Vulnerability Management , Patch/Configuration Management Critical Microsoft vulnerabilities surge as total flaw prevalence declines April 22, 2026 Share By SC Staff A BeyondTrust report found a twofold increase in critical flaws in Microsoft software despite a 6% drop in total vulnerabilities to 1,273 this year, indicating that fewer but more severe security issues are being discovered, reports HackRead . Microsoft Office vulnerabilities tripled to 157, the number of significant issues in the suite increased tenfold, and tools used for routine business operations experienced the most alarming increase, according to the identity security firm's 13th annual Microsoft Vulnerabilities Report. A lot of these vulnerabilities take advantage of the preview window, which automatically renders material. This vector is being used by attackers to run malicious code as soon as a user highlights an attachment, requiring no other interaction. In 2025, there were 780 Windows Server vulnerabilities, 50 of which were deemed critical. Microsoft's cloud services, Azure and Dynamics 365, had nine times more significant defects despite having fewer overall bugs. "This is a warning that risk is not decreasing, it is concentrating, and it is concentrating around privilege," said BeyondTrust Field Chief Technology Officer James Maude. SC Staff Related Vulnerability Management Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks SC Staff April 22, 2026 Active intrusions exploiting the high-severity Apache ActiveMQ code injection flaw, tracked as CVE-2026-34197, could compromise 6,476 internet-exposed instances of the widely used open-source Java-based message broker around the world, reports BleepingComputer. Data Security Misconfigured Perforce servers remain widespread, threaten sensitive data exposure SC Staff April 22, 2026 Misconfigured Perforce servers remain widespread, threaten sensitive data exposure Improperly secured internet-exposed Perforce P4 servers continue to be prevalent, with 72% of 6,122 online instances enabling read-only source code access through a remote user account activated by default, according to SecurityWeek. Vulnerability Management Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission Laura French April 22, 2026 Attackers could have extracted a GITHUB_TOKEN secret, potentially enabling unauthorized changes. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds