Apple, Bitwarden, and Microsoft Address Critical Security Flaws

On April 24, 2026, the SANS Internet Storm Center reported an Apple patch for iOS and iPadOS addressing a vulnerability in the Notification Center where deleted notifications were not actually removed, potentially exposing Signal messages in a recent FBI case. The flaw, while not explicitly labeled as exploited by Apple, was linked to real-world attacks and stemmed from secure messengers relying on unencrypted OS components. Separately, Bitwarden’s command-line tools were compromised via a GitHub worker, likely as a follow-on from the earlier Checkmarx breach, with identical malware and infrastructure used in both incidents. Microsoft also issued an emergency update for the ASP.NET Data Protection library on NuGet, fixing a cryptographic signature verification flaw enabling padding oracle attacks, requiring developers to re-release applications and rotate credentials. The Bitwarden compromise did not affect browser plugins but prompted caution around updates, while the ASP.NET vulnerability mirrored a 2010 patch (MS10-70). No official statement from Bitwarden was available at the time of reporting.