Patch Tuesday notes: Microsoft addresses two zero-days.

Summary

By the N2K CyberWire staff

Patch Tuesday notes: Microsoft addresses two zero-days.

Microsoft yesterday issued fixes for 167 vulnerabilities, including two zero-day flaws, BleepingComputer reports. One of the zero-days (CVE-2026-32201), which is being actively exploited, is an "[i]mproper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network." The other zero-day (CVE-2026-33825), which was publicly disclosed before a patch was available, is an elevation-of-privilege flaw in Microsoft Defender. This latter flaw, dubbed "BlueHammer," was exposed along with exploit code by a disgruntled researcher who grew exasperated with Microsoft, KrebsOnSecurity reports.

Adobe released patches for vulnerabilities affecting Illustrator, Reader, Acrobat, Photoshop, Bridge, ColdFusion, AdobeConnect, FrameMaker, AEM, InCopy, and InDesign. The patches include a fix for a recently disclosed zero-day in Acrobat Reader that's been exploited since December.

Fortinet patched eleven flaws yesterday, including two critical vulnerabilities affecting FortiSandbox.

SecurityWeek has a round-up of fixes issued by ICS vendors, including Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa.

What comes after the AI hype with Kevin Magee from Microsoft for Startups?

The next wave of cybersecurity startups will emerge alongside rapidly evolving AI technologies and founders must focus on solving real customer problems instead of chasing hype. Kevin Magee leads the cybersecurity portfolio for Microsoft for Startups, and understands deeply how partnerships, data, and go-to-market discipline ultimately determine success. Listen to Kevin Magee and Dave Bittner discuss what comes after AI hype, live at the RSAC Conference 2026.

CISA recalls furloughed employees despite funding lapse.

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered all furloughed employees to return to work, despite the ongoing funding lapse at the Department of Homeland Security, according to BankInfoSecurity. A DHS spokesperson stated, "Secretary Mullin will be utilizing available funding to recall the entire DHS workforce to get our patriotic employees back to work," noting that backpay is being processed. CISA had been operating with only mission-essential staff since the funding standoff began in February.

Business news: Cisco to acquire AI observability platform Galileo.

Cisco has announced its intent to acquire Burlingame, California-based AI observability and evaluation platform provider Galileo. The acquisition is expected to close in Q4 of Cisco’s fiscal year 2026. Cisco stated, "Galileo will strengthen Cisco’s Splunk Observability portfolio and supercharge our current AI Agent Monitoring capabilities in Splunk Observability Cloud, giving customers real-time visibility and protection into the full agent development lifecycle (ADLC). Beyond this, Galileo gives teams a single platform to instrument every stage of the ADLC with the rigor that enterprises demand."

Notes.

Today's issue includes events affecting , and the United States.

Selected Reading

Attacks, Threats, and Vulnerabilities

Swedish power plant targeted by pro-Russian group in 2025, government says (Reuters) A pro-Russian cyber group tried to disrupt operations at a Swedish thermal power plant last year, the Swedish government said on Wednesday, adding ‌that Russian hybrid attacks had become more frequent and serious.

Trends

Anthropic’s Mythos signals a structural cybersecurity shift (CSO Online) Claude Mythos Preview won’t break cybersecurity, but two new analyses shed light on how it is compressing exploit windows and exposing gaps in vulnerability management. CISOs should prepare for what’s ahead.

Legislation, Policy, and Regulation

CISA cancels summer internships for cyber scholarship students amid DHS funding lapse (CyberScoop) CISA has informed participants of the federal government’s Scholarship for Service program that it has canceled this year’s summer internship programs due to the current funding issues at the Department of Homeland Security.

Litigation, Investigation, and Law Enforcement

We’re only seeing the tip of the chip-smuggling iceberg (CyberScoop) Billions in AI chips are flowing to China despite "tall tales" of secure supply chains. Jack Burnham argues that Washington is losing the enforcement arms race, failing to fund the policing needed to back its policy.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Delinea Edge (Orlando, Florida, USA, Mar 10 - 12, 2027) Delinea Edge is where identity security leaders, practitioners, and innovators come together to explore the future of secure access in an AI-driven world. Join the Delinea community for three days of learning, peer networking, collaboration, and hands-on experiences designed to help you stay ahead of rapidly evolving identity threats.

Events

Space Symposium 2026 (Colorado Springs, Colorado, USA, Apr 13 - 16, 2026) Space Symposium is the premier event uniting global space professionals from all sectors, providing a unique platform to explore critical space issues, foster dialogue, and drive innovation across the space industry.

Philadelphia Cybersecurity Summit (Philadelphia, PA, Apr 15, 2026) Maximize your networking opportunities by meeting with fellow industry executives and leading security experts at the upcoming 9th Annual Philadelphia Official Cybersecurity Summit on Wednesday, April 15, 2026. Secure your admission now! Use Code CSS26-CRA before February 18 for Free Admission.*

Adapt 2026: Signal Over Noise (New York, New York, USA, Apr 15, 2026) Adapt26 isn't your typical corporate conference. Built for security, IT, and risk leaders, this is where you learn to cut operational drag and move from overwhelming findings to focused remediation. When 56% of teams struggle to prioritize effectively, visibility alone isn't enough. You need durable context - a verifiable foundation that turns disconnected data into decision-grade security. Join the teams building a more resilient cyber future to learn how to secure your entire distributed footprint across IT, Cloud, and IoT/OT.

CyberArk IMPACT 2026 (Austin, Texas, USA, May 11 - 13, 2026) At CyberArk IMPACT, cybersecurity practitioners and leaders will come together to explore today’s #1 attack vector – identity. Attendees will acquire a deep understanding of the latest developments in identity-based cyberattacks, including sophisticated attacker techniques that leverage AI and other methods. And most importantly, they will learn how to shut out attackers and prevent unauthorized access by securing every identity across the organization with the right level of privilege controls.

KB4-CON 2026 (Orlando, Florida, USA, May 12 - 14, 2026) Since its inception in 2018, KB4-CON has evolved from a user-focused gathering to the must-attend event for anyone serious about staying ahead in the security landscape. It is the human risk management industry’s premier event, bringing together KnowBe4 customers, channel partners, prospects, plus security advocates and industry professionals. This is your exclusive opportunity to engage with and learn from the industry’s most influential players, all under one roof.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 04.15.26

Top stories.

Patch Tuesday notes: Microsoft addresses two zero-days.

CISA recalls furloughed employees despite funding lapse.

Business news: Cisco to acquire AI observability platform Galileo.

Notes.

Attacks, Threats, and Vulnerabilities

Trends

Legislation, Policy, and Regulation

Litigation, Investigation, and Law Enforcement

Newly Noted Events

Events