Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
CSO Online

Microsoft’s Windows Recall still allows silent data extraction

A cybersecurity researcher says Recall’s redesigned security model does not stop same-user malware from accessing plaintext ...
The Hacker News

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft fixes 169 vulnerabilities including exploited SharePoint CVE-2026-32201, prompting CISA remediation by April 28, ...

Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Exclusive: Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive ...

GAPVelocity AI to Launch VELO(TM): The First Agentic AI Platform for Legacy Application Modernization

VELO's inaugural release delivers fully automated Microsoft Access-to-Blazor modernization. Unlike traditional methods, it converts Access databases, forms, reports, queries, and VBA business logic ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...

Microsoft fixes 167 security flaws in April, second biggest Patch Tuesday ever

This month's Patch Tuesday includes an actively exploited Office zero-day vulnerability and several critical RCE bugs in ...

AI is now powering cyberattacks, Microsoft warns

Microsoft Threat Intelligence says cybercriminals are using AI across nearly every stage of a cyberattack to move faster and ...

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security vulnerability was recently discovered in Microsoft Defender, the first-party Windows 11 antivirus tool used by ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...

Microsoft, Apple, Google, Amazon Top Phishing Targets as Check Point Flags Surge in Brand Impersonation Attacks

Microsoft, Apple, Google and Amazon lead phishing targets in Q1 2026, as Check Point finds attackers exploiting trusted ...