Multiple Vulnerabilities in Microsoft Azure Linux, 6 CVEs
ANSSI's CERT-FR issued an alert covering 6 CVEs in Microsoft Azure Linux components affecting azl3 kernel (versions prior to 6.6.130.1-1), azl3 libsoup (prior to 3.4.4-15), and azl3 xz (prior to 5.4.4-3). The vulnerabilities could allow an attacker to cause unspecified security issues. No specific risk severity was stated by the vendor. French organizations using Azure Linux are advised to apply vendor patches immediately via Microsoft Security Response Center.
Multiple Ubuntu Linux Kernel Vulnerabilities Allow Privilege Escalation
CERT-FR published advisory CERTFR-2026-AVI-0421 warning of multiple Linux kernel vulnerabilities affecting Ubuntu 16.04 ESM through 25.10. The vulnerabilities allow privilege escalation, data confidentiality breaches, data integrity breaches, and denial of service attacks. System administrators should apply patches referenced in 16 Ubuntu security notices (USN-8145-3 through USN-8165-1) covering CVE-2022-49465, CVE-2022-49635, CVE-2023-53041, CVE-2023-53421, CVE-2023-53520, and additional CVEs.
SUSE Linux Kernel Multiple Vulnerabilities Advisory
CERT-FR published advisory CERTFR-2026-AVI-0422 disclosing multiple vulnerabilities in the SUSE Linux kernel affecting openSUSE Leap, SUSE Linux Enterprise Server, and related product lines across versions 12 SP5 through 15 SP7. The vulnerabilities, sourced from 13 SUSE security bulletins, could allow an attacker to cause unspecified security impacts. Affected parties are advised to apply patches referenced in the vendor security bulletins.
Multiple IBM Product Vulnerabilities Allow Remote Code Execution
CERT-FR published advisory CERTFR-2026-AVI-0424 on April 10, 2026 disclosing multiple critical vulnerabilities in IBM products including QRadar AI Assistant, Sterling External Authentication Server, Sterling Secure Proxy, and WebSphere Application Server Liberty. Affected versions span QRadar AI Assistant prior to 1.4.0, Sterling products prior to 6.1.1.3 GA and 6.2.1.2 GA, and WebSphere Liberty 17.0.0.3 to 26.0.0.3 without APAR PH70510. The vulnerabilities expose systems to remote code execution, data confidentiality breaches, denial of service, and security policy bypass.
Red Hat Linux Kernel Multiple Vulnerabilities Alert
CERT-FR issued an advisory alerting organizations to multiple kernel vulnerabilities in Red Hat Linux affecting numerous products across multiple architectures (x86_64, aarch64, s390x, ppc64le). The vulnerabilities expose affected systems to data confidentiality breaches, security policy bypass, remote denial of service, arbitrary code execution, and privilege escalation risks. Organizations running Red Hat Enterprise Linux, CodeReady Linux Builder, and related products must patch immediately.
Multiple Vulnerabilities in Tenable Security Center Allow Remote Code Execution
CERT-FR published advisory CERTFR-2026-AVI-0415 disclosing four critical vulnerabilities (CVE-2026-2003 through CVE-2026-2006) in Tenable Security Center versions 6.5.1 through 6.8.0. The vulnerabilities allow remote code execution and data confidentiality breaches without requiring authentication. Affected organizations must apply patch SC202604.1 from Tenable security bulletin tns-2026-10.
Juniper Privilege Escalation Vulnerability in Junos OS
CERT-FR issued a security advisory alerting that Juniper Networks Junos OS and Junos OS Evolved contain a privilege escalation vulnerability (CVE-2026-33793). An attacker with local low-privileged access can exploit unsigned Python op-script configurations to compromise the system. Multiple versions of Junos OS and Junos OS Evolved across branches 22.4 through 25.2 are affected. Patches have been released by Juniper Networks.
Spring Cloud Gateway Vulnerability CVE-2026-22750
CERT-FR issued advisory CERTFR-2026-AVI-0417 regarding CVE-2026-22750, a vulnerability in Spring Cloud Gateway affecting versions 4.2.x prior to 4.2.1. The flaw permits an attacker to exploit an unspecified security issue. French organizations using affected versions should consult the Spring security bulletin for available patches.
Apache Tomcat Multiple Vulnerabilities
CERT-FR issued an advisory warning of multiple vulnerabilities in Apache Tomcat affecting versions 10.1.x prior to 10.1.54, 11.0.x prior to 11.0.21, and 9.0.x prior to 9.0.117. The vulnerabilities allow attackers to compromise data confidentiality, data integrity, and bypass security policies. Organizations running affected Tomcat deployments must apply available patches referenced in Apache security bulletins.
Multiple Vulnerabilities in Mattermost Desktop App
CERT-FR published security advisory CERTFR-2026-AVI-0419 alerting to multiple vulnerabilities in Mattermost Desktop App affecting versions prior to 5.13.5.0. The vulnerabilities could allow an attacker to cause unspecified security issues. Organizations using Mattermost Desktop App should consult the vendor security bulletins and apply available patches.
Multiple Vulnerabilities in Helm Allow Arbitrary Code Execution
CERT-Bund published security advisory WID-SEC-2026-1048 disclosing multiple vulnerabilities in Helm (Kubernetes package manager) with a CVSS Base Score of 8.6 (high). Affected versions include helm <4.1.4 and helm <3.20.2. An attacker can exploit these vulnerabilities to manipulate files, bypass security measures, and potentially execute arbitrary code.
Checkmk Multiple Vulnerabilities Allow Remote Attackers Unspecified Impacts
CERT-Bund issued security advisory WID-SEC-2026-1050 regarding multiple vulnerabilities in Checkmk IT monitoring software. Affected versions include those prior to 2.6.0b1, 2.5.0b4, 2.4.0p26, and 2.3.0p47. An authenticated remote attacker can exploit these vulnerabilities for unspecified impacts. CVSS Base Score is 6.3 (medium) with CVSS Temporal Score of 5.5.
Security Flaw in Dell EMC Isilon, CVSS 8.8
Security Flaw in Dell EMC Isilon, CVSS 8.8
Adobe Acrobat Reader Remote Code Execution Vulnerability CVE-2026-1047
CERT-Bund issued a critical security advisory for Adobe Acrobat Reader vulnerability CVE-2026-1047 with CVSS Base Score of 9.6. The flaw allows remote, unauthenticated attackers to execute arbitrary code and gain full administrative control of affected systems running Windows, UNIX, and other operating systems. Adobe Acrobat Reader versions up to and including 26.001.21367 are affected.
Red Hat Products Multiple Vulnerabilities Allow Admin Privilege Escalation
CERT-Bund issued security advisory WID-SEC-2026-1033 warning of multiple vulnerabilities in Red Hat products including Ansible Automation Platform, Enterprise Linux, OpenShift, and Process Automation Manager. Local attackers can exploit these flaws to gain administrator privileges. CVSS base score is 6.4 (medium) with temporal score of 5.9. No remote attack vector exists.
Linux Kernel Vulnerability Allows Physical Access Attacks
CERT-Bund issued security advisory WID-SEC-2026-1049 warning of a vulnerability in the Linux kernel affecting versions prior to 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0-rc4. Attackers with physical access can exploit the flaw to cause denial of service, execute arbitrary code, or disclose information. The CVSS Base Score is 6.8 (medium). Remote attack is not possible, and mitigations are available.
European Data Protection Board Publishes 2025 Activity Report
The European Data Protection Board published its 2025 annual activity report on April 9, 2026, as required by Article 71 GDPR. The report covers EDPB activities including guidance development, enforcement coordination, and stakeholder dialogue on the protection of natural persons in data processing within the EU and internationally.
Digital Sovereignty Push Risks Global Data Flows
IAPP published an article summarizing panel discussions at the IAPP Global Summit 2026 regarding digital sovereignty trends. Speakers from Hunton Andrews Kurth and Mastercard discussed how countries are increasingly implementing data localization measures, AI sovereignty frameworks, and domestic technology production policies in response to geopolitical tensions. The article notes that company boards are now prioritizing digital sovereignty as an industrial policy concern.
Alabama Passes Privacy Law, Becomes 21st State
Alabama's House Bill 351, the Alabama Personal Data Protection Act, cleared the state legislature on April 7, 2026, becoming the 21st comprehensive state privacy law. The bill applies to businesses controlling or processing data of more than 25,000 Alabama residents or deriving 25% of revenue from data sales, with an exclusive attorney general enforcement mechanism and a non-sunsetting 45-day cure provision. If signed by the governor, the law takes effect May 1, 2027.
ICO Upholds Complaint - Queen Mary University Failed to Respond to FOIA Request
The ICO has issued a Decision Notice finding Queen Mary University of London in breach of the Freedom of Information Act 2000 for failing to respond to a FOIA request within the statutory 20 working days. The university is now required to provide a complete response to the complainant within 30 calendar days or face further enforcement action.
Home Office FOI 17(3) Complaint Upheld for Unreasonable Delay
The ICO upheld a Freedom of Information Act complaint against the Home Office, finding that the public authority failed to complete its public interest test considerations within a reasonable time. The ICO requires the Home Office to provide a substantive response to the information request within 30 calendar days.
ICO Decision: London Borough of Redbridge FOI Inspection Dates Upheld Addresses Exempt
FOI Decision, Redbridge, Inspection Dates Upheld, Addresses Exempt
Stryker Corp Amends Cybersecurity Disclosure Under Item 1.05
Stryker Corp filed an amended Form 8-K with the SEC under Item 1.05 (Cybersecurity Incident Disclosure) to update a prior cybersecurity disclosure. The filing amends a previously submitted disclosure related to a cybersecurity matter at the company's Portage, MI operations. Public companies are required to disclose material cybersecurity incidents on Form 8-K Item 1.05 within four business days of determining materiality.
Chrome and Edge Vulnerabilities Allow Remote Code Execution
CERT-Bund issued a high-severity security advisory (WID-SEC-2026-1030) alerting organizations to multiple vulnerabilities in Google Chrome (versions prior to 147.0.7727.55/56) and Microsoft Edge. The flaws carry a CVSS Base Score of 8.8 and enable remote anonymous attackers to bypass security mechanisms, execute arbitrary code, disclose information, and deceive users. Mitigation is available via software updates.
Juniper Critical Vulnerabilities April 2026: CVSS 10.0 Remote Code Execution, Root Privilege Escalation
CERT-Bund issued security advisory WID-SEC-2026-1022 identifying critical vulnerabilities (CVSS 10.0) in Juniper Apstra, JUNOS OS, JUNOS OS Evolved, QFX Series, MX Series, SRX Series, and Junos Space. Remote attackers can exploit these flaws to gain root privileges, execute arbitrary code, bypass security controls, and exfiltrate sensitive data. Organizations must apply patches immediately to affected systems.
Mitel MiCollab Multiple Critical Vulnerabilities Including SQL Injection CVSS 9.8
CERT-Bund issued security advisory WID-SEC-2026-1026 warning of multiple critical vulnerabilities in Mitel MiCollab communication suite. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote SQL injection attacks and privilege escalation. Affected versions include MiCollab prior to version 10.2 SP1 running on Linux, UNIX, Windows, and other platforms. Mitigation measures are available.
LogStash Remote Code Execution Vulnerability CVSS 8.1
LogStash RCE Vulnerability, CVSS 8.1, 8th Apr
Intel CPU Privilege Escalation Vulnerability, CVSS 4.7
CERT-Bund issued a security advisory detailing a privilege escalation vulnerability in Intel processors (Pentium Silver Series, Celeron J Series, Celeron N Series). Attackers with physical access can exploit the flaw to elevate privileges, with a CVSS Base Score of 4.7 (medium). Organizations using affected processors should apply available mitigations.
XWiki Code Execution Vulnerability, CVSS 7.2
XWiki Code Execution Vulnerability, CVSS 7.2
SugarCRM Sugar Enterprise Multiple Vulnerabilities Allow Admin Access
CERT-Bund published security advisory WID-SEC-2026-1021 disclosing multiple critical vulnerabilities in SugarCRM Sugar Enterprise versions prior to 25.1.3 and 14.0.4. The vulnerabilities carry a CVSS Base Score of 8.8 (high), allowing remote attackers to gain administrator privileges, execute cross-site scripting attacks, bypass security controls, manipulate data, disclose confidential information, and cause denial of service.