Critical SAP SQL Injection CVE-2026-27681 (CVSS 9.9) Exposes Financial Data in Business Planning and Warehouse Systems
SAP's April 2026 Patch Day addresses CVE-2026-27681, a near-perfect CVSS 9.9 SQL injection flaw in SAP Business Planning and Consolidation (BPC) and Business Warehouse (BW). A low-privileged user...
Three Windows Defender Zero-Days Exploited in the Wild: BlueHammer Patched, RedSun and UnDefend Still Unpatched
A security researcher dropped three Windows Defender zero-day exploits in 13 days — BlueHammer (CVE-2026-33825), RedSun, and UnDefend. All three are now confirmed active in live attacks, with...
CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV Catalog as Active Exploitation Surges
CISA has added CVE-2026-34197, a high-severity (CVSS 8.8) deserialization flaw in Apache ActiveMQ Classic, to its Known Exploited Vulnerabilities catalog after active exploitation was detected within 48 hours...
Microsoft April 2026 Patch Tuesday: Actively Exploited SharePoint Zero-Day Among 167 Fixes
Microsoft's April 2026 Patch Tuesday patches 167 vulnerabilities including an actively exploited SharePoint Server zero-day (CVE-2026-32201) and a publicly disclosed Windows Defender race condition (CVE-2026-33825). Security teams should...
CVE-2026-39987: Marimo RCE Zero-Day Exploited Within 10 Hours of Disclosure — 662 Attacks Recorded
A critical unauthenticated RCE vulnerability in the Marimo Python notebook framework (CVE-2026-39987) was actively exploited just 10 hours after public disclosure. Sysdig recorded 662 exploit events over four...
Critical Fortinet FortiClient EMS Vulnerability CVE-2026-21643 Actively Exploited — CISA Demands Patch Today
CISA has added CVE-2026-21643, a critical pre-authentication SQL injection flaw in Fortinet FortiClient EMS (CVSS 9.1), to its Known Exploited Vulnerabilities catalog with a mandatory patching deadline of...
Adobe Acrobat Zero-Day CVE-2026-34621: Four Months of Targeted Espionage via Prototype Pollution Exploit
Adobe patched a critical zero-day in Acrobat Reader (CVE-2026-34621) that was exploited for at least four months via a sophisticated prototype pollution technique. The attack chain enables full...
Microsoft April 2026 Patch Tuesday: 163 CVEs Including Two Zero-Days and a Public “BlueHammer” Exploit
Microsoft's April 2026 Patch Tuesday addresses 163 CVEs, including an actively exploited SharePoint spoofing zero-day (CVE-2026-32201) and a publicly leaked Defender EoP exploit dubbed "BlueHammer" (CVE-2026-33825). A critical...