Prediction Model Training Using Detected Anomalies
USPTO published patent application US20260099735A1 for a system and method of training prediction models using detected anomalies. The system trains multiple models using historical data, selects the best-performing model based on test data, generates forecasts, identifies anomalies between forecasts and model outputs, and incorporates user feedback to retrain and improve prediction accuracy.
Information Classification Using Local, Global Models
USPTO published patent application US20260099726A1 by inventors Song Bai, Yujun Shi, Wenqing Zhang, and Bin Lu on April 9, 2026. The application covers a method and apparatus for information classification using local and global classification models with decorrelation to address dimensional collapse of feature representations. The invention was filed on July 7, 2023, under application number 19099724.
SYSTEM FOR AUTOMATED DATA ANALYSIS AND DECISION-MAKING FOR COMPLEX PRODUCT CONFIGURATION
The USPTO published patent application US20260099734A1 filed by Vertiv Corporation on October 7, 2025. The application covers an AI-driven product configurator that pre-processes data from multiple sources, extracts features, and infers results through ML models deployed on edge devices with dynamic resource allocation. Analytical reports with visualizations and alerts are generated based on detected anomalies.
Rules Engine AI Guides End Users Through Transactions
The USPTO has published patent application US20260099731A1 filed by inventors Stephen Barrett Cichy and Markus Daniel Bockle. The application covers a rules engine configured to express complex logic, handle time and event synchronization, provide insights into rule execution, and model uncertainties. The system enables AI-guided assistance for end users completing transactions.
Topological Sparse Training Process for Machine Learning Models
USPTO published patent application US20260099725A1 for a topological sparse training process for machine learning models. The application covers methods for executing ML models with attention heads, using loss functions configured for preferential attachment of neurons, and modifying parameters including setting values to zero to generate sparse ML models. The invention aims to optimize neural network architecture through preferential attachment mechanisms during training.
System for Providing Software Related Answer Based on Trained Model
USPTO published patent application US20260099736A1 for a system providing software-related answers using a trained AI model. The invention involves natural language understanding for code base queries, using a custom enhancement model to determine user intent and a trained model (with generic and specific inputs) to generate natural language responses. Inventors: Joel Hart and Douglas Lee of SAFERITE.
Compound Docking Calculation Processing Device Method and Program
Institute of Science Tokyo filed USPTO patent application US20260099729A1 for a compound docking calculation processing device, method, and program. The invention enables combinatorial optimization in fragment-based compound docking calculations for drug discovery by using fragment decomposition, fragment docking calculation, interaction evaluation, and optimization processing units.
Task Agnostic Embedding Based Labeling Escalation On Fly
The USPTO published patent application US20260099728A1 for a machine learning method involving task-agnostic embedding-based labeling escalation. The invention uses a two-pass system: a first-pass model makes an initial decision, and if embedding analysis indicates a need for escalation, a higher-complexity second-pass model generates a final decision. The application was filed on October 7, 2024, by inventors MohammadReza GHAEINI and Muhaimenul ADNAN and classified under CPC G06N 5/01.
Language Models Having Reduced Size While Maintaining Performance and Reducing Hallucinations
USPTO published patent application US20260099727A1 titled 'Language Models Having a Reduced Size While Maintaining Performance and Reducing Hallucinations' filed January 30, 2025 by inventors Jeffrey Daniel Esposito, Henry Svendsgaard, Aishwarya Dharani Arul, and Tabor Scott. The application discloses a computer program product that iteratively trains a language model by adjusting hyperparameters such as number of layers, hidden units, and parameters, selecting the smallest model configuration that meets a predetermined performance threshold to reduce hallucinations.
Trustable AI Chat, Privacy, Single Interface
The USPTO published patent application US20260099733A1 on April 9, 2026. The application covers systems and methods for enabling clients to interact with multiple AI-based applications and large language model services through a single user interface with assured privacy and security. The invention involves a network device that stores service level information for multiple external AI services and converts natural language requests into service call sequences.
New York Sanctuary Politicians Refuse to Honor ICE Arrest Detainer Against Illegal Alien Charged with Murder and Arson
DHS announced that ICE requested NYCDOC not release Roman Ceron Amatitla, a criminal illegal alien charged with murder and arson in Queens County, NY. NYCDOC refused to cooperate with ICE and will release Amatitla. DHS urges Governor Hochul and Mayor Mamdani to honor the detainer. Since January 20, New York's failure to honor ICE detainers has resulted in the release of 6,947 criminal illegal aliens, including 29 homicides and 2,509 assaults.
Multiple Vulnerabilities in Red Hat Linux Kernel Allow Code Execution
CERT-FR issued an advisory warning of multiple vulnerabilities in Red Hat Linux kernel affecting multiple product versions. Four CVEs are referenced: CVE-2025-71238, CVE-2026-23144, CVE-2026-23171, and CVE-2026-23204. The vulnerabilities expose affected systems to arbitrary code execution, privilege escalation, data confidentiality breaches, security policy bypass, and denial of service. Organizations using Red Hat Enterprise Linux or CodeReady Linux Builder on ARM 64, IBM z Systems, Power (little endian), and x86_64 architectures should apply vendor patches from RHSA-2026:8342.
Multiples vulnérabilités dans le noyau Linux de SUSE - CERTFR-2026-AVI-0454
CERT-FR issued an advisory warning of multiple vulnerabilities in the SUSE Linux kernel. The vulnerabilities, aggregating 45+ SUSE security bulletins from April 10-15 2026 (SUSE-SU-2026:1242-1 through SUSE-SU-2026:1342-1), affect 32 SUSE product lines including openSUSE Leap 15.3-15.6 and SUSE Linux Enterprise Server 12 SP5 through 15 SP7. Attackers could exploit these vulnerabilities to cause unspecified security issues. CERT-FR directs affected parties to consult SUSE security bulletins for available patches.
Multiples vulnérabilités dans IBM QRadar - Avis CERT-FR-2026-AVI-0455
CERT-FR issued advisory CERTFR-2026-AVI-0455 disclosing multiple vulnerabilities in IBM QRadar SOAR Plugin version 5.3.1 prior to 5.6.4. The vulnerabilities (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441) allow remote attackers to cause denial of service. Organizations using affected versions should apply patches per IBM security bulletins 7269734 and 7269736.
Multiples vulnérabilités dans les produits Microsoft
CERT-FR issued a security advisory informing of multiple vulnerabilities in Microsoft products affecting azl3 containerd2 (versions prior to 2.0.0-19) and cbl2 rubygem-rdiscount (versions prior to 2.2.0.2-4). The vulnerabilities, tracked as CVE-2026-35201 and CVE-2026-35469, could allow an attacker to cause an unspecified security issue. Affected parties are advised to refer to Microsoft security bulletins for patches.
Multiple Linux Kernel Vulnerabilities in Ubuntu, Privilege Escalation and Data Breach Risk
CERT-FR issued an advisory warning of multiple vulnerabilities discovered in the Ubuntu Linux kernel. The vulnerabilities affect Ubuntu versions 14.04 ESM through 25.10 and could enable attackers to achieve privilege escalation, compromise data confidentiality, damage data integrity, or cause denial of service. The advisory references 15 Ubuntu security bulletins and 45+ CVE identifiers including CVE-2025-39869 and CVE-2025-38591.
Variable-bit Adaptive Sensing Circuit for Analog Neuromorphic Systems
USPTO published patent application US20260099703A1 for a variable-bit adaptive sensing circuit system designed for analog neuromorphic systems. The system comprises a sensing circuit, error detection circuit, and analog-to-digital conversion circuit for processing synapse array outputs. The application was filed on April 22, 2025, and names Hyung Min Lee, Min Seong Um, and Min Il Kang as inventors.
Pyramid Key-Value Cache Compression for Transformer Models
USPTO published patent application US20260099695A1 on April 9, 2026, for a method of operating transformer models with algorithmic key-value cache memory allocation across decoding layers. The invention allocates a fixed memory budget progressively across layers, with higher layers receiving smaller cache allocations. Each layer independently determines maximum key-value vector pairs based on its allocated cache.
RAG Content Quality Evaluation Method Using Large Language Models
USPTO published patent application US20260099693A1 titled 'Content Quality Evaluation for Retrieval Augmented Generation Systems.' The patent covers a method for objectively evaluating content output by RAG systems using large language models to generate evaluation metrics and present comparative quality data across multiple RAG system configurations.
Semantic Communication Method for AI Model Transmission
USPTO published patent application US20260099699A1 disclosing a semantic communication method for AI model transmission. The method encodes a target AI model using a preset semantic encoder to output semantic information, which is then transmitted through a wireless channel to a semantic decoder that reconstructs a corresponding model. The semantic encoder and decoder are trained using a semantic contrastive loss function to minimize semantic distance between target and enhanced samples while maximizing distance with remaining samples.
Cisco WebEx Multiple Critical Vulnerabilities CVSS 9.8
CERT-Bund issued a critical security advisory for Cisco WebEx vulnerabilities (WID-SEC-2026-1132) with CVSS Base Score 9.8 affecting WebEx Contact Center and WebEx Services. Multiple cross-site scripting vulnerabilities and security bypass flaws affect Windows, Linux, UNIX, and other operating systems. Remote attackers can exploit these flaws to perform XSS attacks and circumvent security measures.
Budibase Critical Vulnerability Allows Security Bypass (CVSS 9.1)
CERT-Bund issued a security advisory regarding a critical vulnerability in Budibase, an open-source low-code platform for building internal applications. The vulnerability (CVSS Base Score 9.1) allows remote anonymous attackers to bypass security controls. Affected systems include Linux, UNIX, and other operating systems running Budibase versions prior to 3.35.4. Organizations using this platform should update to version 3.35.4 immediately.
Microsoft Developer Tools Multiple Vulnerabilities CVSS 7.8
CERT-Bund published advisory WID-SEC-2026-1100 disclosing multiple vulnerabilities in Microsoft Visual Studio, .NET Framework, .NET, PowerShell, and Visual Studio Code. CVSS Base Score is 7.8 (high); CVSS Temporal Score is 6.8 (medium). Affected products span .NET Framework 3.5 through 10.0, PowerShell 7.4 and 7.5, Visual Studio 2017 through 2022, and Visual Studio Code CoPilot Chat Extension across Linux, macOS, and Windows platforms. An attacker could exploit these flaws to disclose confidential information, conduct spoofing attacks, cause denial-of-service conditions, bypass security measures, or potentially execute arbitrary code. Remote attack capability is noted as no.
Red Hat Enterprise Linux and Satellite High-Severity Security Vulnerabilities (CVSS 8.1)
CERT-Bund issued security advisory WID-SEC-2026-1160 alerting to multiple high-severity vulnerabilities in Red Hat Enterprise Linux 9 and Red Hat Satellite 6.18. The vulnerabilities carry a CVSS Base Score of 8.1 (High) and Temporal Score of 7.1 (High). Remote attackers can exploit these flaws to disclose information or execute arbitrary code. Mitigation measures are available.
Apache Kafka Multiple Vulnerabilities CVSS 7.5
CERT-Bund published a security advisory (WID-SEC-2026-1166) disclosing multiple vulnerabilities in Apache Kafka with a CVSS Base Score of 7.5 (high) and Temporal Score of 6.5 (medium). Affected versions include Apache Kafka prior to 4.1.2, 4.2.0, 3.9.2, and 4.0.1. Remote attackers can exploit these vulnerabilities to bypass security controls and disclose information. Mitigations are available.
Sparx Enterprise Architect Multiple Vulnerabilities Allow Security Bypass
CERT-Bund issued security advisory WID-SEC-2026-1163 regarding multiple vulnerabilities in Sparx Systems Enterprise Architect (versions prior to 17.1) affecting Linux, UNIX, and Windows platforms. CVSS Base Score is 6.1 (medium) with CVSS Temporal Score of 5.3 (medium). Remote attack is not possible; mitigation is available. Attackers can exploit these vulnerabilities to bypass security measures and disclose information.
Hashicorp Vault Vulnerabilities CVSS 8.1 Data Manipulation DoS Information Disclosure
BSI-CERT (CERT-Bund) published security advisory WID-SEC-2026-1164 identifying multiple vulnerabilities in Hashicorp Vault (Community and Enterprise editions) with CVSS Base Score 8.1. Affected versions include Vault below 2.0.0 and Enterprise below 1.21.5, 1.20.10, and 1.19.16. Remote attackers can exploit these flaws to manipulate data, cause denial-of-service conditions, or disclose confidential information potentially enabling privilege escalation. Mitigation measures are available.
OpenClaw Multiple Critical Vulnerabilities CVSS 9.8
CERT-Bund issued a critical security advisory for OpenClaw, an open-source personal AI assistant for self-hosted deployment. Multiple vulnerabilities with a CVSS Base Score of 9.8 (critical) and Temporal Score of 8.5 (high) affect OpenClaw versions prior to 2026.4.15. Remote attackers can exploit these flaws to gain elevated privileges, execute arbitrary code, bypass security controls, or disclose/manipulate data. Mitigation measures are available.
Angular Security Flaw Enables Remote Information Disclosure
CERT-Bund issued a security advisory warning of a vulnerability in Angular framework versions prior to 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8. A remote, anonymous attacker can exploit this flaw to disclose information. The vulnerability affects applications running on Angular across Linux, UNIX, Windows, and other operating systems, with a CVSS Base Score of 8.6 (high) and Temporal Score of 7.5 (high).
GnuTLS Vulnerability Allows Denial of Service Attacks, No Fix Available
CERT-Bund published security advisory WID-SEC-2026-1165 warning of a vulnerability in GnuTLS (GNU Transport Layer Security Library) that allows remote attackers to conduct Denial of Service attacks. The vulnerability has a CVSS Base Score of 7.5 (high) and Temporal Score of 7.1 (high). No mitigation or fix is currently available. Affected products include Open Source GnuTLS running on Linux, UNIX, and Windows operating systems.
BeeHero AI Patent Tracks Bee Pollination Efficiency
The European Patent Office published patent application EP4276700A1 for BeeHero Ltd., covering AI systems for tracking and monitoring bee pollination efficiency. The patent application includes machine learning methods under classification G06N for analyzing bee activity data and pollination performance metrics. The filing names inventors Davidi, Kanot, and Clouston and designates multiple European states for protection.
Multi-Party Model Training - Palantir Technologies Inc.
The European Patent Office has published patent application EP4273730A1 for Palantir Technologies Inc., titled 'Multi-Party Model Training.' The invention relates to AI and machine learning computing methods under the G06N classification with data privacy applications under G06F 21/62. The patent application has been published with all European Patent Convention contracting states designated.
Social Robot With Environmental Control Feature (EP3538329A1)
The European Patent Office published patent application EP3538329A1 for Warner Bros. Entertainment Inc., titled 'Social Robot With Environmental Control Feature.' The patent covers AI-based social robotics technology classified under G06N 3/008 (learning arrangements), G06N 5/046 (knowledge processing), and mechanical robotics classifications B25J 9/16 and B25J 11/00. The application designates 31 European states for patent protection.
Universal Learned Model Generation Method - Aising Ltd EP3734519A1
The European Patent Office published patent application EP3734519A1 titled 'METHOD FOR GENERATING UNIVERSAL LEARNED MODEL' filed by Aising Ltd. The application covers methods for generating universal learned models using artificial intelligence. The patent designates 34 European member states including Germany, France, the United Kingdom, Italy, Spain, and other EU countries.
EP3895176A1 - AI Extracts Surgical Duration from OR Time
EPO granted patent EP3895176A1 to VERB Surgical Inc. on April 8, 2026. The patent covers machine learning methods and systems for extracting actual surgical duration from total operating room time, applicable to surgical scheduling and outcomes analysis. This is a patent grant publication with no compliance obligations.
Samsung Electronics - ML Wide Beam Optimization in Cellular Network
The European Patent Office published Samsung Electronics Co., Ltd.'s patent application EP3788814A1 for machine learning based wide beam optimization in cellular networks. The patent covers neural network-based methods (G06N family) for optimizing antenna beam patterns in wireless communications (H04W). Designated states include AT, BE, DE, FR, GB, IT, NL, ES, and 23 other EPC contracting states.
Infringement Detection Method, Device and System (EP3824454A1)
The European Patent Office published patent application EP3824454A1 titled 'Infringement Detection Method, Device and System' filed by Acusensus IP Pty Ltd. The patent covers methods and systems for detecting traffic violations or infringements using neural networks and image analysis technologies.
Amortized Q Learning Patent - GDM Holding LLC - EP3867821A1
The European Patent Office published patent application EP3867821A1 titled 'Controlling Agents Using Amortized Q Learning' by applicant GDM Holding LLC. The patent covers AI/machine learning methods under IPC classifications G06N (neural networks and machine learning). The designation extends to 33 European states including DE, FR, GB, IT, NL, ES, SE, and others.
Photonic Detection Systems AI Patent EP3824270A1
The EPO published patent application EP3824270A1 by Photonic Detection Systems Pty Ltd, titled 'A Detection System for Detecting Matter and Distinguishing Specific Matter from Other Matter.' The patent covers photonic detection technology utilizing AI/machine learning (G06N classification) and is designated for protection across 31 European states including Germany, France, Great Britain, Italy, and Spain.
Vertical Transmon Qubit Device
The European Patent Office published IBM's patent application EP3769340A1 for a vertical transmon qubit device used in quantum computing processors. The application covers superconducting qubit structures and quantum processor hardware designs. The invention relates to quantum computing technology with applications in advanced computational systems.
Data Reading/Writing Method and System in 3D Image Processing, Storage Medium, and Terminal
The European Patent Office published application EP3816867A1 for VeriSilicon Microelectronics (Shanghai) Co., Ltd., VeriSilicon Holdings Co., Ltd., and VeriSilicon Microelectronics (Nanjing) Co., Ltd., covering a data reading/writing method and system in 3D image processing, storage medium, and terminal. The patent application is classified under IPC G06T 1/60 and G06N 3/04 (AI and computing). The designated states include AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LI, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, and TR. This patent publication establishes intellectual property rights for VeriSilicon across the designated European member states. Technology companies operating in AI, neural networks, and 3D image processing should review the scope of this granted patent to assess potential licensing requirements or freedom-to-operate implications in the EU market.
Upstream Security ML Patent for Connected Vehicle Cybersecurity
The European Patent Office published patent application EP3646253A1, granted to Upstream Security Ltd. on April 8, 2026. The patent covers AI and machine learning systems for protecting connected vehicles from cybersecurity threats. Inventors are Yonatan Appel and Yoav Levy.
CISA Adds Apache ActiveMQ Code Injection Vulnerability CVE-2026-34197 to Known Exploited Vulnerabilities Catalog
CISA added CVE-2026-34197, an Apache ActiveMQ code injection vulnerability, to its Known Exploited Vulnerabilities catalog on April 16, 2026. The vulnerability, rated HIGH at CVSS 8.8 with active exploitation status, allows authenticated attackers to achieve arbitrary code execution through the Jolokia JMX-HTTP bridge. Affected versions include Apache ActiveMQ before 5.19.4 and from 6.0.0 before 6.2.3. Federal civilian agencies are required to remediate per BOD 22-01 remediation timelines.
Critical Vulnerability in Nginx UI Actively Exploited (CVE-2026-33032)
The Cyber Security Agency of Singapore (CSA) issued an alert regarding a critical vulnerability (CVE-2026-33032) in Nginx-UI with Model Context Protocol (MCP) support. The vulnerability has a CVSS v3.1 score of 9.8 out of 10 and is being actively exploited in the wild with a public proof-of-concept exploit available. Successful exploitation allows network attackers to invoke all MCP tools without authentication and achieve complete NGINX service takeover.
Critical Vulnerabilities in Cisco ISE and Webex Services
The Cyber Security Agency of Singapore issued an alert advising users and administrators to immediately update Cisco Identity Services Engine (ISE) and Webex Services to address multiple critical security vulnerabilities. Affected CVEs include CVE-2026-20147, CVE-2026-20180, CVE-2026-20186 (CVSSv3.1: 9.9) in Cisco ISE, and CVE-2026-20184 (CVSSv3.1: 9.8) in Webex Services. The vulnerabilities could allow authenticated remote attackers to gain root access and execute arbitrary commands, or unauthenticated attackers to impersonate users and access legitimate Webex services.
Creating and Extracting Training Data from Storage Systems to Train Machine Learning Models for Ransomware Detection
The USPTO published patent application US20260099597A1 on April 9, 2026, describing methods for generating machine learning training data from storage systems to train ransomware detection models. The invention creates snapshots of storage volumes, generates ransomware traces using hidden volumes and benign traces from regular volumes, extracts features into an advanced features table, and trains ML models using the generated training data. The application was filed on October 4, 2024, under Application No. 18907467.
Modeling Agents Using Local and Global Models
USPTO granted Patent US20260099646A1 for a method of modeling agents within an environment using local continuous models, local discrete models, and global continuous models to predict agent behaviors. The patent covers determining local and global continuous aspects alongside local discrete aspects, then using these to determine agent behaviors via modeling systems. Inventors include Leslie Ann Canavera, Lauren Brooke Decker, and Christopher Rex Curry.
Convolution Network for Relevant Motion Detection in Surveillance Video
The USPTO published patent application US20260099927A1 describing AI methods for detecting relevant motion of persons and vehicles in surveillance videos. The application covers a convolution network with spatial-wise and temporal-wise max pooling elements that generates prediction results for relevant motion detection. The application was filed on May 20, 2025, by inventors Ruichi Yu and Hongcheng Wang.
Fujitsu Patent - Discrete Optimization Using Continuous Relaxation and Machine Learning
USPTO published patent application US20260099565A1 assigned to Fujitsu Limited. The application covers a non-transitory computer-readable medium and calculation method for discrete optimization using continuous relaxation with machine learning. The invention involves applying perturbations to discrete optimization problems and training a machine learning model to output solutions.
AI Classification Detects Software Intrusive Action Provisions
USPTO published patent application US20260099582A1 for an AI system that classifies software information to detect provisions indicating intrusive actions. The system uses machine learning to identify when a software program will perform intrusive actions and provides classification to destination devices. Inventors: Shannon Sabens, Marian Radu, Jeffrey Kaplan.
Lane Violation Detection Using Convolutional Neural Networks
The USPTO published patent application US20260100058A1 filed by Hayden AI Technologies, Inc. on August 12, 2025. The application discloses systems and methods for detecting traffic lane violations using convolutional neural networks, with bounding boxes for vehicles and polygons for lane detection. Inventors include Vaibhav Ghadiok, Christopher Carson, and Bo Shen.
ICE Arrests Criminal Aliens Including Murderers, Rapists, and Pedophiles
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of criminal aliens convicted of serious offenses including homicide, attempted first-degree murder, statutory rape, indecent liberties with a child, and aggravated robbery. The arrests were part of ongoing enforcement operations targeting individuals with criminal convictions in multiple states including Florida, North Carolina, California, and Texas.
ICE Arrests Trio of Criminal Illegal Aliens Convicted of Child Sex Crimes in Minnesota in One Day
U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) agents arrested three illegal aliens convicted of child sex crimes in Minnesota on April 14, 2026. The individuals arrested were Rene Rosario-Miranda (Guatemala, convicted of aggravated sexual abuse of a minor), Axel Javier Martinez-Castillo (Honduras, convicted of sexual assault of a 7-year-old), and Rene Flores-Lue (El Salvador, convicted rapist of a 5-year-old).
Coast Guard Offloads 3,825 Pounds, $28.7M Cocaine from Eastern Pacific
U.S. Coast Guard Cutter Tampa's crew offloaded approximately 3,825 pounds of cocaine worth more than $28.7 million at Base Miami Beach on April 16, 2026. The seized contraband resulted from two interdictions in international waters of the Eastern Pacific Ocean conducted through Operation Pacific Viper.
Horner Automation Cscape and XL4, XL7 PLC Weak Password Vulnerability
CISA ICS-CERT published an advisory for Horner Automation Cscape and XL4, XL7 PLCs (CVSS 9.1 CRITICAL) identifying weak password requirements vulnerability. Affected versions include Cscape v10.0, XL7 PLC v15.60, and XL4 PLC v16.32.0. An attacker with network access could brute force discover passwords to gain unauthorized access to systems and services. Vendor fix is available: update to Cscape v10.2 SP2 or later and latest firmware.
CVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability Added to KEV Catalog
CISA has added CVE-2026-34197 (Apache ActiveMQ Improper Input Validation) to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. This vulnerability poses significant risks to the federal enterprise as improper input validation is a frequent attack vector for malicious cyber actors. Binding Operational Directive 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by specified due dates. CISA strongly urges all organizations to prioritize timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice.
Delta Electronics ASDA-Soft Stack-Based Buffer Overflow Vulnerability
CISA ICS-CERT published advisory ICSA-26-106-01 disclosing a stack-based buffer overflow vulnerability (CVE-2026-5726) in Delta Electronics ASDA-Soft versions 7.2.0.0 through 7.2.2.0. Successful exploitation could allow an attacker to execute arbitrary code on affected systems. Delta Electronics has released version 7.2.6.0 as the vendor fix. The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH severity) and affects the Critical Manufacturing sector worldwide.
Anviz CX2 Lite, CX7, CrossChex Access Control Devices Multiple Critical and High Vulnerabilities
CISA ICS-CERT published an advisory detailing 12 critical and high-severity vulnerabilities affecting Anviz biometric access control devices (CX2 Lite, CX7, and CrossChex). The vulnerabilities include missing authentication, command injection, hardcoded cryptographic keys, and unauthenticated firmware uploads, with CVSS scores ranging from 5.3 to 9.8. Anviz did not respond to CISA's coordination attempts, leaving no vendor-provided patches available.
AVEVA Pipeline Simulation Missing Authorization Vulnerability ICSA-26-106-04
CISA ICS-CERT published advisory ICSA-26-106-04 disclosing a critical missing authorization vulnerability (CVE-2026-5387) in AVEVA Pipeline Simulation versions <=2025_SP1_build_7.1.9497.6351. The flaw carries a CVSS v3.1 score of 9.1 (Critical) and allows unauthenticated attackers to modify simulation parameters, training configuration, and training records through privilege escalation. The vendor has released a fix in version 2025 SP1 P01 (build 7.1.9580.8513).
Firmware-Based Monitoring for Bus-Based Computer Systems
NIST published a technical white paper (CSWP 52) describing design mechanisms for firmware-based monitoring of bus-based computer systems. The paper details how distributed forensic units can passively observe bus traffic and employ consensus-building algorithms to collaboratively detect compromised nodes within zero trust architectures. The research targets future system defense solutions for embedded and distributed hardware systems.
One Year of VOICE Office Reopening Anniversary
DHS announces the one-year anniversary of the VOICE (Victims of Immigration Crime Engagement) Office reopening under the Trump administration. The office, established to support victims of crimes committed by criminal aliens, provides a toll-free hotline (1-855-48-VOICE) and access to the DHS-VINE notification system for custody status updates. Registration for victim notification services is available free of charge through vinelink.dhs.gov.
Securing Devices Cryptographic Techniques (EP3999978A1)
The European Patent Office published application EP3999978A1 for Infiltron Holdings, LLC, titled 'Systems and Methods for Securing Devices in a Computing Environment.' The patent covers cryptographic techniques for device authentication (G06F 21/32) and network security protocols (H04L 9/40). Invented by Chasity Latrice Wright, the application designates all EPC contracting states including DE, FR, GB, IT, NL, ES, and 25 additional European jurisdictions.
European Patent for Efficient Cryptographic Authentication Protocol
European Patent for Efficient Cryptographic Authentication Protocol
Cisco Unity Connection Multiple Vulnerabilities, CVSS 6.5
CERT-Bund published security advisory WID-SEC-2026-1149 disclosing multiple vulnerabilities in Cisco Unity Connection (CVSS Base Score 6.5, medium). Affected versions include Cisco Unity Connection prior to 14SU6, 15SU4, and 14SU5. An attacker can exploit these flaws to conduct cross-site scripting attacks, redirect users to malicious websites, manipulate data, and disclose confidential information. Mitigations are available.
Dell Storage Manager Privilege Escalation Vulnerability, CVSS 7.3
CERT-Bund issued a security advisory regarding a privilege escalation vulnerability (CVE) in Dell Storage Manager affecting Dell Storage Manager Replay Manager versions prior to 8.0.3. The flaw carries a CVSS base score of 7.3 (high severity) with a temporal score of 6.4 (medium). A local attacker with access to the affected Windows system can exploit this vulnerability to escalate privileges. Mitigation measures are available.
Multiple XSS Vulnerabilities Drupal Core, Severity Medium
CERT-Bund issued a security advisory regarding multiple cross-site scripting (XSS) vulnerabilities in Drupal Core affecting versions prior to 10.5.9, 10.6.7, 11.2.11, and 11.3.7. The vulnerability carries a CVSS Base Score of 5.7 (Medium) and CVSS Temporal Score of 5.0 (Medium). An attacker can exploit these vulnerabilities to conduct cross-site scripting attacks and potentially execute arbitrary code remotely. Mitigations are available.
Vim vulnerability allows arbitrary code execution, CVSS 6.6
Vim vulnerability allows arbitrary code execution, CVSS 6.6
IBM Spectrum Protect Plus Denial of Service Vulnerability - CVSS 8.6
CERT-Bund issued security advisory WID-SEC-2026-1148 identifying a high-severity denial of service vulnerability in IBM Spectrum Protect Plus. The flaw carries a CVSS Base Score of 8.6 and a Temporal Score of 7.5, with confirmed remote exploitability by an unauthenticated attacker. Affected versions include IBM Spectrum Protect Plus prior to version 10.1.18, running on Linux, UNIX, or Windows operating systems. Mitigation measures are available.