A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.

Identified as CVE-2026–0740, the issue is currently exploited in attacks. According to WordPress security company Defiant, its Wordfence firewall blocked more than 3,600 attacks over the past 24 hours.

With over 600,000 downloads, Ninja Forms is a popular WordPress form builder that lets users create forms without coding using a drag-and-drop interface. Its File Upload extension, included in the same suite, serves 90,000 customers.

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.

Dubbed BlueHammer, the vulnerability was published by a security researcher discontent with how Microsoft’s Security Response Center (MSRC) handled the disclosure process.

Since, the security issue has no official patch and there is no update to address it, the flaw is considered a zero-day by Microsoft’s definition.

Cisco patches two 9.8 CVSS flaws (CVE-2026–20093, CVE-2026–20160), preventing authentication bypass and root access.

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword.

“We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword,” the company said. “The fixes associated with the DarkSword exploit first shipped in 2025.”

Remote access and trusted administrative tools play a central role in how organizations operate today. According to Blackpoint Cyber’s 2026 Annual Threat Report, they are also increasingly central to how intrusions begin.

Informed by analysis of thousands of security investigations conducted during the reporting period, the report highlights a shift in attacker behavior. Rather than relying primarily on vulnerability exploitation, threat actors frequently gained access by using valid credentials, legitimate tools, and routine user-driven actions.

The report examines these patterns, documents where intrusion activity was disrupted, and presents defensive priorities derived from analyzed incident response outcomes observed throughout 2025.

Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0×80073712 errors during installation.

KB5079391, the problematic optional cumulative update, started rolling out on Thursday to Windows 11 24H2 and 25H2 systems with 29 changes, including Smart App Control and Display improvements.

This preview update also improved Windows Hello Fingerprint reliability on some devices and Windows Recovery Environment (Windows RE) stability when running x64 apps on ARM64 devices.