Technology News: Latest Updates from 2026-04-15
This report is a summary of technology news from 2026-04-15 and is based exclusively on the original texts of the sources.
Zero Day Quest 2026: $2.3 Million for Security Research
According to news.microsoft.com, Microsoft awarded a total of $2.3 Million to the global security research community as part of Zero Day Quest 2026. At the live hacking event, Microsoft collaborated with researchers from more than 20 countries — including participants ranging from high school students to college professors. Together, over 80 highly critical cloud and AI security vulnerabilities were identified and fixed.
According to the source, the Microsoft Security Response Center (MSRC) continuously works to uncover critical vulnerabilities early and accelerate remediation. Zero Day Quest combines an open qualification phase with a live hacking event, enabling closer collaboration between external researchers and Microsoft teams. The findings feed directly into the Secure Future Initiative (SFI) to detect similar vulnerabilities earlier in the development process in the future.
| Detail | Information |
|---|---|
| Total bounties | $2.3 Million |
| Vulnerabilities found | Over 80 (Cloud and AI) |
| Participating countries | More than 20 |
| Year | 2026 |
According to Microsoft, many findings showed how weaknesses in identity controls or tenant isolation combined with network-based vulnerabilities could enable critical attack paths — for example through Credential Exposure, SSRF chains, and Cross-Tenant access. All tests took place within authorized environments in accordance with Microsoft’s Rules of Engagement. Microsoft continues to rely on Coordinated Vulnerability Disclosure (CVD) and publishes CVEs for critical issues. Tom Gallagher, VP Engineering at MSRC, emphasized the importance of collaboration with the security community.
Chrome: Save AI Prompts as One-Click Tools
According to blog.google, Skills in Chrome introduces a new feature that allows users to save frequently used AI prompts and reuse them with a single click. Previously, users had to re-enter the same prompt when visiting different pages — for example, to look up ingredient substitutions for vegan recipes.
A saved Skill can be invoked in Gemini in Chrome using a forward slash ( / ) or the plus sign ( + ). The Skill is then executed on the currently open page as well as on additional selected tabs. Saved Skills can be edited or recreated at any time. Additionally, a library of ready-to-use Skills for common tasks is provided.
| Area | Example Use Case |
|---|---|
| Health & Wellness | Calculate protein macros for recipes |
| Shopping | Side-by-side specification comparisons across multiple tabs |
| Productivity | Search long documents for important information |
Skills are built on Chrome’s security and privacy foundations. Before certain actions such as adding a calendar entry or sending an email, confirmation is requested. Additionally, Skills benefit from Chrome’s protective measures, including automated Red-Teaming and auto-update features. Saved Skills are available on every signed-in Chrome desktop device.
EC2 P6-B300 Now Available in AWS GovCloud (US-East)
According to aws.amazon.com, Amazon EC2 P6-B300 instances are now available in the AWS GovCloud (US-East) region. The instances are based on 8x NVIDIA Blackwell Ultra GPUs and are particularly suited, according to the provider, for training and running large trillion-parameter Foundation Models and Large Language Models.
The technical specifications of the P6-B300 instances at a glance:
| Specification | P6-B300 |
|---|---|
| GPU memory | 2.1 TB |
| EFA network | 6.4 Tbps |
| ENA throughput | 300 Gbps |
| System memory | 4 TB |
Compared to the P6-B200 instances, the P6-B300 offers, according to the source, 2x network bandwidth, 1.5x GPU memory size, and 1.5x GPU TFLOPS (at FP4, without sparsity). The P6-B300 instances are available in the p6-b300.48xlarge size in the AWS Regions US West (Oregon) and AWS GovCloud (US-East).
Cloudflare Strengthens Security for Non-Human Identities
According to blog.cloudflare.com, autonomous agents, scripts, and third-party tools increasingly pose a security risk. The Open Web Application Security Project (OWASP) describes risks such as credential leaks, identity theft, and unauthorized privilege escalation in agentic AI systems. Cloudflare is therefore introducing new measures: scannable tokens to protect credentials, OAuth transparency for managing principals, and resource-scoped RBAC for fine-tuning policies.
According to the source, the identity concept is based on three pillars: the Principal (the identity itself), the Credential (the proof of that identity, such as an API token), and the Policy (which determines what resources an identity may use). If these three pillars are not managed together, security can break down — for example through stolen credentials or overly broad policies.
| Protection Area | Solution | Function |
|---|---|---|
| Public/private repositories | GitHub Secret Scanning | Automatic detection and revocation of leaked Cloudflare tokens |
| Network Traffic | Cloudflare Gateway | Detection and blocking of API tokens in network traffic |
| Outbound Email | Cloudflare Email Security | DLP protection for services such as Microsoft 365 and Outlook |
| Data at Rest | Cloudflare CASB (Cloud Access Security Broker) | Protection for services such as Google Drive or Dropbox |
Particularly alarming: According to the source, more than 28 million secrets have been published in public GitHub repositories, with AI having quintupled the leak rate. Through the partnership with GitHub, leaked tokens are automatically detected, verified via a checksum, and revoked before they can be exploited. Cloudflare One customers can additionally configure the Credentials and Secrets DLP profile to prevent leaks across various channels.
VMware Embraces Private Cloud Data Platform
According to blogs.vmware.com, a significant shift is taking place in enterprise IT: Instead of the previous “Cloud first” approach, companies are increasingly moving their workloads back to private cloud and bare-metal environments. An article by IDC is cited, stating that the reality of cloud usage does not always meet expectations, leading to a growing repatriation of workloads to on-premises or private cloud environments.
Three factors are cited as drivers of this development: unpredictable costs due to variable, egress-heavy billing models from public cloud providers for data-heavy workloads, strict compliance requirements from regulations such as GDPR and DORA in the EU as well as HIPAA in healthcare, and so-called “Data Gravity” — since valuable enterprise data already resides on-premises and transferring petabytes of data to the public cloud for AI applications such as retrieval-augmented generation (RAG) is described as too slow, expensive, and security-critical.
| Component | Description |
|---|---|
| VMware Tanzu Data Intelligence | Unified data platform based on a lakehouse architecture, developed for VMware Cloud Foundation (VCF) |
| VMware Tanzu Greenplum | Massively Parallel Processing (MPP) engine for analytical queries and vector processing with federated query capability |
As a solution, VMware Tanzu Data Intelligence is presented, a platform based on a modern lakehouse architecture. It is designed to process structured, semi-structured, and unstructured data, combining features such as data ingestion, scalable storage, high-performance compute, as well as data quality and governance. A core component is, for example, VMware Tanzu Greenplum, which serves as an MPP engine capable of querying large data volumes and processing complex vector embeddings.
Conclusion
Today’s tech news highlights three key trends: First, IT security is increasingly coming into focus — Microsoft is investing $2.3 Million in security research at Zero Day Quest 2026, and Cloudflare is introducing new protective measures for non-human identities. Second, AI is being increasingly integrated into everyday tools, as Google’s new Skills feature in Chrome demonstrates, making AI prompts saveable as reusable one-click tools. Third, cloud infrastructure continues to evolve — AWS brings high-performance GPU instances for trillion-parameter models to GovCloud, while VMware describes a trend toward repatriating workloads to private cloud environments.
Frequently Asked Questions
How many security vulnerabilities were found at Zero Day Quest 2026?
At the live hacking event, over 80 highly critical cloud and AI security vulnerabilities were identified and fixed together with researchers from more than 20 countries. The findings feed directly into Microsoft’s Secure Future Initiative (SFI).
How does the new Skills feature in Chrome work?
With Skills, users can save frequently used AI prompts and reuse them in Gemini in Chrome with a single click using a forward slash (/) or the plus sign (+). The saved Skills can be executed on the currently open page as well as on additional selected tabs and can be edited at any time.
What advantages do the new EC2 P6-B300 instances offer over the P6-B200?
According to AWS, the P6-B300 instances offer 2x network bandwidth, 1.5x GPU memory size, and 1.5x GPU TFLOPS (at FP4, without sparsity). They are based on 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB GPU memory and 6.4 Tbps EFA network.
📚 Sources
- 🔗 news.microsoft.com: Zero Day Quest 2026: $2.3M awarded for security vulnerability research…
- 🔗 blog.google: Turn your best AI prompts into one-click tools in Chrome…
- 🔗 aws.amazon.com: Amazon EC2 P6-B300 instances are now available in the AWS GovCloud (US…
- 🔗 blog.cloudflare.com: Securing non-human identities: automated revocation, OAuth, and scoped…
- 🔗 blogs.vmware.com: The Compelling Case for a Private Cloud Data Intelligence Platform…
