Post by Expel

Patch Tuesday dropped 167 CVEs this month, but honestly? The most important security story in April doesn't even have a CVE. First, the patches worth moving on immediately: CVE-2026-32201 (SharePoint) is already being exploited in the wild and landed on CISA's KEV catalog, and CVE-2026-33825 gives attackers a path from a low-privilege account to full SYSTEM control in Microsoft Defender. Both need attention today. But the Axios NPM compromise is what's really worth talking about. Malicious code injected into a trusted library, executing automatically on install and exfiltrating credentials within seconds. If your environment installed versions 1.14.1 or 0.30.4, swapping in clean code isn't enough. Treat it as a confirmed compromise and rotate everything. The question, "Does it have a CVE?" is no longer a sufficient filter to prioritize fixes. This incident played out like a critical zero-day being actively exploited at scale. It just arrived through the dependency pipeline instead of the codebase. Full breakdown → https://lnkd.in/eR-gRz9M