Numerous threat actors have launched intrusions abusing the critical remote code execution flaw in the open-source Python notebook Marimo, tracked as CVE-2026-39987, to deploy illicit payloads and compromise data since the vulnerability was first discovered to be harnessed within hours of its disclosure last week, BleepingComputer reports.
Nearly 180 critical vulnerabilities have been collectively addressed by Microsoft, Adobe, SAP, and Fortinet as part of April's Patch Tuesday, The Hacker News reports.
Under the new model, NIST will only fully enrich CVEs that are listed in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog, affect federal government software, or impact software classified as critical.
The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include four old Microsoft security issues, reports The Register.
ITPro reports that new research from Wiz contends that artificial intelligence is not conjuring novel categories of vulnerabilities but rather aggressively multiplying the real estate where classic, preventable errors, like credential leaks and misconfigurations, can wreak havoc.
The vulnerability, discovered by Nicholas Carlini, is a cryptographic validation flaw affecting multiple signature algorithms in wolfSSL, including ECDSA/ECC, DSA, ML-DSA, Ed25519, and Ed448.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
