A week in security (May 11 – May 17)

Last week on Malwarebytes Labs: Attackers replaced JDownloader installer downloads with malware Meta’s confusing new approach to chat privacy Why Malwarebytes blocks some Yahoo Mail redirects Fake Claude search results lure Mac users into ClickFix attack Deepfake sextortion forces schools to remo...

May 2026 Patch Tuesday: no zero-days but plenty to fix

This month’s Patch Tuesday remedies 137 security vulnerabilities, including 31 marked critical by Microsoft, with no zero-days actively exploited in the wild. Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is available yet.” This month, Microsof...

Patch Tuesday, May 2026 Edition

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers --...

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

By Jaeson Schultz Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 31 that Microsoft marked as "critical". In this month's release, Microsoft has not observed any of the included vulnerabilities being...

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

May 2026's Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for May 2026 This...

A note on this month's Patch Tuesday

Each Patch Tuesday looks a little different. Some months are quieter, others are larger. This month's release sits on the larger side of a hotpatch month, and we expect releases to continue trending larger for some time. Every update reflects investments we have made across the development...

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 CVSS score: 4.3, a spoofing vulnerability that could allow an attacker to...

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse CVE-2026-2768...

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one i...

Patch Tuesday - April 2026

Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation...

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its...

Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

Microsoft has released its monthly security update for April 2026, which includes 165 vulnerabilities affecting a wide range of products, including eight Microsoft marked as "critical." CVE-2026-23666 is a critical Denial of Service DoS vulnerability that affects the .NET framework. Successful...

Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review

April 2026's Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for April 2026...

A week in security (March 9 – March 15)

Last week on Malwarebytes Labs: Watch out for fake Malwarebytes renewal notices in your calendar Google patches two Chrome zero-days under active attack. Update now Attackers impersonate Temu in ClickFix $Temu airdrop scam Apple patches Coruna exploit kit flaws for older iOS versions This Android...

About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability

About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. A total of 79 vulnerabilities, about one and a half times more than in February. What's truly unusual is that this time there were no vulnerabilities with signs of exploitation in the wild or a public exploit! 🤔 At least not yet. 😏 The following vulnerabilities can ...

CVE-2026-21333

creationtimestamp| type| source ---|---|--- 2026-03-11 14:35:00+00:00| seen| https://www.cert.se/2026/03/patchtisdag-mars-2026-samlad-information-om-manadens-sakerhetsuppdateringar.html 2026-03-21 06:33:04+00:00| seen| https://bsky.app/profile/secqube.com/post/3mhkfwoeryn2y...

How Hive Pro Brings Comprehensive Security to  CrowdStrike and SentinelOne

& How HivePro Vulnerability Exposure Management VEM extends and amplifies the value of your existing endpoint security/EDR investments - turning detection strength into enterprise-wide vulnerability and exposure intelligence. The Challenge Your EDR is world-class. Your exposure visibility isn't...

March 2026 Patch Tuesday fixes two zero-day vulnerabilities

Microsoft releases important security updates on the second Tuesday of every month, known as Patch Tuesday. This month’s update fixes 79 Microsoft CVEs including two zero-day vulnerabilities. Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is...