Security News
Recent breaches, zero-days, and vulnerabilities worth knowing about. Updated as significant incidents occur.
Windows NTLM Hash Leak Actively Exploited, Patch Deadline May 12
CVE-2026-32202 is a zero-click NTLM hash leak in Windows that stems from an incomplete fix Microsoft shipped for a separate RCE vulnerability back in February. Attackers are using it in pass-the-hash attacks, stealing hashed credentials and using them to authenticate as the compromised user without ever knowing the actual password. From there they can move laterally across the network or pull sensitive data.
CISA added it to the Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by May 12. If your Windows machines aren't current on updates, now is the time. The attack requires a victim to open a malicious file, which is a realistic delivery method via phishing.
SharePoint Zero-Day Among 165 Vulnerabilities Patched in April Patch Tuesday
CVE-2026-32201 is a spoofing vulnerability in Microsoft SharePoint Server that was already being actively exploited when Microsoft patched it. An unauthenticated attacker on the network can use it to access and alter sensitive information. CISA added it to the KEV catalog with a federal patch deadline of April 28. April's Patch Tuesday was the second-largest ever by CVE count at 165 total vulnerabilities.
If your organization runs on-premises SharePoint, this needs to be patched immediately. Also notable in the same release: CVE-2026-33825, a Microsoft Defender privilege escalation flaw that was publicly disclosed before the patch dropped.
Chrome Zero-Day Exploited in the Wild, Update to 145.0.7632.76
CVE-2026-2441 is a use-after-free vulnerability in Chrome's CSS component. Google confirmed an exploit exists in the wild. The flaw was reported on February 11 and patched shortly after. A use-after-free in the browser can lead to arbitrary code execution if a user visits a malicious page, though Chrome's sandbox limits the immediate blast radius. Chained with a sandbox escape it becomes significantly more dangerous.
The fix is in Chrome 145.0.7632.75/76 for Windows and Mac, and 144.0.7559.75 for Linux. If Chrome hasn't auto-updated on your machines, push it manually. This is the first actively exploited Chrome zero-day of 2026.