This week’s IT security roundup highlights significant developments across the cybersecurity landscape. Cloud infrastructure provider Vercel confirmed a security incident involving unauthorised internal system access. Multiple Windows zero-day vulnerabilities are actively exploited in the wild. McGraw Hill disclosed a major data breach affecting 13.5 million users. Splunk Enterprise faces a critical remote code execution vulnerability, and Microsoft released April’s Patch Tuesday addressing 163 vulnerabilities.

Vercel Confirms Security Incident Involving Unauthorised System Access

SECURITY INCIDENT

Vercel identified a security incident involving unauthorised access to certain internal systems. The cloud platform provider engaged incident response experts and notified law enforcement. Initial investigation revealed a limited subset of customers with compromised Vercel credentials, who were contacted immediately and advised to rotate their credentials.

The incident originated with a compromise of Context.ai, though the exact vector remains under investigation. Vercel deployed extensive protection measures and monitoring. Services remain operational while investigation continues into whether data was exfiltrated. Customers not contacted are not believed to have compromised credentials or personal data at this time.

Windows Zero-Day Vulnerabilities Under Active Exploitation

VULNERABILITY

Three recently leaked Windows zero-day vulnerabilities—UnDefend, BlueHammer, and RedSun—are being exploited in active attacks. RedSun allows attackers to gain SYSTEM-level privileges on Windows 10, Windows 11, Windows Server 2019, and later versions. Microsoft has assigned CVE-2026-33825 to BlueHammer and patched it in the April 2026 security updates.

CERT-SE reported these vulnerabilities in their weekly bulletin, noting that the flaws enable attackers to escalate privileges and execute arbitrary code. Administrators are urged to apply the latest security updates immediately. UnDefend and RedSun have not yet been assigned CVE numbers, making tracking and mitigation more challenging for security teams.

McGraw Hill Data Breach Exposes 13.5 Million User Records

DATA BREACH

Threat actor ShinyHunters leaked personal information of 13.5 million McGraw Hill users after exploiting a misconfiguration in the education company’s systems. The exposed data includes names, addresses, email addresses, and other personally identifiable information. McGraw Hill confirmed the breach in April 2026 following the discovery of the leaked data.

This incident highlights the ongoing risk of cloud misconfigurations enabling large-scale data exfiltration. McGraw Hill is contacting affected users and advising them to monitor their accounts for suspicious activity. The breach ranks among the largest disclosed in 2026, affecting users across multiple educational platforms and services.

Splunk Enterprise Vulnerability Enables Remote Code Execution

VULNERABILITY

A critical security vulnerability affecting multiple versions of Splunk Enterprise and Cloud Platform enables remote code execution attacks. Tracked as CVE-2026-20204, the flaw carries a CVSS score of 7.1 and was discovered by Splunk researcher Gabriel Nitu. The vulnerability poses significant risk given Splunk’s role in processing sensitive log data and security metrics.

The root cause involves improper handling of temporary files, categorised under CWE-377. System administrators are urged to apply available patches immediately. Splunk’s widespread deployment in enterprise environments makes this vulnerability particularly concerning for organisations relying on the platform for security monitoring and log analysis.

Microsoft Patch Tuesday Addresses 163 Vulnerabilities Including Zero-Day

SECURITY UPDATE

Microsoft’s April 2026 Patch Tuesday released security updates addressing 163 vulnerabilities, including eight rated Critical and one exploited zero-day. The update addresses the BlueHammer vulnerability (CVE-2026-33825), an elevation of privilege flaw in Microsoft Defender that was already under active exploitation. Administrators are advised to prioritise patching this vulnerability.

The Belgian Centre for Cybersecurity issued a warning highlighting the importance of applying these updates promptly. CrowdStrike’s analysis notes that this month’s release includes one disclosed zero-day in addition to the actively exploited BlueHammer flaw. Organisations should review their patching schedules to ensure timely deployment of these critical security updates.

ZY Media Productions

IT • Music • Technology