Security Digest - April 23, 2026

Daily security intelligence briefing for infrastructure and endpoint management teams. Consolidated from authoritative research, vendor advisories, and community discussions.

• Generated (UTC): 2026-04-23 15:46:49 +00:00
• Lookback window: 7 days

🚀 Top Research & Advisories

• CVE-2026-5426 - (CVE.org) Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserializ…

  Action: Review .NET runtime vulnerabilities and apply patches.

💻 AppSec

• AI, safe v unsafe, and firewalling it off? - (Reddit r/sysadmin) Monitor developer tool vulnerabilities and supply chain risks. Review security controls and policy updates.

• Checkmarx KICS Official Docker Repo Compromised to Inject Malicious Code - (CybersecurityNews) Monitor developer tool vulnerabilities and supply chain risks.

• Microsoft issues emergency update for macOS and Linux ASP.NET threat - (Reddit r/cybersecurity) Review .NET runtime vulnerabilities and apply patches.

• Suggestions on how to increase my AI token usage - (Reddit r/sysadmin) Monitor developer tool vulnerabilities and supply chain risks. Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

🏗 Infrastructure

• Group Policy Management Access Denied - (Reddit r/sysadmin) Review server hardening and AD security posture.

• IOC Block in Cortex XDR - (Reddit r/cybersecurity) Review VPN client version and deployment.

• Low Power, lower performant, quiet, enterprise-ish class server lines - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Review server hardening and AD security posture.

• Suggestions on how to increase my AI token usage - (Reddit r/sysadmin) Monitor developer tool vulnerabilities and supply chain risks. Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

• Windows server manager installation to install Mid server pack - (Reddit r/sysadmin) Review server hardening and AD security posture. Validate workstation security baseline and update compliance.

🛡 Security Ops

• Cheaper way to get licences for Jamf, Crowdstrike and Okta for SMBs? Do you know resellers that would do it for cheaper? - (Reddit r/cybersecurity) Review sensor guidance and deployment posture.

• Handling lost passkeys for remote workers - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities.

• Low Power, lower performant, quiet, enterprise-ish class server lines - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Review server hardening and AD security posture.

• Password Manager Suggestion - strange ask…. - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Validate Chrome coverage; update managed package if needed.

🛠 Infrastructure & Endpoint Control

• “TotalRecall Reloaded” tool finds a side entrance to Windows 11’s Recall database - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• 🔧 I built a community-maintained list of trusted Windows tools (debloat, privacy, optimization) – feedback welcome! - (Reddit r/sysadmin) Evaluate update rings and expedite actions if needed.

• AI, safe v unsafe, and firewalling it off? - (Reddit r/sysadmin) Monitor developer tool vulnerabilities and supply chain risks. Review security controls and policy updates.

• Do I use Bitlocker for my USB? - (Reddit r/Windows11) Review encryption policy and remediation gaps.

• Exploits Turn Windows Defender into Attacker Tool - (Reddit r/Windows11) Review security controls and policy updates.

• Hackers Use Outlook Mailboxes to Hide Linux GoGra Backdoor Communications - (CybersecurityNews) Review Office update channel health and security baseline compliance.

• How can anyone trust an identity theft protection service? - (Reddit r/cybersecurity) Review security controls and policy updates.

• I built a modern, open-source photo manager for Windows (supports 100K+ files and local AI search) - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft confirms Windows 11’s Edge browser is getting an AI-driven redesign to look more like Copilot and Bing - (Reddit r/Windows11) Validate Edge/WebView2 coverage; refresh managed package. Validate workstation security baseline and update compliance.

• Microsoft is giving Windows 11 File Explorer a speed boost, dark mode fix, and reducing explorer.exe crashes - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft officially says you don’t need extra antivirus on Windows 11 - (Reddit r/Windows11) Review security controls and policy updates. Validate workstation security baseline and update compliance.

• Microsoft Password Manager on Windows 11 as a standalone app? - (Reddit r/Windows11) Validate Edge/WebView2 coverage; refresh managed package. Validate workstation security baseline and update compliance.

• Microsoft teases new customization features for Windows 11’s Start menu after years of criticism - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Microsoft: Some Teams users can’t join meetings after Edge update - (BleepingComputer) Validate Edge/WebView2 coverage; refresh managed package.

• my windows 11 desktop - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• New GopherWhisper APT group abuses Outlook, Slack, Discord for comms - (BleepingComputer) Review Office update channel health and security baseline compliance.

• One of the best file managers for Windows 11 and 10 gets a useful customization feature - (Neowin) Validate workstation security baseline and update compliance.

• Password Manager Suggestion - strange ask…. - (Reddit r/sysadmin) Review CA/MFA settings for tightening opportunities. Validate Chrome coverage; update managed package if needed.

• Suggestions on how to increase my AI token usage - (Reddit r/sysadmin) Monitor developer tool vulnerabilities and supply chain risks. Review Office update channel health and security baseline compliance. Review server hardening and AD security posture.

• VirusTotal, 0 detections but sandbox result shows OS Credential Dumping = false positive or malware? - (Reddit r/cybersecurity) Review security controls and policy updates.

• Windows 11 does not honor DNS over HTTPS privacy settings - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Windows 11 finally fixes inconsistent folder views in File Explorer - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Windows 11 to get a major reliability update in May with faster clipboard, stable taskbar, storage and more - (Reddit r/Windows11) Validate workstation security baseline and update compliance.

• Windows server manager installation to install Mid server pack - (Reddit r/sysadmin) Review server hardening and AD security posture. Validate workstation security baseline and update compliance.

🩹 Patch Tuesday & Update Experience

• 🔧 I built a community-maintained list of trusted Windows tools (debloat, privacy, optimization) – feedback welcome! - (Reddit r/sysadmin) Hey r/sysadmin , I got tired of outdated debloat guides and sketchy tools, so I built a clean, community-maintained list of verified Windows utilities: 🔗 https://github.com/heyvoon/windows-essential-…

🔍 Quick Links (Watch Items)

• clients in the financial sector are genuinely unwell - (Reddit r/sysadmin)
• I gave some experienced GRC folks a few AI risk scenarios. Most scored around 60 percent. Curious how you would answer these. - (Reddit r/cybersecurity)
• Pyscan: vulnerability scanner that beats industry standards like pip-audit, safety cli, etc. - (Reddit r/cybersecurity)
• Stuck in “Tutorial Hell”: I know the theory of IDOR perfectly, but can’t find anything in the wild. How do I bridge the gap? - (Reddit r/cybersecurity)
• How do you guys deal with the hate? - (Reddit r/sysadmin)
• Trialling Endpoint Security - (Reddit r/sysadmin)
• Vercel Breach Explained: Shadow AI, OAuth sprawl, and why some security tools could miss it, from someone at a SaaS Security company. - (Reddit r/cybersecurity)
• What’s a time when you broke your own automation in the pursuit of security? How did you work through it? - (Reddit r/sysadmin)
• CISA orders feds to patch BlueHammer flaw exploited as zero-day - (BleepingComputer)
• UK security agency officially declares passkeys superior to passwords – and passkeys should be the ‘first choice’ for authentication - (Reddit r/cybersecurity)