Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-14 13:00 PDT
- Microsoft releases Windows 10 KB5082200 extended security update
BleepingComputer • 2026-04-14 11:09 • www.bleepingcomputer.com
Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5082200-extended-security-update/ - McGraw-Hill confirms data breach following extortion threat
BleepingComputer • 2026-04-14 11:07 • www.bleepingcomputer.com
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. […]
https://www.bleepingcomputer.com/news/security/mcgraw-hill-confirms-data-breach-following-extortion-threat/ - Windows 11 cumulative updates KB5083769 & KB5082052 released
BleepingComputer • 2026-04-14 10:46 • www.bleepingcomputer.com
Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
https://www.bleepingcomputer.com/news/microsoft/windows-11-cumulative-updates-kb5083769-and-kb5082052-released/ - Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
SANS ISC Diary (full) • 2026-04-14 10:46 • isc.sans.eduThis month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
- Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
BleepingComputer • 2026-04-14 10:41 • www.bleepingcomputer.com
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/ - Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
BleepingComputer • 2026-04-14 09:37 • www.bleepingcomputer.com
A malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. […]
https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/ - Upcoming Speaking Engagements
Schneier on Security • 2026-04-14 09:01 • www.schneier.comThis is a current list of where and when I am scheduled to speak:
- I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026.
- I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026.
- I’m speaking at the Nemertes [Next] Virtual Conference Spring 2026, a virtual event, on April 29…
https://www.schneier.com/blog/archives/2026/04/upcoming-speaking-engagements-55.html - New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
The Hacker News • 2026-04-14 08:57 • thehackernews.com
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution.
The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below –CVE-2026-40176 (CVSS
https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html - Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
BleepingComputer • 2026-04-14 08:53 • www.bleepingcomputer.com
Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-fast-track-to-reinstate-windows-hardware-dev-accounts/ - Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
The Hacker News • 2026-04-14 07:56 • thehackernews.com
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level.
“The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying
https://thehackernews.com/2026/04/google-adds-rust-based-dns-parser-into.html - AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
The Hacker News • 2026-04-14 07:30 • thehackernews.com
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google’s Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams.
The campaign, which has been
https://thehackernews.com/2026/04/ai-driven-pushpaganda-scam-exploits.html - 5 Ways Zero Trust Maximizes Identity Security
BleepingComputer • 2026-04-14 07:02 • www.bleepingcomputer.com
Stolen credentials remain a top breach vector, often leading to unchecked privilege escalation. Specops explains how identity-first Zero Trust limits access, enforces device trust, and blocks lateral movement. […]
https://www.bleepingcomputer.com/news/security/5-ways-zero-trust-maximizes-identity-security/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
