Cybersecurity

Enhanced Real-Time Linking Methods and Systems Patent Application

USPTO published patent application US20260100917A1 by Live Nation Entertainment, Inc. on April 9, 2026. The application covers systems and methods for enabling real-time linking between devices and defining assignment conditions for resource access rights.

Adobe Acrobat Code Execution Vulnerability, CVSS 8.6

CISA added CVE-2026-34621 to its Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026. The vulnerability affects Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier, with a CVSS score of 8.6. Successful exploitation allows arbitrary code execution via a malicious PDF file through prototype pollution. Federal agencies are subject to Binding Operational Directive 22-01 remediation timelines.

CVE-2026-21643: FortiClientEMS SQL Injection Vulnerability

CISA has added CVE-2026-21643 to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a SQL injection flaw in Fortinet FortiClientEMS 7.4.4 allowing unauthenticated remote code execution via crafted HTTP requests. Exploitation is confirmed active, automatable, and achieving total technical impact. CVSS score is 9.1 (CRITICAL). Federal agencies are subject to remediation requirements under Binding Operational Directive 22-01.

Adobe Acrobat Use-After-Free Vulnerability CVE-2020-9715

CISA added CVE-2020-9715 to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a use-after-free flaw in Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. Successful exploitation could lead to arbitrary code execution. The SSVC assessment rates exploitation as 'active' with total technical impact.

Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2023-36424

CISA has added CVE-2023-36424 to its Known Exploited Vulnerabilities catalog. The vulnerability is a Windows Common Log File System Driver elevation of privilege flaw with a CVSS 3.1 score of 7.8 (HIGH). It affects numerous Windows versions including Windows 10, 11, Server 2019-2022, and legacy systems. CISA has determined this vulnerability has been actively exploited in the wild, triggering remediation requirements for federal agencies under Binding Operational Directive 22-01.

CVE-2023-21529: Microsoft Exchange Server RCE Vulnerability Added to Known Exploited Vulnerabilities Catalog

CISA added CVE-2023-21529, a Microsoft Exchange Server remote code execution vulnerability, to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability carries a CVSS 3.1 score of 8.8 (HIGH) and is attributed to CWE-502 (Deserialization of Untrusted Data). Exploitation is assessed as 'active' with total technical impact and no automatable exploitation vector. Affected versions span Exchange Server 2016 and 2019 across multiple build ranges. Federal agencies are subject to BOD 22-01 remediation requirements for KEV catalog entries.

Microsoft Windows Host Process for Windows Tasks Privilege Escalation Vulnerability CVE-2025-60710

CISA added CVE-2025-60710 to the Known Exploited Vulnerabilities catalog on 2026-04-13. The vulnerability is an improper link resolution flaw in Host Process for Windows Tasks enabling local privilege escalation. CVSS 3.1 score is 7.8 (HIGH). Exploitation is active but not automatable per SSVC v2.0.3.

CVE-2012-1854: VBA Insecure Library Loading Vulnerability

CISA has cataloged CVE-2012-1854, an untrusted search path vulnerability in VBE6.dll affecting Microsoft Office 2003 SP3, 2007 SP2/SP3, and 2010 Gold/SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK. The vulnerability allows local users to gain privileges via a Trojan horse DLL in the current working directory. CISA confirms this vulnerability was exploited in the wild in July 2012. CVSS 3.1 score is 7.8 (HIGH) with exploitation status marked as 'active' in the KEV catalog.

ML Model Selects Analytics Based on Wireless Network State

The USPTO published patent application US20260100889A1 for an apparatus and method that uses machine learning models to select analytics services based on wireless network state. The system receives a request for analytics services including a use case parameter, determines an appropriate ML model based on both the use case parameter and current network conditions, and returns analytics information derived from the selected model. The inventors are Konstantinos Samdanis and Dimitrios Karampatsis, with filing date January 4, 2023 and application number 19113887.

ICE Arrests Multiple Criminal Aliens Including Pedophiles, Rapists, and Violent Assailants Over Weekend

DHS released a press statement announcing that ICE arrested multiple criminal aliens over a weekend in April 2026. Those arrested were convicted of offenses including aggravated sexual abuse of a child, rape, corporal injuries to spouse or cohabitant, and assault with a deadly weapon. The announcement highlighted ICE enforcement activity across the country targeting individuals present in the US without legal status who had criminal convictions.