Full briefing
Markdown renderedMSP Threat Radar Weekly Briefing — Week of 2026-04-06
This week’s briefing tracks 12 recent watch items across 2 vendors, with emphasis on active service incidents and high-priority operational issues.
Top items
Workers AI Gemma 4 model unhealthy
- Vendor: Cloudflare
- Published: 2026-04-11
- Status: resolved
- Source: cloudflare-status
- Official advisory: https://stspg.io/v3snb3z2fwyt
Cloudflare is investigating isssues with Workers AI Gemma 4 model. Users may experience elevated error rates when trying to use Gemma 4 on Workers AI
Check cloudflare dependent workflows, notify affected clients if service disruption persists, and review workaround guidance from the official incident page.
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo (CVE-2026-28390)
- Vendor: Microsoft
- Published: 2026-04-11
- Status: active
- Source: msrc
- Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28390
Information published. Information published.
Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo (CVE-2026-28389)
- Vendor: Microsoft
- Published: 2026-04-11
- Status: active
- Source: msrc
- Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28389
Information published. Information published.
Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.
Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets (CVE-2026-5919)
- Vendor: Microsoft
- Published: 2026-04-11
- Status: active
- Source: msrc
- Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5919
Information published.
Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.
Chromium: CVE-2026-5918 Inappropriate implementation in Navigation (CVE-2026-5918)
- Vendor: Microsoft
- Published: 2026-04-11
- Status: active
- Source: msrc
- Official advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5918
Information published.
Customer action is required. Review the Security Update Guide entry, confirm affected Microsoft products, and prioritize patch validation or mitigation.