Blog

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.

Mike Walters, president and co-founder of Action1, said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information within trusted SharePoint environments.

“This CVE can enable phishing attacks, unauthorized data manipulation, or social engineering campaigns that lead to further compromise,” Walters said. “The presence of active exploitation significantly increases organizational risk.”

This flaw drops alongside a separate SQL Server remote code execution vulnerability (CVE-2026-33120), notes Ryan Braunstein, manager of Security and IT at Automox.

“One bug allows an attacker to get into your SQL instance from the network,” Braundstein said. “The other lets someone already inside promote themselves to full control.”

Microsoft also addressed BlueHammer (CVE-2026-33825), a privilege escalation bug in Windows Defender. According to BleepingComputer, the researcher who discovered the flaw published exploit code for it after notifying Microsoft and growing exasperated with their response. Will Dormann, senior principal vulnerability analyst at Tharros, says he confirmed that the public BlueHammer exploit code no longer works after installing today’s patches.

Satnam Narang, senior staff research engineer at Tenable, said April marks the second-biggest Patch Tuesday ever for Microsoft. Narang also said there are indications that a zero-day flaw Adobe patched in an emergency update on April 11 — CVE-2026-34621 — has seen active exploitation since at least November 2025.

Adam Barnett, lead software engineer at Rapid7, called the patch total from Microsoft today “a new record in that category” because it includes nearly 60 browser vulnerabilities. Barnett said it might be tempting to imagine that this sudden spike was tied to the buzz around the announcement a week ago today of Project Glasswing — a much-hyped but still unreleased new AI capability from Anthropic that is reportedly quite good at finding bugs in a vast array of software.

But he notes that Microsoft Edge is based on the Chromium engine, and the Chromium maintainers acknowledge a wide range of researchers for the vulnerabilities which Microsoft republished last Friday.

“A safe conclusion is that this increase in volume is driven by ever-expanding AI capabilities,” Barnett said. “We should expect to see further increases in vulnerability reporting volume as the impact of AI models extend further, both in terms of capability and availability.”

Finally, no matter what browser you use to surf the web, it’s important to completely close out and restart the browser periodically. This is really easy to put off (especially if you have a bajillion tabs open at any time) but it’s the only way to ensure that any available updates get installed. For example, a Google Chrome update released earlier this month fixed 21 security holes, including the high-severity zero-day flaw CVE-2026-5281.

For a clickable, per-patch breakdown, check out the SANS Internet Storm Center Patch Tuesday roundup. Running into problems applying any of these updates? Leave a note about it in the comments below and there’s a decent chance someone here will pipe in with a solution.

Since the first court order late 2000’s, European countries have been at the forefront of pirate site-blocking efforts.

These blocking actions initially relied on measures that required Internet providers to restrict access to notorious pirate sites. More recently, however, blocking requirements have spread to other online intermediaries.

For example, in several countries, blocking injunctions expanded to third-party DNS resolvers such as Cloudflare, OpenDNS and Google. Not much later, VPN services became a target, as these could also be used to circumvent blocking orders.

While major rightsholders argue these measures are effective and proportionate, critics highlighted overblocking incidents where anti-piracy measures restricted access to legitimate sites and services, restricting the free flow of information.

A new report published by the Centre for European Policy Studies (CEPS) today adds substantial weight to that critique. CEPS is not part of the EU, but it operates as a leading independent think tank that advises on EU policy.

Benefits and Costs of Website-Blocking Legislation

The study, titled The Benefits and Costs of Website-Blocking Legislation: An Economic, Legal and Policy Assessment, examines website-blocking measures across all 27 EU Member States and assesses whether those measures are effective, proportionate, and compatible with EU law.

The report’s central finding is blunt. It concludes that site blocking is associated with substantial risk of unintended consequences and harmful side effects. These adverse effects, including overblocking, are not always fully recognized before site-blocking measures are enacted.

The report suggests that blocking schemes are prone to overblocking because these rightsholders are not liable for mistakes, nor do they bear the costs, which are typically paid by the ISPs or other intermediaries.

“These problems are exacerbated by the fact that rightsholders bear none of the costs of website blocking and are thus incentivised to pursue stringent blocking orders without concern for the collateral damage they cause – there is no back-pressure,” the report reads.

Italy and Spain: A Pattern of Collateral Damage

The report examines six EU jurisdictions in detail, and in each case, the findings are critical of site blocking.

Italy’s Piracy Shield, operated by regulator AGCOM, requires ISPs to block notified domains and IP addresses within 30 minutes, with no prior court order. This system has repeatedly resulted in overblocking, where the anti-piracy system blocked access to legitimate sites and services.

Instead of addressing the collateral damage concerns, AGCOM fined Cloudflare €14.2 million in January, after the company refused to globally filter its 1.1.1.1 DNS resolver. Cloudflare has since appealed the fine, while challenging the legitimacy of the Piracy Shield system.

Spain has also seen reports of similar collateral damage through its blocking regime. For example, the report notes that when LaLiga was granted a court order in its favor, it targeted a series of Cloudflare-owned IP addresses starting in February 2025. These blocked pirate streams, but also 3,300 lawful services that used the same infrastructure.

“The collateral damage was significant for ordinary users, businesses, and services that had no connection whatsoever to piracy,” the report notes, adding that the court formally dismissed Cloudflare’s appeal in March 2025.

Meanwhile, in Belgium, site-blocking orders have targeted DNS resolvers, which led to OpenDNS temporarily exiting the country in April 2025. The company eventually returned as the ruling was suspended pending appeal, but by then it had already done its damage.

“The episode illustrates how overreaching court orders can have unintended consequences for the broader digital ecosystem, and how disproportionate liability exposure can sometimes incentivise service provider withdrawal rather than compliance,” the report writes.

Report Questions Blocking Effectiveness

Beyond the collateral damage, the report also questions whether blocking achieves its stated objective of stopping piracy. After all, users are typically good at bypassing blocking measures.

The report cites various academic studies, including a 2023 paper published by researchers from Chapman University and Carnegie Mellon University, which found that site blocking led to a modest increase in visits to legal sites. According to the report, it’s unclear if these effects last.

“Recent research confirms that blocking can sharply reduce access to targeted IPTV and streaming piracy services, but no study in the past five years provides a rigorous estimate of how long these effects persist,” the report reads.

The report does find that illegal consumption of films and music has declined substantially over time. However, it attributes this to increasing availability and affordability of legal content, not to enforcement.

Rightsholders are well aware of the limits of site blocking. In response, they expanded their blocking requests to also cover DNS resolvers and VPN providers, as we have seen in France, Belgium, Italy, Spain, and elsewhere.

The CEPS report does not see stricter blocking measures as a solution; it suggests a wide range of other recommendations for the EU, member states, and copyright holders.

IP Blocking Should Be Abolished

The report makes 12 formal recommendations. The most significant is that IP-based blocking should be avoided altogether, due to its inherent tendency to block large numbers of legitimate service sites. DNS-level or URL-level blocking should be used instead.

CEPS points out that this conclusion was also reached following reviews conducted by local telecoms regulator TKK, which effectively banned IP-address blocking in the country.

“To the extent that blocking is used at all, better targeted mechanisms such as DNS-level or URL-level blocking should be used instead, consistent with the Austrian TKK’s reasoning. IP-based blocking is inherently overinclusive because shared IP addresses serve thousands or millions of legitimate domains,” the report reads.

Other recommendations include a requirement for rightsholders to contribute to the costs of implementing blocking measures, and the option to be held liable for damages caused by overblocking at their request.

The report also calls for all blocking orders to be subject to prior or rapid judicial review, to be time-limited with periodic reviews, and narrow in scope.

According to the report, the UK blocking model comes closest to its ideal. English High Court orders are time-limited, technically evidenced, and require rightsholders to demonstrate that proposed blocking methods will not affect legitimate content. There hasn’t been any significant overblocking reported in the UK either.

Nord Security Funded the Study

CEPS writes that the study was conducted at the request of and with the support of Nord Security, parent company of NordVPN. However, the think tank states that the analysis and conclusions are entirely independent and reflect the views of the authors alone.

Speaking with TorrentFreak, a Nord Security spokesperson confirmed its support of the study while stressing that the research was conducted independently.

“Website-blocking measures are expanding across Europe, yet there has been limited independent analysis of whether they are effective, proportionate, and compatible with EU law. Nord Security funded this CEPS study because we believe policy in this area should be shaped by evidence, not assumptions,” Nord told us.

As one of the world’s most widely used VPN services, NordVPN has a major stake in the blocking debate. The company has been targeted by blocking orders, including in France, where it recently lost its appeal together with other VPN services.

Nord Security also attended the report’s presentation in Brussels this afternoon, where its Regulatory Policy & Compliance Counsel Emilija Beržanskaitė was critical about site-blocking efforts. At the same hearing, the EU’s Intellectual Property Office and the EU’s Directorate-General for Communications Networks, Content and Technology were also present.

For now, the report arrives at a moment when intermediaries are pushing back against blocking regimes across Europe, while the European Commission is yet to issue harmonized guidance on how member states should address blocking concerns.

From: TF, for the latest news on copyright battles, piracy and more.