Threat intel

What's happening in cyber, in plain English

We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.

SeverityAll Critical High Medium Low Info

KindAll Alert Data breach Vulnerability Advisory Report

SourceAll CISA — Known Exploited Vulnerabilities (1583)NVD — high/critical CVEs (rolling 7d) (1233)Have I Been Pwned — public breach catalog (973)Microsoft MSRC — security update guide (99)Cisco PSIRT — security advisories (52)CISA — cybersecurity advisories (40)FCA — UK unauthorised firms & scam warnings (36)NCSC — news & alerts (15)NCSC — weekly threat report (0)ICO — UK data-breach trends (manual) (0)Action Fraud — UK fraud and cybercrime alerts (0)

MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-5958 Race Condition in GNU Sed
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-41988
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-41989
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
MediumCVEMicrosoft MSRC — security update guide· 24 Apr 2026· summary pending
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Information published.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-5160
Information published.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Information published.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Information published.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
MediumCVEMicrosoft MSRC — security update guide· 23 Apr 2026· summary pending
CVE-2026-31450 ext4: publish jinode after initialization
Information published.

Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.