Known Exploited Vulnerabilities and counting....

A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.

Cybersecurity Brief — April 19, 2026

Microsoft's April Patch Tuesday addresses a significant 168 vulnerabilities, including CVE-2026-32201, a SharePoint Server spoofing vulnerability that threat actors are actively exploiting in the wild. The zero-day's active exploitation status makes it a priority patch for organizations running SharePoint infrastructure. The scale of this month's update—168 vulnerabilities—underscores the ongoing complexity of securing Microsoft's enterprise ecosystem and the critical need for rapid patch deployment.

In operational security news, a low-cost Bluetooth tracker concealed in a postcard and mailed to a Dutch naval vessel successfully exposed the warship's location for 24 hours. The incident, involving a €5 tracking device compromising a €500 million asset, highlights a fundamental gap in physical security screening procedures for military installations. While relatively unsophisticated, the attack demonstrates how inexpensive consumer technology can be weaponized for intelligence gathering against high-value targets, raising questions about mail screening protocols at sensitive facilities.

Sources: Cybersecurity News · Tom's Hardware

Woman Looking at Computer Screen

CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.

Search Known Exploits

Search for CVEs by vendor to identify known exploited vulnerabilities in your environment

Loading vendors...

Upcoming Patch Due Dates

via Binding Operational Directive 22-01

(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.

Loading...

News Logo

Cyber Security News

You may have missed...

📌 Pinned

*

https:betanews.comMar 5

Inside a cyberattack: How hackers steal data

The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...

Read more →
https://www.goodmorningamerica.comApr 18

How teens are being recruited into criminal hacking on gaming sites like Roblox

ABC News investigates teen hackers and how some are being recruited into breaking the law on the interactive gaming platform Roblox.

Read more →
https://www.pcgamer.comApr 19

A 17-year-old Excel vulnerability is currently being exploited by threat actors, and it's been flagged by the US' cyber defence agency

A 17-year-old Microsoft Excel vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog because threat actors are actively exploi...

Read more →
https://www.slashgear.comApr 19

'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach

Discover the details of the massive PowerSchool breach. We explain how the FBI arrested teen hacker Matthew Lane for stealing 60 million records.

Read more →
https://news.bitcoin.comApr 19

Bitcoin Rebounds, But Crypto's Security Crisis Intensifies – Week in Review

Bitcoin finished the week up over 4%, while Ethereum rose 6%, and Solana came printed about 7% in gains by Friday.

Read more →
https://cryptonews.comApr 19

Circle Unveils Quantum-Resistant Roadmap for Arc Blockchain

Circle published a full-stack, phased post-quantum security roadmap for its Arc blockchain with Phase 1 deploying at mainnet launch in 2026, making it...

Read more →
https://cybersecurityventures.comApr 18

He Pled Guilty To Blackmailing Apple. What Really Happened. - Cybercrime Magazine

This week in cybersecurity from the editors at Cybercrime Magazine ... Kerem Albayrak from north London threatened to wipe 319 million accounts unless...

Read more →
https://www.cybersecuritydive.comApr 18

TP-Link routers face exploitation attempt linked to high-severity flaw | Cybersecurity Dive

The Cybersecurity and Infrastructure Security Agency previously added the command injection vulnerability, tracked as CVE-2023-33538, to its Known ...

Read more →
https://cybernews.comApr 18

Angry researcher drops second Windows Defender zero-day exploit: "They mopped the floor with me"

A second Windows Defender zero-day exploit enabling privilege escalation has been released publicly, with the researcher threatening to release additi...

Read more →

Updated daily

TOP SITES

Cyber_Comply © 2021-25