[ Removed by Reddit on account of violating the content policy. ]
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed โBlueHammer.โ Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.
Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.
Mike Walters, president and co-founder of Action1, said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments.
โThis CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,โ Walters said. โThe presence of active exploitation significantly increases organizational risk.โ
Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code for it after notifying Microsoft and growing exasperated with their response. Will Dormann, senior principal vulnerability analyst at Tharros, says he confirmed that the public BlueHammer exploit code no longer works after installing todayโs patches.
Satnam Narang, senior staff research engineer at Tenable, said April marks the second-biggest Patch Tuesday ever for Microsoft. Narang also said there are indications that a zero-day flaw Adobe patched in an emergency update on April 11 โ CVE-2026-34621 โ has seen active exploitation since at least November 2025.
Adam Barnett, lead software engineer at Rapid7, called the patch total from Microsoft today โa new record in that categoryโ because it includes nearly 60 browser vulnerabilities. Barnett said it might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing โ a much-hyped but still unreleased new AI capability from Anthropic that is reportedly quite good at finding bugs in a vast array of software.
But he notes that Microsoft Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday.
โA safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,โ Barnett said. โWe should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.โ
Finally, no matter what browser you use to surf the web, itโs important to completely close out and restart the browser periodically. This is really easy to put off (especially if you have a bajillion tabs open at any time) but itโs the only way to ensure that any available updates get installed. For example, a Google Chrome update released earlier this month fixed 21 security holes, including the high-severity zero-day flaw CVE-2026-5281.
For a clickable, per-patch breakdown, check out the SANS Internet Storm Center Patch Tuesday roundup. Running into problems applying any of these updates? Leave a note about it in the comments below and thereโs a decent chance someone here will pipe in with a solution.
Wearable health devices are designed to give you more control over your body and your data.ย
But in 2026, the bigger riskย isnโtย someone spying on your smartwatch orย smartringย in real time.ย Itโsย what happensย if the data connected to that device gets exposed.ย
Health data, login credentials, andย behavioralย patterns tied to wearables can become valuable signals for cybercriminals. And once that data is out, it can fuel everything from identity theft to highly targetedย scams.ย
Hereโsย whatโsย actually atย risk, and how to protect yourself.ย
Wearable health dataย refers to the personal information collected and stored by devices like fitness trackers, smartwatches, and connected medical monitors.ย
This can include:ย
On its own, this data may seem harmless. But combined, it creates aย highly detailed profile of your habits, routines, and health status.ย
Early conversations around wearable security focused on device hacking or surveillance.ย
Today, the bigger concern isย data exposure.ย
If wearable platforms, apps, or connected services are breached, your data could be:ย
And because this data is personal and specific,ย scamsย built from it can feelย far more convincingย than generic spam.ย
When cybercriminals gain access to personal data, theyย donโtย just sit on it. They use it.ย
Hereโsย how that plays out:ย
| Scenarioย | What It Looks Likeย | Why It Worksย |
| Health-related phishingย | โYour insurance claim was deniedโ or โUpdate your health profileโย | Feels relevant and urgentย |
| Account takeover attemptsย | Password reset emails tied to known appsย | Uses real account signalsย |
| Personalizedย scamsย | Messages referencing routines, devices, or conditionsย | Builds trust quicklyย |
| Fake alerts or servicesย | โDevice security issue detectedโย | Mimics real productย behaviorย |
ย
This is where the risk shifts fromย data privacy โ real-world financial and identity impact.ย
1)Install updates immediately
Security patches fix known vulnerabilities. Delaying updates leaves gaps open.ย ย
2) Use layered protection, not just device settings
A VPN and security software help protect data in transit and block threats before they reach you.ย ย
3) Strengthen your login credentials
Use strong, unique passwords and enable two-factor authentication wherever possible.ย ย
4) Limit what you share
Review app permissions and only connect devices to services you trust.ย ย
5) Verify every message or alert
If you receive a message tied to your device or health data, double-check the source before clicking.ย ย
6) Monitor your accounts regularly
Small signs of unusual activity can be early indicators of larger issues.ย
Protecting your wearableย doesnโtย stop at the device itself. It extends toย what happens if your data is exposed or targeted.ย
McAfee helps track your personal information across known breach sources and alerts you if your data appears where itย shouldnโt.ย
This gives you early warning if wearable-related accounts or associated data are compromised.ย
If your data is exposed, scammers often follow.ย
McAfeeโs Scam Detector helpsย identifyย suspicious messages, links, and communications before you engage, and explainsย why something was flagged, so you can make informed decisions quickly.ย
Together, these tools help protect not just your device, but theย chain reaction that can follow a data breach.ย
The post Can Your Wearable Health Monitors Be Compromised? appeared first on McAfee Blog.
I'm starting to become pretty fond of Bruce. Actually, I've had a bit of an epiphany: an AI assistant like Bruce isn't just about auto-responding to tickets in an entirely autonomous manner; it's also pretty awesome at responding with just a little bit of human assistance. Charlotte and I both replied to some tickets today that were way too specific for Bruce to ever do on his own, but by feeding in just a little bit of additional info (such as the number of domains someone was presently monitoring), Bruce was able to construct a really good reply and "own" the ticket. So maybe that's the sweet spot: auto-reply to the really obvious stuff and then take just a little human input on everything else.
The current version of RAGFlow, a widely-deployed Retrieval Augmented Generation solution, contains a post-auth vulnerability that allows for arbitrary code execution.
This post includes a POC, walkthrough and patch.
The TL;DR is to make sure your RAGFlow instances aren't on the public internet, that you have the minimum number of necessary users, and that those user accounts are protected by complex passwords. (This is especially true if you're using Infinity for storage.)
Root cause: the $forbiddenphpstrings blocklist is only enforced in blacklist mode -> the default whitelist mode never touches it. The whitelist regex is also blind to PHP dynamic callable syntax (('exec')('cmd')). Either bug alone limits impact; together they reach OS command execution. Coordinated disclosure - patch available as of 4/4/2026.
Login