DHS Issues Statement on Criminal Alien Convicted of Assaulting High School Girls in Fairfax County
DHS issued a press release regarding the conviction of Israel Christopher Flores-Ortiz, an illegal alien from El Salvador, for nine counts of assault and battery committed at Fairfax County High School. The statement criticizes Virginia sanctuary policies and calls on Governor Spanberger not to release the defendant before sentencing on April 21.
Spring Cloud Gateway Vulnerability CVE-2026-22750
CERT-FR issued advisory CERTFR-2026-AVI-0417 regarding CVE-2026-22750, a vulnerability in Spring Cloud Gateway affecting versions 4.2.x prior to 4.2.1. The flaw permits an attacker to exploit an unspecified security issue. French organizations using affected versions should consult the Spring security bulletin for available patches.
Apache Tomcat Multiple Vulnerabilities
CERT-FR issued an advisory warning of multiple vulnerabilities in Apache Tomcat affecting versions 10.1.x prior to 10.1.54, 11.0.x prior to 11.0.21, and 9.0.x prior to 9.0.117. The vulnerabilities allow attackers to compromise data confidentiality, data integrity, and bypass security policies. Organizations running affected Tomcat deployments must apply available patches referenced in Apache security bulletins.
Multiple Vulnerabilities in Mattermost Desktop App
CERT-FR published security advisory CERTFR-2026-AVI-0419 alerting to multiple vulnerabilities in Mattermost Desktop App affecting versions prior to 5.13.5.0. The vulnerabilities could allow an attacker to cause unspecified security issues. Organizations using Mattermost Desktop App should consult the vendor security bulletins and apply available patches.
Multiple Vulnerabilities in Microsoft Azure Linux, 6 CVEs
ANSSI's CERT-FR issued an alert covering 6 CVEs in Microsoft Azure Linux components affecting azl3 kernel (versions prior to 6.6.130.1-1), azl3 libsoup (prior to 3.4.4-15), and azl3 xz (prior to 5.4.4-3). The vulnerabilities could allow an attacker to cause unspecified security issues. No specific risk severity was stated by the vendor. French organizations using Azure Linux are advised to apply vendor patches immediately via Microsoft Security Response Center.
Multiple Vulnerabilities in Tenable Security Center Allow Remote Code Execution
CERT-FR published advisory CERTFR-2026-AVI-0415 disclosing four critical vulnerabilities (CVE-2026-2003 through CVE-2026-2006) in Tenable Security Center versions 6.5.1 through 6.8.0. The vulnerabilities allow remote code execution and data confidentiality breaches without requiring authentication. Affected organizations must apply patch SC202604.1 from Tenable security bulletin tns-2026-10.
Multiple Ubuntu Linux Kernel Vulnerabilities Allow Privilege Escalation
CERT-FR published advisory CERTFR-2026-AVI-0421 warning of multiple Linux kernel vulnerabilities affecting Ubuntu 16.04 ESM through 25.10. The vulnerabilities allow privilege escalation, data confidentiality breaches, data integrity breaches, and denial of service attacks. System administrators should apply patches referenced in 16 Ubuntu security notices (USN-8145-3 through USN-8165-1) covering CVE-2022-49465, CVE-2022-49635, CVE-2023-53041, CVE-2023-53421, CVE-2023-53520, and additional CVEs.
SUSE Linux Kernel Multiple Vulnerabilities Advisory
CERT-FR published advisory CERTFR-2026-AVI-0422 disclosing multiple vulnerabilities in the SUSE Linux kernel affecting openSUSE Leap, SUSE Linux Enterprise Server, and related product lines across versions 12 SP5 through 15 SP7. The vulnerabilities, sourced from 13 SUSE security bulletins, could allow an attacker to cause unspecified security impacts. Affected parties are advised to apply patches referenced in the vendor security bulletins.
Red Hat Linux Kernel Multiple Vulnerabilities Alert
CERT-FR issued an advisory alerting organizations to multiple kernel vulnerabilities in Red Hat Linux affecting numerous products across multiple architectures (x86_64, aarch64, s390x, ppc64le). The vulnerabilities expose affected systems to data confidentiality breaches, security policy bypass, remote denial of service, arbitrary code execution, and privilege escalation risks. Organizations running Red Hat Enterprise Linux, CodeReady Linux Builder, and related products must patch immediately.
Multiple IBM Product Vulnerabilities Allow Remote Code Execution
CERT-FR published advisory CERTFR-2026-AVI-0424 on April 10, 2026 disclosing multiple critical vulnerabilities in IBM products including QRadar AI Assistant, Sterling External Authentication Server, Sterling Secure Proxy, and WebSphere Application Server Liberty. Affected versions span QRadar AI Assistant prior to 1.4.0, Sterling products prior to 6.1.1.3 GA and 6.2.1.2 GA, and WebSphere Liberty 17.0.0.3 to 26.0.0.3 without APAR PH70510. The vulnerabilities expose systems to remote code execution, data confidentiality breaches, denial of service, and security policy bypass.
Juniper Privilege Escalation Vulnerability in Junos OS
CERT-FR issued a security advisory alerting that Juniper Networks Junos OS and Junos OS Evolved contain a privilege escalation vulnerability (CVE-2026-33793). An attacker with local low-privileged access can exploit unsigned Python op-script configurations to compromise the system. Multiple versions of Junos OS and Junos OS Evolved across branches 22.4 through 25.2 are affected. Patches have been released by Juniper Networks.
Red Hat Products Multiple Vulnerabilities Allow Admin Privilege Escalation
CERT-Bund issued security advisory WID-SEC-2026-1033 warning of multiple vulnerabilities in Red Hat products including Ansible Automation Platform, Enterprise Linux, OpenShift, and Process Automation Manager. Local attackers can exploit these flaws to gain administrator privileges. CVSS base score is 6.4 (medium) with temporal score of 5.9. No remote attack vector exists.
Adobe Acrobat Reader Remote Code Execution Vulnerability CVE-2026-1047
CERT-Bund issued a critical security advisory for Adobe Acrobat Reader vulnerability CVE-2026-1047 with CVSS Base Score of 9.6. The flaw allows remote, unauthenticated attackers to execute arbitrary code and gain full administrative control of affected systems running Windows, UNIX, and other operating systems. Adobe Acrobat Reader versions up to and including 26.001.21367 are affected.
Multiple Vulnerabilities in Helm Allow Arbitrary Code Execution
CERT-Bund published security advisory WID-SEC-2026-1048 disclosing multiple vulnerabilities in Helm (Kubernetes package manager) with a CVSS Base Score of 8.6 (high). Affected versions include helm <4.1.4 and helm <3.20.2. An attacker can exploit these vulnerabilities to manipulate files, bypass security measures, and potentially execute arbitrary code.
Linux Kernel Vulnerability Allows Physical Access Attacks
CERT-Bund issued security advisory WID-SEC-2026-1049 warning of a vulnerability in the Linux kernel affecting versions prior to 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0-rc4. Attackers with physical access can exploit the flaw to cause denial of service, execute arbitrary code, or disclose information. The CVSS Base Score is 6.8 (medium). Remote attack is not possible, and mitigations are available.
Checkmk Multiple Vulnerabilities Allow Remote Attackers Unspecified Impacts
CERT-Bund issued security advisory WID-SEC-2026-1050 regarding multiple vulnerabilities in Checkmk IT monitoring software. Affected versions include those prior to 2.6.0b1, 2.5.0b4, 2.4.0p26, and 2.3.0p47. An authenticated remote attacker can exploit these vulnerabilities for unspecified impacts. CVSS Base Score is 6.3 (medium) with CVSS Temporal Score of 5.5.
Security Flaw in Dell EMC Isilon, CVSS 8.8
Security Flaw in Dell EMC Isilon, CVSS 8.8
Coast Guard Cutter Escanaba Seizes $33.9M Cocaine in Eastern Pacific
DHS announced that U.S. Coast Guard Cutter Escanaba seized 4,510 pounds of cocaine valued at $33.9 million during a routine patrol in the Eastern Pacific Ocean on Easter Sunday. The crew intercepted a suspected narco-terrorism vessel off the coast of Manta, Ecuador, recovering the contraband using a helicopter aircrew and over-the-horizon cutter pursuit boat.
ICE Arrests Criminal Illegal Aliens Convicted of Child Abuse, Assault, and Robbery
ICE announced arrests of criminal illegal aliens convicted of injury to a child, assault with a semiautomatic firearm, aggravated assault with a deadly weapon, robbery, and other crimes. The announcement coincides with the one-year anniversary of the reopening of the VOICE Office, which provides resources to victims of crimes with an immigration nexus.
ICE Requests Missouri Not Release Illegal Alien Accused of Murdering Teen
DHS announced that ICE issued an arrest detainer for Yefry Archaga-Elvir, an illegal alien from Honduras accused of murdering 15-year-old Miles Young in Greene County, Missouri on March 12, 2026. ICE is formally requesting Missouri authorities not to release the individual and to maintain custody pending federal immigration proceedings.
Trump Administration Welcomes Angel Families to D.C. to Mark One-Year Re-Opening of VOICE Office
DHS announced the one-year anniversary of the re-opening of the Victims of Immigration Crime Engagement (VOICE) Office. ICE welcomed Angel Families to Washington, D.C. to commemorate the milestone. The VOICE Office, originally created during the first Trump Administration and closed by the Biden Administration, provides support services to victims of alien crime, including immigration enforcement updates and custody status notifications for criminal aliens.
Stryker Corp Amends Cybersecurity Disclosure Under Item 1.05
Stryker Corp filed an amended Form 8-K with the SEC under Item 1.05 (Cybersecurity Incident Disclosure) to update a prior cybersecurity disclosure. The filing amends a previously submitted disclosure related to a cybersecurity matter at the company's Portage, MI operations. Public companies are required to disclose material cybersecurity incidents on Form 8-K Item 1.05 within four business days of determining materiality.
Secure Passkey Enrollment Using Digital Wallet Credentials
Secure Passkey Enrollment Via Digital Wallet Credentials
Two-Fold Digital Credential Verification and Signing Methods
USPTO published patent application US20260100851A1 disclosing methods and systems for issuing certificate-type digital credentials and electronically signing documents. The invention requires two-fold verification comprising credential validity checks (proof, expiration, revocation) plus verification that a trusted issuer exists within a parent-child relationship. Both credential types can be organized in a digital identity hierarchy using distributed ledger technology.
Verifiable Cryptographic Obfuscation Patent Using Physically Unclonable Function
The USPTO published patent application US20260100854A1 for Vipin Singh Sehrawat's verifiable cryptographic obfuscation system using physically unclonable functions (PUFs). The patent covers methods for generating error vectors via PUF circuits to enable LPN encryption verification of PRG outputs using Hamming distance analysis.
Verifiable Cryptographic Obfuscation Methods Using PUF and LPN Encryption
The USPTO published patent application US20260100853A1 for verifiable cryptographic obfuscation methods using physically unclonable functions (PUF) and Learning Parity with Noise (LPN) encryption. The invention covers systems that verify obfuscation integrity by comparing corrected and corrupted PRG outputs via Hamming distance analysis. Technology companies and patent professionals should review for prior art and licensing implications.
Zero Trust Hash Validation for DePIN Networks
Zero Trust Hash Validation for DePIN Networks
LLM Unlearning via Loss Adjustments - Accenture Global Solutions
USPTO published patent application US20260099772A1 by Accenture Global Solutions Limited disclosing a system and method for large language model unlearning via a forget data only loss adjustment (FLAT) function. The invention involves accessing forget data samples, associating template responses via LLMs, and training a target LLM using loss adjustments to maximize divergence between template and forget answers.
Human-in-the-Loop AI Training for Agentic Automation Patent Application
USPTO published patent application US20260099135A1 by UiPath, Inc. covering human-in-the-loop automation training using AI for agentic automation systems. The invention enables a listener to monitor user or AI agent interactions with computing systems and improve or personalize automation based on those interactions.
Hierarchical Speech Analysis Method for Age, Gender, and Emotion Detection
USPTO published patent application US20260100196A1 for Tencent America LLC, covering a hierarchical speech analysis method using two-stage neural networks to detect speaker age, gender, and emotion from voice signals. The first learning stage performs initial detection while the second stage refines these attributes. This patent application relates to AI-driven speech processing technology.
Machine Learning Predicts Gene Sequence Effects on Endophenotypes
USPTO published patent application US20260100241A1 by Inari Agriculture Technology, Inc. describing a machine-learning method for predicting how gene regulatory sequences affect endophenotypes. The method involves inputting gene regulatory sequences into a trained model to generate effect predictions and selecting sequences based on desired phenotypic profiles.
Bank of America AI Parameter Adjustment in Distributed Network Patent Application
USPTO published Bank of America Corporation's patent application for AI parameter adjustment systems in a distributed network. The application describes methods for analyzing user data with AI engines, generating reports based on defined parameters, and regenerating outputs based on user feedback. Filing date was October 9, 2024.
AI Model Explainer for Non-Numerical Data Types
The USPTO published patent application US20260099763A1 by inventors Wan et al. covering mechanisms for AI model explanation of non-numerical data. The system converts non-numerical feature data into numerical representations, processes these through an AI model explainer to generate explanations, and converts outputs back to non-numerical form using two trained computer models.
AI Models for Edge Case Driving Scenarios
The USPTO published patent application US20260099762A1 from AUTOBRAINS TECHNOLOGIES LTD describing methods for generating AI models for autonomous driving using clustered driving scenario data to enhance decision-making in edge case scenarios.
Neural Network Quantum Error Correction Decoding Method and Apparatus
USPTO published patent application US20260099754A1 by Tencent Technology (Shenzhen) on April 9, 2026. The application covers neural network-based methods for quantum error correction decoding, including error syndrome acquisition, feature extraction via neural network decoder, and error result determination for quantum circuits.
Mitel MiCollab Multiple Critical Vulnerabilities Including SQL Injection CVSS 9.8
CERT-Bund issued security advisory WID-SEC-2026-1026 warning of multiple critical vulnerabilities in Mitel MiCollab communication suite. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote SQL injection attacks and privilege escalation. Affected versions include MiCollab prior to version 10.2 SP1 running on Linux, UNIX, Windows, and other platforms. Mitigation measures are available.
Chrome and Edge Vulnerabilities Allow Remote Code Execution
CERT-Bund issued a high-severity security advisory (WID-SEC-2026-1030) alerting organizations to multiple vulnerabilities in Google Chrome (versions prior to 147.0.7727.55/56) and Microsoft Edge. The flaws carry a CVSS Base Score of 8.8 and enable remote anonymous attackers to bypass security mechanisms, execute arbitrary code, disclose information, and deceive users. Mitigation is available via software updates.
LogStash Remote Code Execution Vulnerability CVSS 8.1
LogStash RCE Vulnerability, CVSS 8.1, 8th Apr
XWiki Code Execution Vulnerability, CVSS 7.2
XWiki Code Execution Vulnerability, CVSS 7.2
Intel CPU Privilege Escalation Vulnerability, CVSS 4.7
CERT-Bund issued a security advisory detailing a privilege escalation vulnerability in Intel processors (Pentium Silver Series, Celeron J Series, Celeron N Series). Attackers with physical access can exploit the flaw to elevate privileges, with a CVSS Base Score of 4.7 (medium). Organizations using affected processors should apply available mitigations.
SugarCRM Sugar Enterprise Multiple Vulnerabilities Allow Admin Access
CERT-Bund published security advisory WID-SEC-2026-1021 disclosing multiple critical vulnerabilities in SugarCRM Sugar Enterprise versions prior to 25.1.3 and 14.0.4. The vulnerabilities carry a CVSS Base Score of 8.8 (high), allowing remote attackers to gain administrator privileges, execute cross-site scripting attacks, bypass security controls, manipulate data, disclose confidential information, and cause denial of service.
Juniper Critical Vulnerabilities April 2026: CVSS 10.0 Remote Code Execution, Root Privilege Escalation
CERT-Bund issued security advisory WID-SEC-2026-1022 identifying critical vulnerabilities (CVSS 10.0) in Juniper Apstra, JUNOS OS, JUNOS OS Evolved, QFX Series, MX Series, SRX Series, and Junos Space. Remote attackers can exploit these flaws to gain root privileges, execute arbitrary code, bypass security controls, and exfiltrate sensitive data. Organizations must apply patches immediately to affected systems.