Alert

Google has shared its Android Security Bulletin for April 2026. It includes important security fixes for the popular mobile system. The update has two parts—the 2026-04-01 and 2026-04-05 patch levels. Together, they fix many problems, from local Denial of Service (DoS) issues to serious flaws in special hardware. The 2026-04-01 …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to protect FortiClient Enterprise Management Server (EMS) systems from a known security issue by Friday. Tracked as CVE-2026-35616, this security flaw was found by the cybersecurity company Defused. Fortinet shared urgent fixes over the weekend to fix the problem. They …

A critical security flaw in the TrueConf video call software has been used in real attacks. It is a zero-day threat in a campaign aimed at government organizations in Southeast Asia called TrueChaos. The flaw is traced as CVE-2026-3502 . There is no check for integrity when getting application update …

Fortinet has released an urgent fix after security experts disclosed a zero-day flaw in FortiClient EMS that is being used by hackers. CVE-2026-35616 is an Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. Successful attacks do not …

A security alert from TP-Link has revealed several flaws—from CVE-2026-34118 to CVE-2026-34124— that impact the Tapo C520WS v2.6 outdoor security camera. CVSS v4.0 scores go up to 8.7. These flaws can let attackers on the same network get past security or shut down the device, making homes unsafe and unguarded. …

Cisco has published updates to fix a security issue in the Integrated Management Controller (IMC). If this flaw is used successfully, a remote attacker without authorization could skip authentication and access the system with higher privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a …

There has been a sharp rise in malware linked to the Nymaim / Avalanche loader in Bangladesh. CIRT BD observed over 27,000 malware events, which means bad actors are trying to infect systems and there is ongoing contact with the botnet. Threat Overview Nymaim (also known as Gozi ISFB Loader) …

Threat intelligence company Defused said attackers are now actively exploiting a critical vulnerability in Fortinet’s FortiClient EMS platform. This SQL injection flaw, known as CVE-2026-21643, lets attackers run any code on systems that aren’t fixed. They can do this with simple attacks aimed at the FortiClient EMS web interface using …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new flaw in F5 BIG-IP systems to its Known Exploited Vulnerabilities (KEV) list. They warned that this flaw is being used in real-world attacks. The vulnarability, known as CVE-2025-53521, was officially noted on March 27, 2026, and federal agencies must …

Cisco has put out an urgent security warning about a critical flaw in its Secure Firewall Management Center (FMC) software. This serious flaw lets hackers run any code with full control from far away. CVE-2026-20131 is a major security issue with a CVSS score of 10.0. It comes from unsafe deserialization …