Login
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed βBlueHammer.β Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.
Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.
Mike Walters, president and co-founder of Action1, said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments.
βThis CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,β Walters said. βThe presence of active exploitation significantly increases organizational risk.β
Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code for it after notifying Microsoft and growing exasperated with their response. Will Dormann, senior principal vulnerability analyst at Tharros, says he confirmed that the public BlueHammer exploit code no longer works after installing todayβs patches.
Satnam Narang, senior staff research engineer at Tenable, said April marks the second-biggest Patch Tuesday ever for Microsoft. Narang also said there are indications that a zero-day flaw Adobe patched in an emergency update on April 11 β CVE-2026-34621 β has seen active exploitation since at least November 2025.
Adam Barnett, lead software engineer at Rapid7, called the patch total from Microsoft today βa new record in that categoryβ because it includes nearly 60 browser vulnerabilities. Barnett said it might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing β a much-hyped but still unreleased new AI capability from Anthropic that is reportedly quite good at finding bugs in a vast array of software.
But he notes that Microsoft Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday.
βA safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,β Barnett said. βWe should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.β
Finally, no matter what browser you use to surf the web, itβs important to completely close out and restart the browser periodically. This is really easy to put off (especially if you have a bajillion tabs open at any time) but itβs the only way to ensure that any available updates get installed. For example, a Google Chrome update released earlier this month fixed 21 security holes, including the high-severity zero-day flaw CVE-2026-5281.
For a clickable, per-patch breakdown, check out the SANS Internet Storm Center Patch Tuesday roundup. Running into problems applying any of these updates? Leave a note about it in the comments below and thereβs a decent chance someone here will pipe in with a solution.
The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.
The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek.
The feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices.
The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek.
New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.
The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek.
Dozens of such keys can be extracted from appsβ decompiled code to gain access to all Gemini endpoints.
The post Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access appeared first on SecurityWeek.
A vulnerability named βAI Agent Trapsβ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
The post Google DeepMind Researchers Map Web Attacks Against AI Agents appeared first on SecurityWeek.
Palo Alto Networks has disclosed the details of its analysis of Google Cloud Platformβs Vertex AI.
The post Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents appeared first on SecurityWeek.
Google researchers have shown that breaking the encryption of Bitcoin and Ethereum requires 20x fewer qubits.Β
The post Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption appeared first on SecurityWeek.
The latest M-Trends report is based on insights from over 500,000 hours of Mandiant incident response investigations in 2025.
The post M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds appeared first on SecurityWeek.
Several major tech and retail companies have signed an industry accord against online scams and fraud.
The post Google, Meta, Microsoft Among Signatories of Pact to Combat Scams appeared first on SecurityWeek.
Google paid over $3.7 million for Chrome vulnerabilities, and more than $3.5 million for cloud security defects.
The post Google Paid Out $17 Million in Bug Bounty Rewards in 2025 appeared first on SecurityWeek.
Google has completed its $32 billion acquisition of the cloud security giant, which will maintain its brand.
The post Wiz Joins Google Cloud as Landmark Acquisition Closes appeared first on SecurityWeek.
Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead.Β
The post Google: Half of 2025βs 90 Exploited Zero-Days Aimed at Enterprises appeared first on SecurityWeek.
A Chrome 145 update fixes CVE-2026-2441, a vulnerability that can likely be exploited for arbitrary code execution.
The post Google Patches First Actively Exploited Chrome Zero-Day of 2026 appeared first on SecurityWeek.
Threat actors from Russia, China, North Korea and Iran have been observed launching attacks.
The post Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns appeared first on SecurityWeek.
Dozens of vulnerabilities, bugs, and potential improvements have been identified by the tech giantsβ security teams.
The post Google-Intel Security Audit Reveals Severe TDX Vulnerability Allowing Full Compromise appeared first on SecurityWeek.
The European Commissionβs ruling is based on extensive feedback from customers and rival cloud security and infrastructure vendors.
The post EU Unconditionally Approves Googleβs $32B Acquisition of Wiz appeared first on SecurityWeek.
The flaws dubbed LookOut can be exploited for remote code execution and data exfiltration.
The post Vulnerabilities Allowed Full Compromise of Google Looker Instances appeared first on SecurityWeek.
One of the largest residential proxy networks, IPIDEA enrolled devices through SDKs for mobile and desktop.
The post Google Disrupts IPIDEA Proxy NetworkΒ appeared first on SecurityWeek.
The announcement comes just weeks after Palo Alto Networks and Google Cloud announced a multibillion-dollar AI and cloud security deal.
The post PwC and Google Cloud Ink $400 Million Deal to Scale AI-Powered Defense appeared first on SecurityWeek.
The record-breaking deal has already received a green light from the US government.
The post EU Sets February Deadline for Verdict on Googleβs $32B Wiz Acquisition appeared first on SecurityWeek.
The agreement strengthens technical and commercial ties as Palo Alto migrates workloads and adopts Googleβs Vertex AI and Gemini models.
The post Palo Alto Networks, Google Cloud Strike Multibillion-Dollar AI and Cloud Security Deal appeared first on SecurityWeek.
Direct navigation β the act of visiting a website by manually typing a domain name in a web browser β has never been riskier: A new study finds the vast majority of βparkedβ domains β mostly expired or dormant domain names, or common misspellings of popular websites β are now configured to redirect visitors to sites that foist scams and malware.
A lookalike domain to the FBI Internet Crime Complaint Center website, returned a non-threatening parking page (left) whereas a mobile user was instantly directed to deceptive content in October 2025 (right). Image: Infoblox.
When Internet users try to visit expired domain names or accidentally navigate to a lookalike βtyposquattingβ domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown.
A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time β regardless of whether the visitor clicked on any links at the parked page.
But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites.
βIn large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the βclickβ was sold from the parking company to advertisers, who often resold that traffic to yet another party,β Infoblox researchers wrote in a paper published today.
Infoblox found parked websites are benign if the visitor arrives at the site using a virtual private network (VPN), or else via a non-residential Internet address. For example, Scotiabank.com customers who accidentally mistype the domain as scotaibank[.]com will see a normal parking page if theyβre using a VPN, but will be redirected to a site that tries to foist scams, malware or other unwanted content if coming from a residential IP address. Again, this redirect happens just by visiting the misspelled domain with a mobile device or desktop computer that is using a residential IP address.
According to Infoblox, the person or entity that owns scotaibank[.]com has a portfolio of nearly 3,000 lookalike domains, including gmai[.]com, which demonstrably has been configured with its own mail server for accepting incoming email messages. Meaning, if you send an email to a Gmail user and accidentally omit the βlβ from βgmail.com,β that missive doesnβt just disappear into the ether or produce a bounce reply: It goes straight to these scammers. The report notices this domain also has been leveraged in multiple recent business email compromise campaigns, using a lure indicating a failed payment with trojan malware attached.
Infoblox found this particular domain holder (betrayed by a common DNS server β torresdns[.]com) has set up typosquatting domains targeting dozens of top Internet destinations, including Craigslist, YouTube, Google, Wikipedia, Netflix, TripAdvisor, Yahoo, eBay, and Microsoft. A defanged list of these typosquatting domains is available here (the dots in the listed domains have been replaced with commas).
David Brunsdon, a threat researcher at Infoblox, said the parked pages send visitors through a chain of redirects, all while profiling the visitorβs system using IP geolocation, device fingerprinting, and cookies to determine where to redirect domain visitors.
βIt was often a chain of redirects β one or two domains outside the parking company β before threat arrives,β Brunsdon said. βEach time in the handoff the device is profiled again and again, before being passed off to a malicious domain or else a decoy page like Amazon.com or Alibaba.com if they decide itβs not worth targeting.β
Brunsdon said domain parking services claim the search results they return on parked pages are designed to be relevant to their parked domains, but that almost none of this displayed content was related to the lookalike domain names they tested.
Samples of redirection paths when visiting scotaibank dot com. Each branch includes a series of domains observed, including the color-coded landing page. Image: Infoblox.
Infoblox said a different threat actor who owns domaincntrol[.]com β a domain that differs from GoDaddyβs name servers by a single character β has long taken advantage of typos in DNS configurations to drive users to malicious websites. In recent months, however, Infoblox discovered the malicious redirect only happens when the query for the misconfigured domain comes from a visitor who is using Cloudflareβs DNS resolvers (1.1.1.1), and that all other visitors will get a page that refuses to load.
The researchers found that even variations on well-known government domains are being targeted by malicious ad networks.
βWhen one of our researchers tried to report a crime to the FBIβs Internet Crime Complaint Center (IC3), they accidentally visited ic3[.]org instead of ic3[.]gov,β the report notes. βTheir phone was quickly redirected to a false βDrive Subscription Expiredβ page. They were lucky to receive a scam; based on what weβve learnt, they could just as easily receive an information stealer or trojan malware.β
The Infoblox report emphasizes that the malicious activity they tracked is not attributed to any known party, noting that the domain parking or advertising platforms named in the study were not implicated in the malvertising they documented.
However, the report concludes that while the parking companies claim to only work with top advertisers, the traffic to these domains was frequently sold to affiliate networks, who often resold the traffic to the point where the final advertiser had no business relationship with the parking companies.
Infoblox also pointed out that recent policy changes by Google may have inadvertently increased the risk to users from direct search abuse. Brunsdon said Google Adsense previously defaulted to allowing their ads to be placed on parked pages, but that in early 2025 Google implemented a default setting that had their customers opt-out by default on presenting ads on parked domains β requiring the person running the ad to voluntarily go into their settings and turn on parking as a location.
Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an βextremely sophisticatedβ attack.
The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek.
Chromeβs new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations.
The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek.
CyberLabRSS 