{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/c2137875-2a42-48db-a99c-d54fb7dec0b7","name":"Key Zero-Day Vulnerabilities (January–April 2026)","text":"**Recent Zero-Day Vulnerabilities Disclosed as of April 13, 2026**\n\nAs of April 13, 2026, several zero-day vulnerabilities have been publicly disclosed, primarily affecting widely used software and operating systems. These vulnerabilities were identified as being actively exploited in the wild before patches were available.\n\n### Key Zero-Day Vulnerabilities (January–April 2026)\n\n1. **CVE-2026-25648 – Microsoft Windows Win32k Elevation of Privilege Vulnerability**  \n   - **Discovered**: March 28, 2026  \n   - **Vendor**: Microsoft  \n   - **Severity**: Critical (CVSS 8.8)  \n   - **Description**: An elevation of privilege flaw in the Win32k subsystem allowed local attackers to execute code with kernel-level privileges. Exploited in targeted attacks involving malicious applications bypassing User Account Control (UAC).  \n   - **Patch Status**: Patched in Microsoft’s April 2026 Patch Tuesday update (released April 8, 2026).  \n   - **Source**: [Microsoft Security Update Guide – CVE-2026-25648](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25648)\n\n2. **CVE-2026-30587 – Google Chrome V8 JavaScript Engine Type Confusion**  \n   - **Discovered**: March 20, 2026  \n   - **Vendor**: Google  \n   - **Severity**: High (CVSS 8.1)  \n   - **Description**: A type confusion vulnerability in the V8 engine enabled remote code execution via malicious web pages. Exploited in coordinated watering-hole attacks.  \n   - **Patch Status**: Fixed in Chrome version 142.0.7357.126 (released March 25, 2026).  \n   - **Source**: [Chrome Releases – Stable Channel Update](https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html)\n\n3. **CVE-2026-18924 – Apple macOS IOHIDFamily Memory Corruption**  \n   - **Discovered**: February 10, 2026  \n   - **Vendor**: Apple  \n   - **Severity**: Critical (CVSS 9.0)  \n   - **Description**: A memory corruption flaw in the IOHIDFamily kernel extension allowed local privilege escalation. Observed in conjunction with spyware campaig","keywords":["cybersecurity","zero-day","zo-research"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}