The April 2026 Security Update Review
Monthly patch roundup focused on Adobe and Microsoft; particular priority given to an active Reader exploit and multiple elevation-of-privilege vulnerabilities in Windows components and SQL Server.
Comparing 26 June 2026 with the previous day 25 June 2026.
Monthly patch roundup focused on Adobe and Microsoft; particular priority given to an active Reader exploit and multiple elevation-of-privilege vulnerabilities in Windows components and SQL Server.
First documented exploitation of CVE-2026-12569 in Windchill demonstrates that threat actors are operationalizing PTC products as targets immediately after patches became available,German authorities have also previously warned about this vulnerability and a related CVE-2026-4681.
DirtyClone is the third variant in a series of Linux kernel flaws in the DirtyFrag family caused by incomplete flag propagation during packet cloning; each patch closed one code path while leaving others open.
Authenticated users with limited permissions can remove Admin accounts from an organization through a missing role hierarchy check in the bulk-delete API.
Turla continuously develops new .NET backdoors such as STOCKSTAY for targeted state-sponsored espionage against Ukraine and entities with Italy-related interests , signals escalating Russian-Ukrainian cyber-warfare with relevance to European critical infrastructure.
Russian state actors are conducting systematic social-engineering campaigns against messaging services, indicating operationalization of credential-harvesting as a geopolitical weapon.
Russian intelligence expands its Signal phishing campaign to specifically target backup recovery keys, which provide unlimited access to restored accounts and complete message history.
A double-free vulnerability in Windows IKEv2 enables unauthenticated remote code execution via crafted packets.
The vulnerability allows authenticated users to retrieve billing data from any organization without explicit authorization,a control loss over sensitive business data in the multi-organization model.
The vulnerability is already actively exploited for web shell deployment; it is the first PTC product vulnerability added to CISA's KEV catalog and signals rapid weaponization of newly disclosed flaws by threat actors.
May release covers 52 Adobe CVEs and numerous Microsoft patches with Adobe Commerce and Connect highest priority; no active wild exploitations reported.
The vulnerability allows authenticated users to inject arbitrary key-value pairs into webhook and SIEM payloads, undermining the reliability of security events and their interpretation in downstream systems.
An obsolete but still-signed Windows kernel driver can be abused as an attack vector in BYOVD scenarios to manipulate privileged processes like lsass.exe and extract credentials.
Node.js ignores CWE-427 risks on Windows systems through flawed module resolution logic that allows non-admin users to plant malicious modules under C:\node_modules, compromising installed applications.
HTML content in PDF rendering contexts can leak information about the rendering server via <img> tags with remote URLs or be exploited as an SSRF vector in the local network.
The vulnerability enables denial-of-service attacks against HMI and configuration functions via malformed network requests over exposed interfaces, causing critical downtime in production environments.
A vulnerability in PKCS#7 signature verification allows forged digital signatures to be accepted by failing to correctly bind the signer identity to the signature, affecting trust chains in Windows, Active Directory, and Office environments.
BSI warns of multiple vulnerabilities in widely deployed browsers with critical impact on code execution and denial-of-service capability.
BSI warns of multiple critical vulnerabilities in Microsoft Edge enabling remote code execution and security bypass; specific CVE numbers not provided.
The BSI warning indicates multiple patchable vulnerabilities, but without specific CVE numbers or exploit status this is a generic browser security notice without immediate escalation potential.
The Miasma campaign demonstrates a new escalation: attackers abuse compromised developer credentials to inject malware-laden packages via trusted npm registry and GitHub workflows, compromising downstream developers.
A popular Chrome extension with ten million installations was potentially compromised with a backdoor, pointing to an active supply-chain attack scenario.
BSI warning on multiple unspecified vulnerabilities in Chrome/Edge without concrete CVE numbers or exploitation details , typically aggregation of multiple CVEs from regular browser updates.
Authenticated attackers can exploit multiple vulnerabilities to manipulate critical password and management data or disclose sensitive information.
The Cisco SD-WAN vulnerability is already being actively exploited in the wild and enables attackers to gain root access to critical network devices.
No changes in this category.
No changes in this category.
A Cisco SD-WAN zero-day was actively exploited for months prior to disclosure, with evidence of file deletion and system configuration restoration by the attacker to evade detection.
The official Swiss security report 2026 designates Russia as Europe's greatest threat with aggressive hybrid warfare directly targeting Switzerland in cyberspace, critical infrastructure, and espionage , a strategic signal for Swiss manufacturing SMEs.
Gamaredon is escalating its malware obfuscation and command-and-control infrastructure evasion capabilities, signalling an intensification of Russian cyber operations against European targets.
German Federal Office for the Protection of the Constitution warns of targeted Chinese espionage in academic and research institutions , a strategic risk for European technology and manufacturing industry through leakage of sensitive research findings.
After a global lull in 2024,2025, ransomware gangs have actively refocused on Europe and are deliberately targeting EU organizations and their supply chains,a strategic risk for Swiss and European manufacturing enterprises.
The BSI advisory aggregates multiple critical Exchange vulnerabilities without naming specific CVEs, indicating a regularly updated collective warning.
The BSI warns of multiple critical vulnerabilities in OpenSSL that can enable remote code execution, security bypasses, and data loss.
Race-condition vulnerability in Linux kernel memory management with potential for memory corruption under concurrent access to memcg lists.
A stack buffer overflow in the netfilter implementation allows kernel-memory corruption and potential code execution when specific nft rule combinations are processed.
More than half of the vulnerabilities are use-after-free defects that can lead to remote code execution; prompt patching is required.
Cisco Talos documents systematically how malware exploits COM interfaces for lateral movement, persistence, and evasion , a fundamental defensive competency for Windows-heavy infrastructure defenders.
The BSI has issued a security advisory on multiple vulnerabilities in Adobe Acrobat DC and Adobe Acrobat Reader DC enabling remote code execution and privilege escalation, though specific CVE identifiers are not named in this notice.
BSI warns of multiple Chrome vulnerabilities not yet fully disclosed; details remain embargoed until patches are available.
Chrome 149.0.7827.196/197 patches 18 vulnerabilities including four critical flaws; no indication of active in-the-wild exploitation yet, but Chrome zero-days have been exploited multiple times this year.
A flaw in error-handling during iptables/netfilter rule processing allows leaking internal kernel memory addresses, potentially bypassing KASLR mitigation.
The vulnerability enables a kernel crash (DoS) through missing validation before skb_pull() in GRO network processing and potentially affects all protocols handling fragmented packets via GRO.