CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

Galaxy A55 and A53 Receive April 2026 Security Update With Key Fixes

Samsung has started rolling out the latest April 2026 security update to its Galaxy A55 and Galaxy A53 smartphones.

Windows 11 gets improved privacy controls, better Windows Hello, and more in new builds

Friday Windows 11 preview builds are here, offering improvements for Windows Hello, Settings, File Explorer, and more in the ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
CSO Online

Another Microsoft Defender privilege escalation bug emerges days after patch

New PoC shows how Microsoft Defender can be tricked into rewriting malicious files into protected locations, enabling ...

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...

Microsoft Warns PC Users—New Windows Update May Lock You Out

New warning for Windows users. Barely 48 hours after Microsoft’s new security update went live, we had warnings that its ...

Seal Security Launches Mythos Readiness Program to Close the "Silent Patch Gap" Between Fix Commits and CVE Advisories

Research shows 94% of CVE fix commits are pushed publicly before the advisory - a median 11-day window in which attackers can now weaponize a bug in minutes using frontier AI agents. The program ...

Cisco Webex SSO flaw needs manual certificate update to fix

The cloud-based Webex service has already been patched, but admins must replace an identity provider certificate in Webex ...

‘Starting In April’—Microsoft Changes Windows Update After 15 Years

Microsoft’s new Patch Tuesday is a bumper update — 8 critical flaws topped off by an actively exploited zero-day ...
Dark Reading

Microsoft's Original Windows Secure Boot Certificate Is Expiring

The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...