VulnHub

Real-time Cybersecurity News

April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs

Blog
CVEZero-dayExploitPatchUpdateCritical

Overview

In April 2026, a significant cybersecurity update revealed two zero-day vulnerabilities and eight critical flaws among a total of 164 Common Vulnerabilities and Exposures (CVEs). These security issues affect a variety of products and systems, potentially putting businesses and individual users at risk. The zero-days, which have not been publicly disclosed in detail, are particularly concerning as they allow attackers to exploit systems before patches are available. Companies using affected software are urged to prioritize applying the latest updates to mitigate any risks. This situation serves as a reminder of the ongoing security challenges faced by organizations in safeguarding their digital environments.

Key Takeaways

  • Affected Systems: Various products and systems affected by the 164 CVEs, specific vendors and versions not detailed.
  • Action Required: Users should apply the latest security patches and updates as soon as they become available.
  • Timeline: Newly disclosed

Impact

Various products and systems affected by the 164 CVEs, specific vendors and versions not detailed.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Users should apply the latest security patches and updates as soon as they become available.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Zero-day, Exploit, and 3 more.

Read Original Article

Related Coverage

Oracle Patches 450 Vulnerabilities With April 2026 CPU

SecurityWeek

Oracle has released a significant update, patching 481 vulnerabilities across 28 of its product families. Among these, over 300 patches address remotely exploitable flaws that do not require authentication, making them particularly concerning for users. This update is part of Oracle's April 2026 Critical Patch Update (CPU), which aims to enhance security for its various software products. Users of Oracle software should prioritize applying these patches to protect their systems from potential attacks. The vulnerabilities could allow attackers to exploit systems without needing any user credentials, which increases the urgency for swift action.

Apr 22, 2026

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

The Hacker News

Researchers have identified a new variant of the LOTUSLITE malware, which is being used to target banks in India and policy circles in South Korea. This malware operates as a backdoor, allowing attackers to communicate with a command-and-control server using dynamic DNS over HTTPS. It offers features like remote shell access, file operations, and session management, indicating its use for espionage purposes. The focus on the banking sector suggests that attackers may be seeking sensitive financial information or operational data. This development raises concerns about the security of financial institutions in India and the potential implications for their clients and operations.

Apr 22, 2026

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

The Hacker News

A serious security flaw has been identified in the Python-based sandbox environment known as Terrarium. This vulnerability, assigned the identifier CVE-2026-5752, has a CVSS score of 9.3, indicating its high severity. Attackers can exploit this flaw to execute arbitrary code with root privileges on the host machine by manipulating the JavaScript prototype chain. This issue is particularly concerning for developers and organizations using Terrarium, as it may allow unauthorized access to sensitive systems and data. Users of this sandbox environment should prioritize addressing this vulnerability to mitigate potential risks.

Apr 22, 2026

Report: FTP protocol security gaps expose millions of systems

SCM feed for Latest

A recent report indicates that approximately half of the 6 million internet-connected systems using the outdated File Transfer Protocol (FTP) are not secured with encryption. This lack of encryption makes these systems particularly vulnerable to cyberattacks, as attackers can easily intercept sensitive data during file transfers. The findings, reported by SecurityWeek, raise concerns for organizations relying on FTP for data transfer, as they may unwittingly expose critical information to cybercriminals. Given the prevalence of FTP usage, the implications of these security gaps could be widespread, impacting various industries. Companies should prioritize upgrading to more secure file transfer methods to protect their data from potential breaches.

Apr 21, 2026

Several flaws found in serial-to-IP converters used in critical sectors

SCM feed for Latest

Forescout Technologies has discovered 20 security vulnerabilities in Sliex and Lantronix serial-to-IP converters, commonly used in sectors like healthcare and operational technology. These vulnerabilities can be exploited without any authentication, meaning attackers could potentially gain remote access to critical systems. This is a serious concern, as these converters play a vital role in enabling communication between devices. The exposure could lead to unauthorized control or data breaches, impacting patient care and industrial operations. Organizations relying on these devices need to take immediate action to protect their systems from potential attacks.

Apr 21, 2026

Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks

CyberScoop

During a recent House Homeland Security Committee hearing, lawmakers discussed the rising issue of ransomware attacks targeting hospitals. These attacks have significant implications for patient care and safety, leading to concerns that they may warrant designations as terrorism or even homicide charges against perpetrators. The discussions reflect growing frustration over the frequency and severity of these attacks, which not only disrupt healthcare services but can also endanger lives. As ransomware incidents increase, lawmakers are considering more serious legal consequences to deter future attacks and protect vulnerable healthcare systems from cybercriminals. This initiative highlights the urgent need for stronger cybersecurity measures in the healthcare sector.

Apr 21, 2026