Cameron Smith

Microsoft's April 2026 Patch Tuesday has landed with a staggering 163 security fixes — the second-largest patch release in the company's history. Among them are two zero-day vulnerabilities, one already being actively exploited in the wild, and eight critical flaws that could allow remote code execution across enterprise infrastructure. For Australian organisations running Microsoft environments, this is not a routine update cycle — it demands immediate attention. What Happened On 14 April...

A newly disclosed vulnerability in Docker Engine has once again shown how a single overlooked edge case can unravel an entire security control. CVE-2026-34040, rated 8.8 on the CVSS scale, allows attackers to bypass authorisation plugins with nothing more than a padded HTTP request. For any organisation running containers in production — which today means most of them — the implications are serious and immediate. What Happened Researchers at Cyera discovered that Docker's middleware silently...

A critical authentication bypass vulnerability in Cisco's Integrated Management Controller (IMC) has sent security teams scrambling this week, with a CVSS score of 9.8 out of 10.0 placing it firmly in the "patch immediately" category. For organisations running Cisco UCS servers — including many Australian enterprises and government agencies — the window between disclosure and exploitation is narrowing fast. What Happened Cisco disclosed CVE-2026-20093 on 3 April 2026, a critical flaw in the...