Seite wählen

15.04.2026

9

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

CSO Online 15.04.2026 01:27
A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams.
“April’s threat landscape is defined by immediate, real-world exploitation rather than just theoretical vulnerabilities,” said Nick Carroll, ShadowScout team lead at Nightwing. “Security teams must prioritize active zero days in daily use applications like Chrome, Acrobat, and SharePoint, using behavioral threat intelligence over basic CVSS scores to stay ahead of adversaries.”

9

Patch Tuesday, April 2026 Edition

Krebs Security 14.04.2026 21:47
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

9

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

The Hacker News 14.04.2026 15:57
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution.
The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below –

CVE-2026-40176 (CVSS

9

SAP-Patchday: Eine kritische SQL-Injection-Lücke – und 18 weitere

Heise Security 14.04.2026 11:17
Am April-Patchday behandelt SAP Schwachstellen mit 19 Sicherheitsnotizen. Eine kritische erlaubt das Einschleusen von SQL-Befehlen.

9

Sicherheitslücke: wolfSSL-Bibliothek winkt manipulierte Zertifikate durch

Heise Security 14.04.2026 10:16
Ein Sicherheitsupdate schließt unter anderem eine kritische Lücke in wolfSSL.

9

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

The Hacker News 14.04.2026 10:00
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%.
The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than