Microsoft's April 2026 Patch Tuesday addresses 165 CVEs, notably an exploited flaw in SharePoint Server (CVE-2026-32201) that poses spoofing and data risks. Experts advise prioritizing updates, especially for systems with high exposure to email attachments, while criticisms of Microsoft's disclosure practices persist.

In Q1 2026, npm was responsible for nearly 75% of malicious packages, focusing on trojan malware for credential theft and host data exfiltration, highlighting open source's rapid threat growth. The analysis underscores the necessity of securing software supply chains and leveraging real-time intelligence to identify risks, as adversaries exploit trusted ecosystems to distribute malware.

A critical vulnerability, CVE-2025-0520, in ShowDoc is actively exploited, allowing remote code execution with a CVSS score of 9.4. Users must urgently update to the latest version to mitigate risks, as over 2,000 instances are vulnerable, primarily in China.

CISA has added seven new vulnerabilities, affecting Adobe, Fortinet, and Microsoft products, to its Known Exploited Vulnerabilities catalog, highlighting immediate exploitation risks. Organizations are urged to patch systems promptly, with some vulnerabilities requiring remediation by mid-April 2026 to prevent potential data breaches and remote code execution attacks.

ViperTunnel, a Python-based backdoor linked to UNC2165 and EvilCorp, exploits obfuscated payloads for long-term access to UK and US business networks. It employs multiple encryption methods and disguises itself as a DLL, with most command servers located in the US, indicating potential broader impacts.

A significant vulnerability in wolfSSL's library allows weak certificate validation, posing a major security risk. Users should update to version 5.9.1 to fix this and other critical issues.

The Cloud Security Alliance warns of an imminent AI-driven vulnerability storm due to Mythos technology, urging CISOs to enhance security fundamentals and practices. Anthropic's delay in Mythos' broader release aims to give defenders time to bolster defenses, amidst fears of increased cyberattack scale and sophistication.

A severe vulnerability in the wolfSSL library threatens security across global supply chains, affecting devices from smart grids to IoT gadgets. The flaw allows digital identity forgery, with a patch released on April 8, 2026, but older devices may remain at risk.

A new ad fraud scheme named Pushpaganda exploits AI-generated stories on Google Discover, steering users to actor-controlled domains and coercing them into enabling push notifications. HUMAN Security identified this scam, which spans over 3,000 domains and 63 Android apps, showing resilience and targeting multiple regions; Google has implemented a fix to mitigate the threats and protect the platform's integrity.

A security report reveals 108 malicious Google Chrome extensions targeting Gmail, YouTube, Telegram, and TikTok users, linked to a single control infrastructure. Users are advised to remove these extensions and run Google Security Check, as Google investigates and security teams submit takedown requests.

Omnistealer is a new infostealer that exploits blockchain transactions to evade censorship, compromising over 300,000 credentials across various sectors. It targets passwords in major browsers, password managers, and crypto wallets, highlighting the need for enhanced cybersecurity measures and vigilant monitoring of digital accounts.

SAP's April 2026 Patch Day addresses critical vulnerabilities, including a severe SQL injection flaw in Business Planning and Consolidation and Business Warehouse. Users are urged to apply the updates promptly to prevent potential exploitation, as 20 security notes were issued, covering a range of products and severities.

Triad Nexus, a major cybercriminal network, has revamped its operations post-U.S. sanctions by employing front companies and using legitimate cloud services to evade detection. The group targets global brands and public services for scams, maintaining resilience through infrastructure laundering and targeting emerging markets like Spain, Vietnam, and Indonesia.

A new Android trojan, Mirax, is targeting Spanish-speaking users via Meta ads, compromising over 220,000 accounts. It uses proxies to evade detection, captures keystrokes, and turns devices into residential proxies.

AI-driven browser extensions substantially heighten security risks, with LayerX's report revealing they're 60% more prone to CVEs and three times more likely to access cookies. Enterprises are advised to enhance governance, enforce transparency, and prioritize secure designs to mitigate these risks before AI browsers become entrenched in corporate environments.

A 2025 report reveals a surge in exposed secrets due to flaws in authentication design and AI code generation. The rise in leaked credentials, particularly with AI tools, highlights the need for better governance and rapid revocation practices to secure AI-driven environments.

AI memory sharing across users raises security concerns as compromised memory can spread unnoticed, complicating detection and mitigation. Organizations must enhance governance, monitoring, and quarantine protocols to protect against potential system hijacking and ensure trust in AI operations.

Triad Nexus, facing sanctions tied to Funnull, is revamping its operations with infrastructure laundering and global fraud tactics, focusing on emerging markets. Key platforms like Amazon and Google are exploited for scams, while the group uses front companies to mask illicit activities, threatening Western firms and expanding into Spanish, Vietnamese, and Indonesian markets.

To safeguard data in advanced AI deployments, the article recommends a shift to post-quantum, decentralized, edge-focused security practices. This includes adopting lattice-based cryptography and decentralized policy enforcement to combat evolving threats and vulnerabilities in traditional systems.