Critical Axios Supply Chain Compromise via npm
CSA issued an advisory on a critical supply chain compromise affecting Axios JavaScript HTTP client versions 1.14.1 and 0.30.4. Threat actors compromised a maintainer's npm account to inject a Remote Access Trojan (RAT) targeting Windows, macOS, and Linux systems. Affected organizations should immediately downgrade to safe versions (axios@1.14.0 or 0.30.3) and remove the malicious plain-crypto-js@4.2.1 package.
CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
CISA added CVE-2026-5281, a Google Dawn Use-After-Free vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risks to federal enterprise networks. BOD 22-01 establishes remediation requirements for Federal Civilian Executive Branch (FCEB) agencies.
ICE Arrests Murderers, Pedophiles, and Weapons Traffickers
ICE announced the arrest of criminal illegal aliens including murderers, child predators, and weapons traffickers. The announcement highlights that nearly 70% of ICE arrests involve illegal aliens charged or convicted of crimes in the U.S. This is a public affairs announcement reporting completed enforcement operations.
Chrome Vulnerabilities - Actively Exploited CVE-2026-5281
CERT-FR issued advisory CERTFR-2026-AVI-0385 on 2026-04-01 detailing multiple vulnerabilities in Google Chrome affecting versions prior to 146.0.7680.177/178 on Linux, Windows, and Mac. CVE-2026-5281 is confirmed to be actively exploited. Google released the security patch on March 31, 2026. Users and organizations should update Chrome immediately to mitigate risk.
Joomla! Multiple Vulnerabilities - SQL Injection and XSS
CERT-FR issued an advisory warning of multiple vulnerabilities in Joomla! CMS versions 5.x prior to 5.4.4 and 6.x prior to 6.0.4. The vulnerabilities include SQL injection (SQLi), indirect cross-site scripting (XSS), arbitrary file deletion, and improper access checks in web service endpoints. Six CVEs are referenced: CVE-2026-21629, CVE-2026-21630, CVE-2026-21631, CVE-2026-21632, CVE-2026-23898, and CVE-2026-23899.
Multiple Vulnerabilities in SonicWall Email Security
CERT-FR issued an advisory identifying three vulnerabilities (CVE-2026-3468, CVE-2026-3469, CVE-2026-3470) in SonicWall Email Security versions prior to 10.0.35.8405. The vulnerabilities expose affected systems to remote data integrity compromise, denial of service attacks, and cross-site scripting (XSS). Organizations using this product should apply vendor patches immediately.
Multiples vulnérabilités dans les produits Microsoft
CERT-FR issued advisory CERTFR-2026-AVI-0386 notifying of 14 Microsoft vulnerabilities affecting multiple software packages including bind, flannel, libssh, ocaml, telegraf, trident, nodejs18, and systemd-bootstrap. French organizations are advised to consult Microsoft's security bulletins and apply available patches. The vulnerabilities could allow attackers to cause unspecified security issues.
ZScaler Client Connector Data Manipulation Vulnerability
CERT-Bund published security advisory WID-SEC-2026-0938 disclosing a data manipulation vulnerability in ZScaler Client Connector. Affected versions prior to 4.8.0.63 and 4.7.0.141 on Windows systems have a CVSS Base Score of 5.4 (medium). A remote, anonymous attacker can exploit this flaw to manipulate data.
Critical CVSS 9.8 Vulnerabilities in Red Hat Ansible Allow Remote Code Execution
CERT-Bund issued a critical security advisory regarding multiple vulnerabilities (CVSS 9.8) in Red Hat Ansible Automation Platform versions prior to 2.5 and 2.6. The vulnerabilities allow remote attackers to execute arbitrary code, conduct denial of service attacks, bypass security controls, manipulate data, disclose confidential information, and perform cross-site scripting attacks. Organizations using affected versions should immediately apply patches and implement mitigation measures.
gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
CERT-Bund issued security advisory WID-SEC-2026-0945 warning of a high-severity vulnerability in gdk-pixbuf versions prior to 2.44.6. The vulnerability carries a CVSS Base Score of 7.5 (high) and enables remote attackers to perform denial of service attacks and potentially execute arbitrary code. Affected systems include UNIX operating systems running the GNOME image loading library.
Joomla CMS Critical Vulnerabilities CVSS 9.8
CERT-Bund published security advisory WID-SEC-2026-0936 identifying critical vulnerabilities in Joomla CMS with CVSS Base Score 9.8. Affected versions include Open Source Joomla CMS prior to 5.4.4 and 6.0.4 across Windows and UNIX systems. An attacker can exploit these vulnerabilities remotely to bypass security controls, execute SQL injection attacks, manipulate data, or perform cross-site scripting.
Critical cPanel Vulnerability Enables Remote Code Execution
CERT-Bund issued a critical security advisory (WID-SEC-2026-0939) regarding a remote code execution vulnerability in cPanel cPanel/WHM software. The vulnerability in perl-YAML-Syck component carries a CVSS Base Score of 9.1. Affected versions include cPanel/WHM versions prior to 110.0.93, 126.0.50, and 134.0.13. A remote, unauthenticated attacker can exploit this flaw to execute arbitrary code or cause denial of service.
Vim Vulnerability - Arbitrary Code Execution Risk
CERT-Bund issued security advisory WID-SEC-2026-0940 warning of a high-severity vulnerability in Vim (Vi IMproved) text editor versions prior to 9.2.0276. The vulnerability carries a CVSS Base Score of 8.2 and allows remote anonymous attackers to execute arbitrary code. Mitigation is available; users should upgrade to the latest version.
Critical xz Utils Vulnerability Enables Remote Code Execution
CERT-Bund issued a critical security advisory regarding a remote code execution vulnerability in XZ Utils (CVE, CVSS Base Score 9.8). The flaw affects versions prior to 5.8.3 on Linux, UNIX, and related operating systems. Organizations are advised to update immediately as mitigation measures are required to prevent exploitation.
Linux Kernel Multiple Vulnerabilities Advisory
CERT-Bund issued security advisory WID-SEC-2026-0950 disclosing multiple vulnerabilities in the Linux Kernel. The vulnerabilities carry a CVSS Base Score of 7.8 (high) and a Temporal Score of 6.8 (medium). Threat actors could exploit these flaws to execute arbitrary code, launch denial-of-service attacks, bypass security controls, or manipulate data. Mitigations are available.
Google Chrome Vulnerabilities - Code Execution Risk
CERT-Bund issued a security advisory (WID-SEC-2026-0937) warning of multiple high-severity vulnerabilities in Google Chrome versions prior to 146.0.7680.177/178, with CVSS Base Score 8.8. The vulnerabilities affect Chrome on Windows, macOS, and Linux, allowing remote attackers to potentially execute code, bypass security measures, cause denial of service, disclose information, and manipulate data. Users are advised to update immediately.
IBM Verify Access Critical Flaws Allow Admin Access and Code Execution
CERT-Bund issued advisory WID-SEC-2026-0949 identifying multiple critical vulnerabilities in IBM Security Verify Access (versions prior to 10.0.9.1 IF1) with a CVSS Base Score of 9.8. The flaws allow remote attackers to gain administrator privileges, execute arbitrary code, bypass security controls, perform cross-site scripting attacks, and modify or disclose data. A mitigation is available.
OpenClaw Multiple Critical Vulnerabilities - Remote Code Execution
CERT-Bund issued security advisory WID-SEC-2026-0948 disclosing critical vulnerabilities in OpenClaw (open source version prior to 2026.3.31). Multiple vulnerabilities with CVSS Base Score 9.8 (critical) and Temporal Score 8.5 (high) enable remote attackers to execute arbitrary code, escalate privileges, bypass security controls, and disclose or manipulate data. Organizations using OpenClaw should immediately apply available mitigations.
CUPS Multiple Vulnerabilities Allow Remote Code Execution
CERT-Bund issued security advisory WID-SEC-2026-0947 warning of multiple vulnerabilities in CUPS (Common Unix Printing System) versions below 2.4.17. The vulnerabilities carry a CVSS Base Score of 7.6 (high) and enable remote attackers to execute arbitrary code, bypass security controls, gain elevated privileges, manipulate data, or cause denial of service. Affected platforms include UNIX and Windows systems running the vulnerable print spooler.
MediaWiki vulnerabilities, CVSS 9.1 critical, DoS attacks
MediaWiki vulnerabilities, CVSS 9.1 critical, DoS attacks
Proposed FOIA and Privacy Act Regulations
The Office of the National Cyber Director (ONCD) published a notice of proposed rulemaking establishing its first Freedom of Information Act (FOIA) and Privacy Act regulations. These regulations will govern ONCD's procedures for processing public records requests and handling personal data under the Privacy Act. Public comments are accepted until May 15, 2026.
Generalized Entanglement Forging with Slater Determinants
USPTO published patent application US20260087388A1 titled 'Generalized Entanglement Forging with Slater Determinants' covering quantum computing systems for electronic structure calculations. The application (No. 18892848), filed September 23, 2024, was submitted by inventors led by Mario Motta and describes systems for generalized entanglement forging using non-orthogonal Slater determinants and Jastrow ansatz on quantum systems.
METHOD FOR GENERATING TRAINING DATA, AND ELECTRONIC DEVICE
USPTO published patent application US20260087385A1 filed by Beijing Baidu Netcom Science Technology Co., Ltd. on March 26, 2026. The patent covers methods for generating AI training data using state transition images derived from user interaction data, trajectory data generation, and multimodal model-based reasoning reference extraction for training interaction agent models. The inventors are Le Zhang, Yu Shi, and Jingbo Zhou.
Anti-ICE Agitator Doxxes ICE Officer in North Carolina
DHS released a statement on March 31, 2026, regarding a doxxing incident in which an anti-ICE agitator mailed postcards to an ICE officer's neighbors exposing his identity. The statement highlights that ICE officers are experiencing an 8,000% increase in death threats and a 1,300% increase in assaults. No new regulatory requirements or compliance obligations are established by this press release.
ICE Arrest Detainer for Criminal Alien Charged with Murder in Fairfax County
ICE lodged an arrest detainer requesting Fairfax County officials not release Anibal Armando Chavarria Muy—a criminal alien from Guatemala charged with second degree murder in connection with a fatal stabbing in Fairfax County, Virginia. The detainer was lodged on March 30, 2026, one day after the victim was killed. This incident follows another fatal stabbing of Stephanie Minter by a criminal illegal alien in Fredericksburg one month prior.
DNN Inference Optimization Using Practical Early Exit Networks
USPTO published patent application US20260086912A1 disclosing methods and systems for optimizing DNN inference using early exit networks. The invention enables dynamic splitting of machine learning models based on processing load forecasts and adaptive batch sizing to improve computational efficiency. Application No. 19400394 was filed November 25, 2025.
AI-Driven Structural Engineering Design System and Method
The USPTO published patent application US20260087189A1 filed by Alexander Davis on September 20, 2024, covering an AI-driven system for structural engineering design automation. The system uses machine learning trained on engineered structure datasets including structural failure instances to generate optimized structural designs, 3D CAD models, and code-compliant engineering documents.
AI System for Active Shooter Detection via Sensor Signals
USPTO published patent application US20260087415A1 disclosing an AI system for detecting active shooters using sensor signals from multiple devices. The system correlates sensor data exceeding threshold levels, applies machine learning to classify emergency types and severity, and generates response information for dispatch.
Generative AI Content Retrieval Standardization Framework
The USPTO published patent application US20260087080A1 by inventor Jian JIAO for a generative AI framework that standardizes user queries and content items into a common object format with normalized values. The system improves content retrieval accuracy by combining selective online and offline calls to the generative AI model with a distilled encoder neural network, enabling real-time results.
User terminal and radio communication method
USPTO granted patent US12592796B2 to NTT DOCOMO, INC. on March 31, 2026. The patent covers user terminal and radio communication methods involving Hybrid Automatic Repeat reQuest-ACKnowledge (HARQ-ACK) timing for downlink shared channel reception across multiple services. The patent names six inventors and is classified under CPC codes H04L 1/1861 and related communication protocols.
Communication identifier padding in a communication network
USPTO granted patent US12592791B2 to Telefonaktiebolaget LM Ericsson (publ) covering a method for padding communication identifiers to hide their actual length for privacy purposes. The patent describes determining padding extent so identifiers conform to a set of allowed lengths with uniform differences between most lengths. The assignee and named inventors are John Mattsson and Prajwol Kumar Nakarmi.
Secure Element Authentication Using Over-the-Air Optical Communication
The USPTO granted Patent US12592773B2 to Microsoft Technology Licensing, LLC covering a system for secure element authentication using over-the-air optical communication between devices. The technology enables two systems to establish secure communications by emitting and detecting light signals within a predefined field of view, preventing unauthorized interception. The patent includes 20 claims and covers CPC classifications H04L 63/0861, H04L 63/0428, and H04B 10/114.
Communication method and communications apparatus
The USPTO granted Patent US12592798B2 to Huawei Technologies Co., Ltd. covering a method for network devices to determine timing information using reference signals and synchronization signal blocks. The patent, with inventors Lili Zheng and Hongping Zhang, contains 20 claims and relates to H04L communication technology.
First FOIA and Privacy Act Regulations
The Office of the National Cyber Director (ONCD) has released its first proposed Freedom of Information Act (FOIA) and Privacy Act regulations for public comment. The regulations establish ONCD's procedures for processing FOIA requests and managing Privacy Act records. Comments on the proposed rule are due May 15, 2026.
Computing system to manage security protocols for multiple electronic messaging providers based on domain delegation
The USPTO granted patent US12592972B2 to Klaviyo, Inc. covering domain delegation security methods for managing bulk email across multiple electronic messaging providers. The patent describes assigning sub-subdomains to email sending providers and administering security protocols based on those assignments. Invented by Joseph Gracey, the patent contains 19 claims.
Cisco Patent - Path Visibility, Packet Drop, and Latency Measurement
The USPTO granted Cisco Technology, Inc. Patent US12592987B2 covering techniques for measuring packet path visibility, packet drops, and latency in networked computing environments using service chaining data flows. The patent includes 20 claims and was assigned to inventors Sonu Kumar Khandelwal, Hasmit S. Grover, and Sundeep Singam Setty.
System and method for security control over data flows in distributed computing systems
The USPTO granted patent US12592973B2 to Caber Systems, Inc. covering methods and systems for detecting security issues within computing environments by analyzing data flows to determine links between data sources and metadata. The patent, filed as Application No. 18732293, provides a framework for identifying security policy ambiguities and potential security issues, then taking preventive actions.
NCSC Warns of Russia Actors Targeting Messaging Apps
The UK NCSC and international partners issued a joint advisory warning that Russia-based actors are actively targeting high-risk individuals through messaging apps including WhatsApp, Messenger, and Signal. The advisory documents specific attack vectors: social engineering for login codes, unauthorized device linking, undetected group chat access, impersonation, and QR code phishing. High-risk individuals include government officials, political staff, journalists, and others with sensitive information.