diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md
index 834ac23021..c307d142a2 100644
--- a/release-notes/elastic-security/index.md
+++ b/release-notes/elastic-security/index.md
@@ -27,6 +27,22 @@ To check for security updates, go to [Security announcements for the Elastic sta
 
 % *
 
+## 9.0.4 [elastic-security-9.0.4-release-notes]
+
+### Features and enhancements [elastic-security-9.0.4-features-enhancements]
+* Improves logging of fatal exceptions in {{elastic-defend}}.
+
+### Fixes [elastic-security-9.0.4-fixes]
+* Fixes differences between risk scoring preview and persisted risk scores [#226456]({{kib-pull}}226456).
+* Updates a placeholder and validation message in the **Related Integrations** section of the rule upgrade flyout [#225775]({{kib-pull}}225775).
+* Excludes {{ml}} rules from installation and upgrade checks for users with Basic or Essentials licenses [#224676]({{kib-pull}}224676).
+* Allows using days as a time unit in rule schedules, fixing an issue where durations normalized to days were incorrectly displayed as 0 seconds [#224083]({{kib-pull}}224083).
+* Strips `originId` from connectors before rule import to ensure correct ID regeneration and prevent errors when migrating connector references on rules [#223454]({{kib-pull}}223454).
+* Fixes an issue that prevented the AI Assistant Knowledge Base settings UI from displaying [#225033]({{kib-pull}}225033).
+* Fixes a bug in {{elastic-defend}} where Linux network events would fail to load if IPv6 is not supported by the system.
+* Fixes an issue in {{elastic-defend}} that may result in bugchecks (BSODs) on Windows systems with a very high volume of network connections.
+* Fixes an issue where {{elastic-defend}} may incorrectly set the artifact channel in policy responses, and adds `manifest_type` to policy responses.
+
 ## 9.0.3 [elastic-security-9.0.3-release-notes]
 
 ### Features and enhancements [elastic-security-9.0.3-features-enhancements]
diff --git a/release-notes/elastic-security/known-issues.md b/release-notes/elastic-security/known-issues.md
index 3cd7efbde6..dba32e7b4e 100644
--- a/release-notes/elastic-security/known-issues.md
+++ b/release-notes/elastic-security/known-issues.md
@@ -36,7 +36,7 @@ Instead of trying to pull the image from `docker.elastic.co/beats/elastic-agent:
 
 **Applies to: {{agent}} 8.17.8, 8.18.3, and 9.0.3**
 
-On July 8, 2025, a known issue was discovered in Elastic Defend's network driver that may lead to kernel pool corruption, resulting in bug checks (BSODs) on Windows systems with a large number of long-lived network connections that remain inactive for 30+ minutes. This issue has only been observed on Windows Server.
+On July 8, 2025, a known issue was discovered in Elastic Defend's network driver that may lead to kernel pool corruption, resulting in bug checks (BSODs) on Windows systems with a large number of long-lived network connections that remain inactive for 30+ minutes.
 
 The system may bug check with any of a variety of codes such as `SYSTEM_SERVICE_EXCEPTION` or `PAGE_FAULT_IN_NONPAGED_AREA`.