Microsoft April 2026 Patch Tuesday: 167 Flaws, 2 Zero-Days Fixed — BleepingComputer

Microsoft's April 2026 Patch Tuesday addresses 167 security flaws, including two zero-day vulnerabilities actively exploited in the wild. The update includes critical patches for privilege escalation and remote code execution vulnerabilities affecting Windows, Office, and Azure. Security teams should prioritize these updates to mitigate risks of exploitation and ensure systems are protected against these high-severity threats.

McGraw-Hill Data Breach: Extortion Threat Exposes Sensitive Data — BleepingComputer

Education company McGraw-Hill has confirmed a data breach following an extortion threat by hackers. The breach involved unauthorized access to sensitive data, potentially impacting students and educational institutions. Security teams should review data protection measures and monitor for any misuse of compromised information to mitigate potential risks.

• Over 100 Chrome Web Store extensions steal user accounts, data [BleepingComputer]
• New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released [The Hacker News]
• ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers [The Hacker News]
• CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software [The Hacker News]
• ShowDoc vulnerability actively exploited - SC Media [Google News Security]