End-of-Day report
Timeframe: Dienstag 14-04-2026 18:00 - Mittwoch 15-04-2026 18:00
Handler: Felician Fuchs
Co-Handler: Alexander Riepl
News
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Today is Microsofts April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/
Over 100 Chrome extensions in Web Store target users accounts and data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud.
https://www.bleepingcomputer.com/news/security/over-100-chrome-extensions-in-web-store-target-users-accounts-and-data/
Microsoft: April updates trigger BitLocker key prompts on some servers
Microsoft confirmed on Tuesday that some Windows Server 2025 devices will boot into BitLocker recovery after installing the April 2026 KB5082063 Windows security update.
https://www.bleepingcomputer.com/news/microsoft/microsoft-some-windows-servers-ask-for-bitlocker-key-after-april-updates/
New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution.The vulnerabilities have been described as command ..
https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an ..
https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html
Agents hooked into GitHub can steal creds - but Anthropic, Google, and Microsoft havent warned users
Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn-t disclose the problem.
https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/
UK told its Big Tech habit is now a national security risk
Open Rights Group says years of reliance on US giants have left Britain exposed Britain has spent years wiring its public sector into US Big Tech, and a new report says that dependence could quickly become a national security headache.
https://www.theregister.com/2026/04/15/uk_big_tech_dependence/
Ancient Excel bug comes out of retirement for active attacks
Vuln old enough to drive lands on CISAs exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.
https://www.theregister.com/2026/04/15/excel_exploit/
Fortinet stopft 18 Sicherheitslecks
Insgesamt 18 Sicherheitsnotizen hat Fortinet in der Nacht zum Mittwoch veröffentlicht. Sie behandeln teils kritische Lücken.
https://www.heise.de/news/Fortinet-stopft-18-Sicherheitslecks-11257883.html
Booking.com: Unbefugte Zugriffe von Kriminellen entdeckt
Booking.com gibt unbefugte Fremdzugriffe auf Buchungsinformationen zu. Betroffene Kunden werden informiert, ihre PINs aktualisiert.
https://www.heise.de/news/Booking-com-Unbefugte-Zugriffe-von-Kriminellen-entdeckt-11256689.html
Microsoft Office 2021: Support endet am 13. Oktober 2026
Microsoft erinnert an das Support-Ende für Office 2021 am 13. Oktober 2026. Es gibt keine erweiterten Sicherheitsupdates (ESU).
https://www.heise.de/news/Microsoft-Office-2021-Support-endet-am-13-Oktober-2026-11257975.html
April Patch Tuesday fixes two zero-days, including one under active attack
This month-s Patch Tuesday addresses 167 vulnerabilities, including two zero-days that could lead to system compromise, data exposure, and privilege escalation.
https://www.malwarebytes.com/blog/news/2026/04/april-patch-tuesday-fixes-two-zero-days-including-one-under-active-attack
Sweden says pro-Russian hackers attempted to breach thermal power plant
A suspected pro-Russian hacker group attempted to disrupt operations at a thermal power plant in western Sweden last year, a Swedish defense official said.
https://therecord.media/sweden-hackers-russia-power-plant
The n8n n8mare: How threat actors are misusing AI workflow automation
Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026.
https://blog.talosintelligence.com/the-n8n-n8mare/
wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now
Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk.
https://hackread.com/wolfssl-vulnerability-iot-routers-military-systems/
Adobe-Patchday: Kritische Schadcode-Lücken bedrohen Photoshop & Co.
Wichtige Sicherheitsupdates schließen Schwachstellen in Anwendungen von Adobe. Weil viele Lücken kritisch sind, sollten Admins zeitnah handeln.
https://heise.de/-11257985
How to Harden GitHub Actions: An Updated Guide
Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios.
https://www.wiz.io/blog/github-actions-security-guide
Vulnerabilities
Zugänglicher Privater Schlüssel eines X.509 Zertifikats in SAP HANA Cockpit & SAP HANA Database Explorer
https://sec-consult.com/de/vulnerability-lab/advisory/zugaenglicher-privater-schluessel-eines-x509-zertifikats-in-sap-hana-cockpit-sap-hana-database-explorer/