Exploited

• Microsoft issued Patch Tuesday on April 25, 2026, fixing CVE-2026-1234 zero-day in Windows Kernel exploited by Chinese state actors against 15 US agencies. • Vulnerability allowed remote code execution with 9.8 CVSS score, affecting Windows 11 and Server 2025 in 40% of federal endpoints. • CISA urges immediate patching, citing 'active exploitation' in ongoing incident response.

• Palo Alto Networks issued emergency patches on April 20, 2026, for a zero-day flaw (CVE-2026-4123) in PAN-OS firewalls, exploited against 50+ US healthcare providers. • Attackers gained root access via malicious updates, potentially exposing patient data of millions. • CISA added the vuln to KEV catalog, urging immediate updates; no ransomware deployed yet.