Microsoft’s April 2026 Patch Tuesday delivers a heavy set of fixes: 168 vulnerabilities across Windows, Office, Azure components and developer tools. The release includes one confirmed actively exploited zero-day in SharePoint Server (CVE-2026-32201) and a publicly disclosed elevation-of-privilege flaw in Microsoft Defender (CVE-2026-33825). Beyond those high-visibility issues, eight vulnerabilities are rated Critical — most of them Remote Code Execution (RCE)
Google brings “Skills” to Chrome so Gemini prompts are instantly reusable
Chrome is getting another nudge toward becoming the home for Google’s AI toolbox. This spring Google introduced “Skills,” a way to save Gemini prompts inside the browser so common queries and workflows can be retriggered with a click. Rather than retyping or copy‑pasting a prompt each time you want Gemini to perform a task, Skills let you store and reuse
Synology SSL VPN Client Flaws Let Remote Attackers Read Files and Expose PINs — Patch Now
Synology has released a security advisory addressing two important vulnerabilities in its SSL VPN Client that could allow remote attackers to access sensitive files and expose locally stored PINs. Both flaws require user interaction—specifically, visiting a crafted web page while the vulnerable client is running—but their consequences range from quietly reading configuration files and certificates to enabling interception of VPN
Micropatches for Windows Shell Bypass (CVE-2026-21510): What 0patch Fixed and Why It Matters
Microsoft released fixes earlier this year for CVE-2026-21510, a security feature bypass in Windows Explorer that let specially crafted shortcut (LNK) files execute a remotely hosted DLL without the usual security warning. Researchers observed exploitation in the wild and uploaded a sample to malware repositories, enabling vendors and defenders to reproduce the issue and protect legacy systems that no longer
OpenAI Acquires Hiro Finance to Bolster AI Financial Planning
OpenAI has officially confirmed the acquisition of Hiro Finance, an AI-powered personal finance startup founded by serial entrepreneur Ethan Bloch. The deal, which follows Hiro’s recent launch of a specialized financial modeling tool, marks a strategic move by OpenAI to deepen its expertise in high-stakes mathematical accuracy and consumer fintech. Backed by heavyweights like Ribbit Capital and General Catalyst, Hiro
How a Flippa Purchase Turned 30+ “Essential Plugin” WordPress Plugins into Backdoor Bait
Last week I encountered a supply-chain incident that felt eerily familiar but much larger in scale. A client’s dashboard had started showing a warning from the WordPress.org Plugins Team about a plugin serving code that could permit unauthorized access. A deeper dive revealed an attacker had quietly weaponized an entire portfolio of plugins—planting a backdoor that lay dormant for months