBI warn of phishing attacks targeting WhatsApp and Signal
- APT41 Delivers ‘Undetectable’ Backdoor to Steal Cloud Credentials
- New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
- AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
- n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
- Hackers Bypass Phishing Emails and Target Okta Identity Systems Instead
- New ATHR vishing platform uses AI voice agents for automated attacks
- Google expands Gemini AI use to fight malicious ads on its platform
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
- Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
- Hackers Create Hidden Mailbox Rules in Microsoft 365 to Intercept Sensitive Business Emails
- Breaches, Leaks, and Ransomware
- New Booking.com data breach forces reservation PIN resets
- Iran-Linked CyberAv3ngers Sets Sights on Water Utilities and Industrial Controllers
- Autovista blames ransomware for service disruption
- Hack at Anodot leaves over a dozen breached companies facing extortion
- Fashion retailer Express left customers’ personal data and order details exposed to the internet
- Ransomware scum, other crims exploit 4 old Microsoft bugs
- McGraw-Hill confirms data breach following extortion threat
- Data breach at edtech giant McGraw Hill affects 13.5 million accounts
- Data Breach at Tennessee Hospital Affects 337,000
- Kraken Exchange Faces Extortion After Insider Recorded System Footage
- Nightclub Giant RCI Hospitality Reports Data Breach
- How often do threat actors default on promises to delete data?
- Payouts King ransomware uses QEMU VMs to bypass endpoint security
Other News Events of Note and Interest
- Netgear Scores the First Exemption From the FCC’s Foreign-Made Router Ban
- Apple Business rolls out to 200+ countries
- Apple Business available for download now
- Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
- FBI Recovers Deleted Signal Messages Through iPhone Notifications
- MITRE Releases Fight Fraud Framework
- Internet Archive’s Wayback Machine under severe threat by publisher blocks
- Gucci-branded Android XR smart glasses are coming in 2027
- Google upgrades its desktop app for Windows
- Google will begin punishing sites for back button hijacking in June
- EU forces Google’s hand on search data, angering Google
- Raspberry Pi OS 6.2 locks down security with a major change to sudo access
- Windscribe drops crucial VPN update to bypass strict internet blocks in Iran, Russia, China
- Orbital datacenter startup admits launch economics don’t fly
- QUIC will soon be as important as TCP
- Cloudflare Email Service: now in public beta. Ready for your agents
- JPMorgan says CLARITY close to deal as stablecoin fight enters final stage
- Oracle and AWS Collaborate to Expand Multicloud Networking
- AI, LLM’s, and Skynet
- The Beginning of Scarcity in AI
- AI Use Appears to Have a “Boiling Frog” Effect on Human Cognition
- US Army Chinook helicopter lands autonomously without pilot input
- US Air Force tests semiautonomous jet drone with no pilot control
- Adobe takes Creative Cloud into Claude Code-esque territory
- Agents have their own computers with Sandboxes GA
- Anthropic shifts enterprise billing to usage-based pricing
- No company in American history has ever grown like Anthropic
- Anthropic faces user backlash over reported performance issues with its Claude AI chatbot
- Anthropic will ask Claude users to verify their identities ‘for a few use cases’
- Is Claude Mythos and Project Glasswing a PR stunt? Experts weigh in.
- Anthropic releases Claude Opus 4.7, a less risky model than Mythos
- Like Anthropic, OpenAI Will Share Latest Technology Only With Trusted Companies
- Claude + Humans vs nginx
- Google tests Agentic Shopping and native checkout in Gemini
- Space Force official touts AI’s impact on cyber compliance
- Microsoft Copilot Specifically Targets Lawyers With New Capabilities
- Teens Struggle to Break Up with Their AI Chatbots
- The AI Labs Have A $7 Doritos Problem
- Anthropic tests Claude Code upgrade to rival Codex Superapp
- Goldman Sachs chief ‘hyper-aware’ of risks from Anthropic’s Mythos AI
- Mark Zuckerberg is reportedly building an AI clone to replace him in meetings
- Microsoft
- Microsoft is officially killing its Outlook Lite app next month
- Microsoft explains why it killed Windows phone activation
- Windows 10 KB5082200 Patch Tuesday fixes sign-in issues, Remote Desktop bugs, and more
- April 14, 2026—KB5083769 (OS Builds 26200.8246 and 26100.8246) – Microsoft Support
- Microsoft’s Original Windows Secure Boot Certificate Is Expiring
- Microsoft’s latest Windows update now confirms if your PC is Secure Boot-protected
- Microsoft: April updates trigger BitLocker key prompts on some servers
- Microsoft announces product it doesn’t want anyone to buy
- Announcing Period 2 Exchange 2016/2019 Extended Security Update (ESU) program
- Microsoft: April Windows Server 2025 update may fail to install
- Privileged Access Management for Active Directory Domain Services
- Microsoft updates Media Creation Tool for Windows 11 USB installations
- Windows 11’s mandatory update auto opens Microsoft Edge on some PCs after restart
- Windows 11 finally fixes inconsistent folder views in File Explorer