Advisory on Risks Associated with Frontier AI Models
The Cyber Security Agency of Singapore (CSA) has published an advisory warning organisations about cybersecurity risks associated with frontier AI models. These advanced AI systems can reportedly reduce the time to identify vulnerabilities and engineer exploits from months to hours. While no misuse has been observed, CSA outlines immediate and long-term mitigation measures for organisations to strengthen their security posture.
Multiple Azure Vulnerabilities Allow Privilege Escalation
CERT-FR issued advisory CERTFR-2026-AVI-0444 alerting organizations to multiple privilege escalation vulnerabilities in Microsoft Azure. Five CVEs (CVE-2026-32167, CVE-2026-32168, CVE-2026-32171, CVE-2026-32176, CVE-2026-32192) were disclosed in Microsoft Azure security bulletins on April 14, 2026. Affected systems include Azure Logic Apps and Azure Monitor Agent versions prior to 1.35.9 and 1.41.0. Organizations are advised to consult Microsoft security bulletins for patch availability.
Multiple Microsoft CVEs Allow Code Execution, Elevation
CERT-FR issued advisory CERTFR-2026-AVI-0445 notifying of 22 Microsoft security vulnerabilities affecting products including Microsoft Defender, Microsoft Dynamics 365, Microsoft HPC Pack, Microsoft Power Apps, Microsoft SharePoint (multiple versions), Microsoft SQL Server (2016-2025), and Microsoft Visual Studio. Affected systems risk data confidentiality breaches, security policy bypass, remote code execution, denial of service, and privilege elevation. Microsoft has released patches and updates to address these vulnerabilities.
Multiples vulnérabilités dans Tenable Identity Exposure versions antérieures à 3.77.17
CERT-FR has published a security advisory regarding 18 vulnerabilities discovered in Tenable Identity Exposure, affecting versions prior to 3.77.17. The vulnerabilities include privilege escalation, remote denial of service, data confidentiality breaches, data integrity compromise, and security policy bypass. Affected organizations are advised to consult the vendor security bulletin and apply available patches.
Python CPython Remote Denial of Service Vulnerability
CERT-FR issued a security advisory regarding a remote denial of service vulnerability in Python CPython. The vulnerability (CVE-2026-5713) affects CPython versions without the latest security patch. Organizations using affected Python installations are at risk of remote denial of service attacks.
Adobe Product Vulnerabilities Allow Remote Code Execution, DoS, Security Bypass
CERT-FR issued advisory CERTFR-2026-AVI-0438 warning of multiple critical vulnerabilities in Adobe products. Affected products include Acrobat 2024, Acrobat DC, Acrobat Reader DC, ColdFusion 2023, and ColdFusion 2025 on Windows and macOS. The vulnerabilities allow remote code execution, remote denial of service, and security policy bypass. ANSSI references Adobe security bulletins APSB26-38 and APSB26-44.
Multiples vulnérabilités dans Ivanti Neurons (XSS et contournement de sécurité)
CERT-FR a publié un avis de sécurité concernant deux vulnérabilités (CVE-2026-4913 et CVE-2026-4914) dans Ivanti Neurons for ITSM versions antérieures à 2025.4. Les failles permettent une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité. Les organisations utilisant ce logiciel doivent vérifier leur version et appliquer les correctifs disponibles via le bulletin de sécurité Ivanti du 14 avril 2026.
Multiple Fortinet Vulnerabilities Allow Code Execution
CERT-FR published advisory CERTFR-2026-AVI-0440 covering 29 vulnerabilities across multiple Fortinet product lines, including FortiOS, FortiAnalyzer, FortiManager, FortiProxy, FortiSandbox, FortiClientEMS, and others. Affected products span versions 7.x through 7.6.x and earlier, exposing systems to risks including remote code execution, data confidentiality and integrity breaches, SSRF, XSS, SQL injection, denial of service, and privilege escalation. Fortinet published corresponding security bulletins FG-IR-26-100 through FG-IR-26-127 between April 14-15, 2026.
Multiple Microsoft Office Vulnerabilities Allow Remote Code Execution, Data Breach
CERT-FR published security advisory CERTFR-2026-AVI-0441 alerting organizations to 12 critical vulnerabilities in Microsoft Office products including Excel, PowerPoint, Office 2016/2019/LTSC 2021/2024, and Office Online Server. The vulnerabilities allow remote code execution and data confidentiality breaches. Users are advised to apply Microsoft's security patches immediately.
Multiple Windows Vulnerabilities Enable Code Execution, Privilege Escalation
CERT-FR issued advisory CERTFR-2026-AVI-0442 alerting to 51 vulnerabilities in Microsoft Windows. Affected CVEs include CVE-2023-20585, CVE-2026-0390, and multiple others from CVE-2026-26151 through CVE-2026-27914. The vulnerabilities enable remote code execution and privilege escalation. Microsoft released security bulletins on April 14, 2026. Organizations running affected Windows systems are advised to apply patches immediately.
Multiple .NET Vulnerabilities Allow DoS and Security Bypass
CERT-FR issued advisory CERTFR-2026-AVI-0443 alerting that six vulnerabilities (CVE-2026-23666, CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-32226, CVE-2026-33116) were discovered in Microsoft .NET affecting versions 8.0, 9.0, and 10.0 on Linux, Mac OS, and Windows, as well as multiple .NET Framework versions. These vulnerabilities allow remote attackers to cause denial of service and bypass security policies. Affected organizations should apply patches per Microsoft security bulletins.
UK Naturalized Citizen Accused of Murdering DHS Employee Lauren Bullis
DHS announced on April 15, 2026, that Olaolukitan Adon Abel, 26, a UK-born individual naturalized by the Biden Administration in 2022, stands accused of brutally murdering DHS employee Lauren Bullis on April 13. Abel has a prior criminal record including convictions for sexual battery, battery against a police officer, obstruction, assault with a deadly weapon, and vandalism. DHS stated that since President Trump took office, USCIS has implemented measures to prevent individuals with criminal histories from attaining citizenship.
CISA Adds CVE-2009-0238 and CVE-2026-32201 to Known Exploited Vulnerabilities Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. CVE-2009-0238 is a Microsoft Office Remote Code Execution vulnerability and CVE-2026-32201 is a Microsoft SharePoint Server Improper Input Validation vulnerability. These vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities pursuant to Binding Operational Directive 22-01.
Asynchronous Quantum Information Processing System Reduces QIPU Dead Time
USPTO published patent application US20260099354A1 by William Joseph Zeng describing an asynchronous approach to implementing quantum algorithms to reduce dead time of quantum information processing units (QIPUs). The system uses a controller to manage multiple parameter sets for quantum programs, allowing the QIPU to continue executing while the controller processes results and determines updated parameters. This approach enables the QIPU to operate with minimal or no idle time.
Universal Machine Learning Pipeline Execution System and Method
USPTO published patent application US20260099305A1 titled 'Systems and Methods for Universal Machine Learning Pipeline Execution,' filed December 10, 2025. The application discloses methods for automated machine learning model development, including parsing configuration files, generating model code, creating ML pipelines, monitoring execution, and producing trained models with performance data. Inventors: Rameshchandra Bhaskar Ketharaju, Anjeet Kumar, and Shuvam Sengupta. CPC classifications include G06F 8/35, G06F 8/31, G06F 11/3476, and G06N 20/00.
Hierarchical Reinforcement Learning Controls Industrial Facility
The USPTO published patent application US20260099128A1 on April 9, 2026, filed by inventors William Wong, Praneet Dutta, and Jerry Jiayu Luo. The application covers methods and systems for controlling industrial facilities using hierarchical reinforcement learning with high-level and low-level neural network controllers. CPC classifications include F28F 27/003, G05B 13/027, and G06N 3/092.
Adobe Acrobat DC, Reader Multiple Vulnerabilities, CVSS 8.6
Adobe Acrobat DC, Reader Multiple Vulnerabilities, CVSS 8.6
Critical Microsoft Windows Multiple Vulnerabilities CVSS 9.8
CERT-Bund issued advisory WID-SEC-2026-1104 detailing critical multiple vulnerabilities in Microsoft Windows products with a CVSS Base Score of 9.8 (critical) and Temporal Score of 8.5 (high). Affected products include Windows Server 2012 through 2025 and Windows 10 versions 1607 through 22H2 and Windows 11 versions 23H2 through 26H1, along with Microsoft Windows Admin Center. An attacker could exploit these vulnerabilities to achieve remote code execution, privilege escalation, information disclosure, security feature bypass, and denial of service attacks.
WID-SEC-2026-1103: Critical Microsoft SQL Server Vulnerabilities Allow Code Execution and Privilege Elevation
CERT-Bund issued security advisory WID-SEC-2026-1103 warning of multiple critical vulnerabilities in Microsoft SQL Server 2016, 2017, 2019, and 2022. The flaws carry a CVSS Base Score of 8.8 (high) and a Temporal Score of 7.7 (high). Attackers can exploit these vulnerabilities remotely to execute arbitrary code and escalate privileges. Mitigations are available.
Adobe ColdFusion Critical Flaws Allow Code Execution
CERT-Bund published security advisory WID-SEC-2026-1110 alerting to multiple critical vulnerabilities in Adobe ColdFusion 2023 (prior to Update 19) and Adobe ColdFusion 2025 (prior to Update 7). The vulnerabilities carry a CVSS Base Score of 9.3 (critical) and temporal score of 8.1 (high). An unauthenticated remote attacker can exploit these flaws to execute arbitrary code, bypass security controls, disclose information, and conduct denial of service attacks. Mitigation measures are available.
Keycloak Cross-Site Scripting Vulnerability CVSS 6.9 (Medium)
CERT-Bund has published a security advisory regarding a Cross-Site Scripting (XSS) vulnerability in Keycloak, an open-source identity and access management platform. The vulnerability has a CVSS Base Score of 6.9 (Medium) and CVSS Temporal Score of 6.3 (Medium). A remote, authenticated attacker can exploit this vulnerability to conduct XSS attacks. Affected systems run Keycloak on Linux and UNIX operating systems.
Dell PowerProtect Data Domain OS Critical Vulnerabilities
CERT-Bund issued security advisory WID-SEC-2026-1118 warning of multiple critical vulnerabilities in Dell PowerProtect Data Domain OS with CVSS Base Score 8.8 (High). Affected versions include OS builds prior to 8.7.0.0, 8.7.0.1, 8.3.1.30, 7.13.1.70, 8.6.0.0, 8.3.1.20, and 7.13.1.60. Remote attackers can exploit these flaws to execute arbitrary code with root privileges, escalate privileges to administrator level, bypass security controls, manipulate data, or disclose confidential information.
Synology DiskStation Manager Multiple Vulnerabilities CVSS 8.0
CERT-Bund published security advisory WID-SEC-2026-1125 disclosing multiple vulnerabilities in Synology DiskStation Manager (DSM) with a CVSS Base Score of 8.0 (high) and Temporal Score of 7.0 (high). Remote exploitation is confirmed. Affected versions include DSM <7.3.2-86009-2, <7.2.2-72806-7, and <7.2.1-69057-10. The vulnerabilities allow attackers to bypass security measures, manipulate data, disclose confidential information, or cause denial of service.
Composer Multiple Vulnerabilities Allow Remote Code Execution
CERT-Bund published security advisory WID-SEC-2026-1128 disclosing multiple vulnerabilities in Open Source Composer (versions below 2.9.6 and 2.2.27 LTS) that allow remote attackers to execute arbitrary code. The CVSS Base Score is 8.8 (high) and the Temporal Score is 7.7 (high). Mitigation measures are available.
CVE-2009-0238: Microsoft Excel Remote Code Execution Vulnerability
CISA added CVE-2009-0238 to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects Microsoft Office Excel versions 2000 SP3 through 2007 SP1, Excel Viewer 2003, Compatibility Pack for Office 2007 formats, and Excel for Mac 2004 and 2008. The vulnerability allows remote code execution via crafted Excel documents and was actively exploited in February 2009 by Trojan.Mdropper.AC. CISA's SSVC assessment rates exploitation as active with total technical impact.
Microsoft SharePoint Spoofing Vulnerability, CVSS 6.5 Medium
CISA added CVE-2026-32201 to the Known Exploited Vulnerabilities catalog on April 14, 2026. The vulnerability is an improper input validation flaw in Microsoft Office SharePoint (versions prior to 16.0.5548.1003, 16.0.10417.20114, and 16.0.19725.20210) that allows unauthorized attackers to perform spoofing over a network. SSVC analysis rates exploitation as 'active' and 'automatable' with partial technical impact. A vendor patch is available via Microsoft Update Guide.
Microsoft April 2026 Patches Address Multiple Vulnerabilities
CSA Singapore issued an alert on 15 April 2026 notifying that Microsoft released security patches addressing multiple vulnerabilities across its software products. The alert lists 11 vulnerabilities with CVSS base scores ranging from 7.5 to 9.8, including critical remote code execution vulnerabilities affecting Windows IKE extensions, Go compiler, SWIG, Remote Desktop Client, Microsoft Office, TCP/IP, and Active Directory. CSA recommends organizations apply the patches immediately.
ICE Arrests Criminal Illegal Aliens Convicted of Murder, Child Abuse
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of criminal illegal aliens across the country, including individuals convicted of voluntary manslaughter, lewd battery on a child, and attempted statutory rape of a child. Secretary Markwayne Mullin stated that nearly 70% of ICE arrests involve illegal aliens charged or convicted of a crime in the U.S. The announcement highlights continued enforcement operations targeting non-citizens with serious criminal convictions.
ICE Requests Detention of Illegal Alien Charged with Murdering Wife in Tulsa
ICE lodged an arrest detainer requesting local authorities in Tulsa, Oklahoma, not release Willie Ricardo Merida-Escobar, an illegal alien from Guatemala, who has been charged with first-degree murder. The subject was arrested by Tulsa Police Department on April 10, 2026, for allegedly strangling his wife Karla Gramajo-Cabrera and dumping her body near a highway. ICE issued the detainer to prevent the individual's release back into the community pending immigration proceedings.
ICE Arrests Jamaican Criminal Alien Gang Member Wanted for Murder
ICE and Florida Highway Patrol arrested Ragar Mandela Allen, 32, a Jamaican national and alleged member of the Craig Town Gang, on March 31, 2026. Allen was wanted for murder and multiple felony charges in Jamaica. During the arrest attempt, Allen attempted to flee, dragging a Florida Highway Patrol trooper with his vehicle into a fence, injuring the officer.
Differential Transmission of QoE Reports and RVQoE Reports
The USPTO published patent application US20260100894A1 on April 9, 2026. The application, filed October 23, 2023 under Application No. 19115278, covers systems and methods for differential transmission of Quality of Experience reports and Radio Access Network Visible QoE reports in wireless networks. Inventors include Cecilia Eklöf, Johan Rune, Filip Barac, Luca Lunardi, Mattias Bergström, and Agne Ciuciciulkaite.
Dynamic Intent Manager Profile Exposure Method for Communications Networks
The USPTO published patent application US20260100893A1 on April 9, 2026, covering a method for dynamic intent manager profile exposure in communications networks. The invention involves generating messages to register basic intent handler profiles with an intent manager registry, receiving owner identifiers, and selecting advanced information to complement profiles. Inventors include Pedro Henrique Gomes da Silva, Amadeu Do Nascimento Junior, and Andrey José Torres Da Silva.
Flexible Prompt Guardrails System for Generative AI
USPTO published patent application US20260099719A1 for a flexible and extensible prompt guardrails system for generative AI. The system intercepts prompts intended for a generative AI system, extracts feature vectors using specialized models, and evaluates them against rules to determine whether to block or allow the prompt. The system supports adding or removing features and updating evaluation rules based on testing. The application was filed on October 3, 2024.
Dendritic Computation Neural Network Patent, Apr 9
Dendritic Computation Neural Network Patent, Apr 9
Enhanced Artificial Intelligence Virtual Assistants Patent Application
The USPTO published patent application US20260099676A1 for Zoom Video Communications, Inc. covering enhanced AI virtual assistant methods. The application describes receiving user requests, determining intent, identifying services, and generating responses. The application was filed October 7, 2024, and published April 9, 2026.
SAFETY ALIGNMENT FOR LANGUAGE MODELS USING MODEL-GENERATED SAFETY CATEGORIES
USPTO published patent application US20260099707A1 for safety alignment techniques in language models. The application describes using an ensemble of generative AI models to generate machine-defined safety labels for interactions, applying majority voting with predefined safety labels to revise training data labels, and training language models to implement guardrails restricting unsafe content generation. The application covers ensemble-based safety labeling and alignment training methodologies for AI systems.
METHOD AND SYSTEM FOR DEPLOYMENT OF LARGE LANGUAGE MODELS (LLM) IN CLOUD INSTANCES
Tata Consultancy Services Limited filed USPTO patent application US20260099706A1 for a method and system to deploy LLMs in cloud instances. The system evaluates cloud instance feasibility based on LLM model size and available storage, determines latency values for batch sizes across LLM-accelerator pairs, and generates deployment recommendations based on latency, cost, workload, application type, and performance metrics.
NEC Corporation Multi-Sensor Encoding and Adversarial Estimation Machine Learning Device Patent Application
USPTO published patent application US20260099724A1 for NEC Corporation's machine learning device that trains encoding models for sensor data and adversarial estimation models. The invention encodes first and second sensor data into codes, trains an adversarial estimation model to estimate cross-modal codes, and trains the encoding model to resist adversarial estimation. This publication affects technology companies and manufacturers developing multi-sensor machine learning systems.
QEMU Vulnerability, CVSS 7.8, Allows Disclosure, DoS
QEMU Vulnerability, CVSS 7.8, Allows Disclosure, DoS
Siemens Industrial Edge Management Security Bypass Vulnerability
CERT-Bund issued a security advisory warning of a vulnerability in Siemens Industrial Edge Management (CVSS Base Score 4.7/medium) that allows a remote, anonymous attacker to bypass security measures. Affected versions include Siemens Industrial Edge Management Pro prior to 1.15.17 and 2.1.1, and Virtual prior to 2.8.0. Organizations using these products should review mitigations.
ABB 800xA CI868 and Symphony Melody PM877 Denial of Service Vulnerability
CERT-Bund issued a security advisory regarding a denial of service vulnerability in ABB industrial control systems 800xA and Symphony Melody. The vulnerability (CVSS Base Score 6.5) affects the CI868 module for AC800M and PM877 for Symphony Melody Plus MR when specific version thresholds are met. An attacker from an adjacent network could exploit this vulnerability to cause service disruption. Mitigation measures are available from ABB.
BigBlueButton Multiple Vulnerabilities Allow Data Manipulation and Redirect Attacks
CERT-Bund published security advisory WID-SEC-2026-1084 identifying multiple vulnerabilities in BigBlueButton open-source web conferencing system versions prior to 3.0.24. The vulnerabilities carry a CVSS Base Score of 6.5 (medium) and Temporal Score of 5.7 (medium). Remote attackers can exploit these flaws to manipulate data and redirect users to attacker-controlled domains. Organizations running affected BigBlueButton installations should apply mitigations.
CPython Multiple Vulnerabilities Allow Security Bypass and Data Manipulation
CERT-Bund issued security advisory WID-SEC-2026-1087 disclosing multiple vulnerabilities in CPython versions prior to 3.15.0. The vulnerabilities carry a CVSS Base Score of 7.4 (high) and enable remote attackers to bypass security mechanisms and manipulate data. Affected platforms include Linux, UNIX, Windows, and Fedora Linux.
Kubernetes CSI Driver SMB File Manipulation Vulnerability CVE CVSS 6.5
CERT-Bund issued a security advisory regarding a vulnerability in Open Source Kubernetes CSI Driver for SMB versions prior to 1.20.1. The flaw, with a CVSS Base Score of 6.5 (medium), allows a remote authenticated attacker to manipulate files. Organizations running affected Kubernetes deployments on Linux and UNIX systems should apply mitigations or update to version 1.20.1 or later.
GNU tar Vulnerability Allows Security Bypass - CVSS 5.0 Medium
CERT-Bund issued security advisory WID-SEC-2026-1057 regarding a vulnerability in GNU tar that allows a local attacker to bypass security measures. The vulnerability carries a CVSS Base Score of 5.0 (medium) and Temporal Score of 4.6 (medium). Remote attack is not possible. Affected systems include Linux, UNIX, and Windows operating systems.
SingCERT Security Bulletin Summarizes NIST Vulnerability Database
The Cyber Security Agency of Singapore (CSA) SingCERT published a security bulletin summarizing critical vulnerabilities from NIST's National Vulnerability Database. The bulletin categorizes CVEs by CVSSv3 base scores, listing vulnerabilities scoring 9.0-10.0 (Critical), 7.0-8.9 (High), 4.0-6.9 (Medium), and 0.1-3.9 (Low). Critical vulnerabilities include Axios prototype pollution (CVE-2026-40175, score 10.0), Sonicverse SSRF (CVE-2026-40089, score 9.9), SAP SQL injection (CVE-2026-27681, score 9.9), Axios proxy bypass (CVE-2025-62718, score 9.9), and PraisonAI sandbox escape (CVE-2026-39888, score 9.9).
Virtual Markers for Network Connectivity in Distributed Systems
USPTO published patent application US20260100899A1 titled 'Virtual Markers for Network Connectivity in Distributed Systems' filed December 2, 2025 by inventors Evan V. Chrapko and Leo M. Chan. The application covers a system where a processor in a distributed network determines network connectivity values for nodes based on virtual markers, distributing tasks across network nodes and reporting results. CPC classifications include H04L 43/0811 and H04L 41/0893 relating to network monitoring and configuration.
Using Wireless Packets to Indicate Network Device Boot Status
The USPTO published patent application US20260100898A1 by Robert J. Pera, Yao-Chung Chang, and Andrejs Bogdanovs disclosing a method for using wireless packets to indicate boot status of a network device. The method involves initiating a boot sequence, transmitting a first wireless packet during the boot sequence indicating the device is booting, and transmitting a second wireless packet indicating the device has finished booting. The invention relates to networking communications technology and wireless device status reporting.
Network Telemetry Mirroring, Higher Resolution Signals
USPTO published patent application US20260100896A1 by inventors Sandhaus, Shalikashvili, and Binshtock, disclosing methods to combine multiple telemetry data signals from network devices to generate higher resolution signals. The application relates to network monitoring and status determination through combined telemetry processing. The filing date was December 10, 2025, and the application number is 19414755.