CVE-2026-20960 Microsoft Power Apps Remote Code Execution Vulnerability
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network. - Read more
NSA urges continuous checks to achieve zero trust
The agency leading the US government’s cryptology and cyber security strategies has published its latest zero-trust guidance - Read more
Threat and Vulnerability Management in 2026
Key Takeaways: Traditional vulnerability management tools can no longer keep up with the speed of modern exploitation—threat context is now mandatory. Threat...
Elevating global operations: Mastering multi-cluster Elastic deployments with Fleet
This blog highlights the features built into Fleet and Integrations that enable Elastic Agents to seamlessly operate in these environments. - Read more
Kaiser to Pay $46M in Patient Data Lawsuit. Find Out If You’re Eligible
Kaiser Permanente agreed to a $46M settlement over claims that patient health information was improperly disclosed online. The claims deadline is March 12, 2026.
The...
Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits
Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. ...
Predicting 2026
Welcome to this week’s edition of the Threat Source newsletter. It’s become traditional at this time of year to make predictions about cybersecurity for the coming...
AVEVA Process Optimization
View CSAF
Summary
Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information.
The following...
Cyber body ISC2 signs on as UK software security ambassador
Professional cyber association ISC2 pledges support to UK government’s Software Security Ambassador scheme, part of the recently unveiled Cyber Action Plan - Read...
Latest article
Great responsibility, without great power
Welcome to this week’s edition of the Threat Source newsletter. As I’m writing this, today (April 28) is International Superhero Day. If you don’t know the origin story behind...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr...
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level...
Almost half of UK businesses hit by cyber attacks
The government's annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches. - Read more
