Afternoon Review in IT Security — April 29, 2026

The cybersecurity landscape continues to shift with critical vulnerabilities emerging across multiple fronts. From supply chain compromises affecting development tools to urgent federal patching orders and widespread flaws in healthcare software, today's threat environment demands immediate attention from security teams across all sectors.

Checkmarx Confirms Data Stolen in Supply Chain Attack

Code security platform Checkmarx has confirmed that threat actors exfiltrated data from its GitHub environment on March 30, following the publication of malicious code a week prior. The incident represents a significant supply chain risk, as Checkmarx's tools are widely integrated into development workflows. The attack involved malware variants identified as TeamPCP and associated with the Trivy supply chain attack campaign. Source: Checkmarx Confirms Data Stolen in Supply Chain Attack

CISA Orders Federal Agencies to Patch Windows Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a mandatory directive requiring federal agencies to patch Windows systems against vulnerabilities being actively exploited in zero-day attacks. The affected CVEs include CVE-2026-21510, CVE-2026-21513, and CVE-2026-32202. This enforcement action underscores the severity of the threat and reflects nation-state level exploitation activity. Source: CISA orders feds to patch Windows flaw exploited as zero-day

38 Vulnerabilities Discovered in OpenEMR Medical Software

Security researchers at Aisle have identified 38 vulnerabilities within OpenEMR medical software, with several flaws capable of enabling unauthorized access and modification of sensitive patient information. The vulnerabilities tracked as CVE-2026-23627, CVE-2026-24487, and CVE-2026-24908 represent a significant risk to healthcare organizations relying on the open-source platform. The findings highlight critical gaps in HIPAA-relevant controls and patient privacy protections. Source: 38 Vulnerabilities Found in OpenEMR Medical Software

Chrome 147 and Firefox 150 Security Updates Address Critical Flaws

Major browser vendors have released security updates that resolve critical and high-severity vulnerabilities capable of leading to arbitrary code execution. Chrome 147 and Firefox 150 patch multiple CVEs including CVE-2026-7320, CVE-2026-7322, CVE-2026-7323, CVE-2026-7324, CVE-2026-7343, CVE-2026-7344, CVE-2026-7361, and CVE-2026-7363. Users are advised to apply these updates immediately given the severity of the underlying flaws. Source: Chrome 147, Firefox 150 Security Updates Rolling Out

Today's security briefing reflects an active threat environment requiring coordinated patching efforts across federal systems, healthcare infrastructure, and consumer endpoints. Organizations should prioritize vulnerability remediation according to exposure risk and threat intelligence indicators.