[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:vulnerabilities":3},{"tag":4,"articles":8,"awareness":450,"events":451,"tips":452,"focus_items":453,"total_count":454},{"slug":5,"name":6,"description":7},"vulnerabilities","Vulnerabilities",null,[9,18,27,35,44,53,62,71,80,88,97,106,115,124,133,142,151,159,168,177,186,194,203,212,220,226,235,244,253,262,271,280,289,298,307,316,325,334,343,352,360,369,378,387,396,405,414,423,432,441],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"fc2aa533-2f4a-4943-a4ef-a78265a5f8a9","🚨WhatsApp zero-day exploit allegedly advertised for sale\n\nA threat actor on an underground forum...","whatsapp-zero-day-exploit-allegedly-advertised-for-sale-a-threat-actor-on-an-und-a46602","Threat actor claims to sell WhatsApp zero-day exploit for malware installation.","A threat actor is advertising a WhatsApp zero-day exploit for sale on an underground forum, claiming it can install malware or backdoors via private messages. The exploit allegedly works on both phones and desktop platforms. Details remain limited pending further investigation.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2058257939362627626","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJBmowuXAAAMDOf.jpg","2026-05-23T18:45:07+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":25,"published_at":26},"76343cc5-0302-48ea-8ee1-aec0f1f9a5fc","RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers","rondodox-botnet-exploits-critical-2018-vulnerability-to-hijack-asus-routers-88d656","RondoDox botnet exploits 2018 ASUS router vulnerability to hijack over 1 million devices.","VulnCheck discovered that the RondoDox botnet is actively exploiting CVE-2018-5999, a critical 2018 vulnerability in ASUS routers, to bypass authentication and hijack over 1 million devices. The vulnerability (CVSS 9.8\u002F10) allows unauthenticated attackers to modify router settings by manipulating the ateCommand_flag parameter. Though exploit code has been public since 2018, real-world exploitation only began in May 2026, with RondoDox using the compromised routers to launch DDoS attacks.","https:\u002F\u002Fhackread.com\u002Frondodox-botnet-2018-vulnerability-hijack-asus-routers\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Frondodox-botnet-2018-vulnerability-hijack-asus-routers-2.jpg","2026-05-23T11:16:40+00:00",{"id":28,"title":29,"slug":30,"brief":31,"ai_summary":32,"url":33,"image_url":7,"published_at":34},"fdb6209c-f668-4c74-ae62-ebb67cbcecb4","RT @CISACyber: 🛡️ We added Drupal core SQL injection vulnerability CVE-2026-9082 to our KEV Cata...","rt-cisacyber-we-added-drupal-core-sql-injection-vulnerability-cve-2026-9082-to-o-02c8ea","CISA adds Drupal core SQL injection vulnerability CVE-2026-9082 to KEV catalog","CISA has added CVE-2026-9082, a SQL injection vulnerability in Drupal core, to its Known Exploited Vulnerabilities (KEV) catalog. The addition indicates this vulnerability is being actively exploited in the wild and organizations should prioritize patching. Administrators running Drupal should apply available security updates immediately.","https:\u002F\u002Fx.com\u002FCISAgov\u002Fstatus\u002F2057893782339592352","2026-05-22T18:38:06+00:00",{"id":36,"title":37,"slug":38,"brief":39,"ai_summary":40,"url":41,"image_url":42,"published_at":43},"19308891-aad0-4dd8-b813-d04ede57526f","Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days","microsoft-patches-exploited-undefend-and-redsun-defender-zero-days-abf255","Microsoft patches two exploited Defender zero-days allowing privilege escalation and DoS attacks.","Microsoft released security patches for two zero-day vulnerabilities in Microsoft Defender that have been actively exploited in the wild. CVE-2026-41091 (CVSS 7.8) allows privilege escalation to System via link-following, while CVE-2026-45498 (CVSS 4.0) causes denial-of-service; both are variants of the BlueHammer exploit publicly disclosed last month. CISA added these flaws to its Known Exploited Vulnerabilities list and mandated federal agencies patch by June 3, 2026.","https:\u002F\u002Fwww.securityweek.com\u002Fmicrosoft-patches-exploited-undefend-and-redsun-defender-zero-days\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FMicrosoft-Defender.jpg","2026-05-21T09:52:05+00:00",{"id":45,"title":46,"slug":47,"brief":48,"ai_summary":49,"url":50,"image_url":51,"published_at":52},"85b135f4-2343-4a0c-8d98-48bcc2e07203","Microsoft shares mitigation for YellowKey Windows zero-day","microsoft-shares-mitigation-for-yellowkey-windows-zero-day-de9688","Microsoft releases mitigation for YellowKey BitLocker zero-day disclosed by Nightmare Eclipse.","Microsoft has published mitigations for YellowKey (CVE-2026-45585), a Windows BitLocker zero-day vulnerability that allows attackers to access protected drives by placing specially crafted FsTx files on USB or EFI partitions and rebooting into WinRE. The flaw was disclosed by anonymous researcher Nightmare Eclipse, who also leaked multiple other zero-day vulnerabilities (BlueHammer, RedSun, GreenPlasma, and UnDefend) in protest of Microsoft's vulnerability disclosure handling. Microsoft recommends removing autofstx.exe from Session Manager boot execution and configuring BitLocker to TPM+PIN mode as interim protections.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fmicrosoft\u002Fmicrosoft-shares-mitigation-for-yellowkey-windows-zero-day\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F05\u002F28\u002FWindows-headpic.jpg","2026-05-20T07:31:15+00:00",{"id":54,"title":55,"slug":56,"brief":57,"ai_summary":58,"url":59,"image_url":60,"published_at":61},"5034ac4a-5089-474b-a2f0-5dc09fa299a9","Breach entry point, 2026 DBIR finds | About Verizon","breach-entry-point-2026-dbir-finds-about-verizon-b1d772","Verizon's 2026 DBIR finds vulnerability exploitation now top breach entry point, surpassing stolen credentials.","Verizon's 19th annual Data Breach Investigations Report reveals that vulnerability exploitation (31%) has for the first time surpassed stolen credentials as the leading breach entry point, accelerated by AI that compresses exploitation timelines from months to hours. The report also highlights emerging risks including a 40% increase in mobile social engineering success, employee shadow AI use tripling to 45%, third-party supply chain breaches jumping 60%, and AI bot traffic growing 21% monthly—collectively reshaping threat landscapes and demanding urgent security resilience priorities.","https:\u002F\u002Fwww.verizon.com\u002Fabout\u002Fnews\u002Fbreach-industry-wide-dbir-finds","https:\u002F\u002Fss7.vzw.com\u002Fis\u002Fimage\u002FVerizonWireless\u002Fnews-dbir-1920x1280%20(1)?resMode=sharp2&scl=1","2026-05-19T20:21:35+00:00",{"id":63,"title":64,"slug":65,"brief":66,"ai_summary":67,"url":68,"image_url":69,"published_at":70},"983213ad-45be-4b76-a99e-d62fdf727cde","Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts","pwn2own-berlin-2026-closes-with-1-3-million-in-zero-day-payouts-2ee4c4","Pwn2Own Berlin 2026 concludes with 47 zero-day exploits demonstrated and $1.3M in payouts.","The Pwn2Own Berlin 2026 hacking competition concluded on May 16, 2026, with researchers demonstrating 47 unique zero-day vulnerabilities across enterprise software and AI platforms, earning $1.298M in total payouts. DEVCORE from Taiwan won the Master of Pwn title with $505K, with major exploits targeting Microsoft Exchange, VMware ESXi, SharePoint, Windows 11, and AI assistants like OpenAI Codex and Anthropic Claude. Vendors have 90 days to patch before ZDI publicly discloses technical details.","https:\u002F\u002Fhackread.com\u002Fpwn2own-berlin-2026-closes-zero-day-payouts\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fpwn2own-berlin-2026-closes-zero-day-payouts-2.jpg","2026-05-19T15:59:01+00:00",{"id":72,"title":73,"slug":74,"brief":75,"ai_summary":76,"url":77,"image_url":78,"published_at":79},"71ee27ea-8201-4de7-b6f2-5fc0274467f5","Exploitation of Critical NGINX Vulnerability Begins","exploitation-of-critical-nginx-vulnerability-begins-e3504e","Active in-the-wild exploitation of critical NGINX heap buffer overflow CVE-2026-42945 begins days after patch release.","A critical heap buffer overflow vulnerability (CVE-2026-42945, CVSS 9.2) in NGINX's ngx_http_rewrite_module, lurking for 16 years, is now being actively exploited in the wild just days after F5 released patches. The flaw causes denial-of-service on default configurations and remote code execution if ASLR is disabled. VulnCheck reports active exploitation via crafted HTTP requests on vulnerable deployments, with roughly 5.7M internet-exposed NGINX servers potentially at risk.","https:\u002F\u002Fwww.securityweek.com\u002Fexploitation-of-critical-nginx-vulnerability-begins\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FNginx.jpeg","2026-05-18T07:27:42+00:00",{"id":81,"title":82,"slug":83,"brief":84,"ai_summary":85,"url":86,"image_url":7,"published_at":87},"50c04eb4-1141-41ce-901f-55a3b5269c08","Another Windows zero day released by Nightmare Eclipse (sort of)\n\nIt turns out Microsoft just str...","another-windows-zero-day-released-by-nightmare-eclipse-sort-of-it-turns-out-micr-6327af","Microsoft failed to properly patch 2020 Windows CVE, allowing Nightmare Eclipse exploitation.","A Windows zero-day vulnerability has been exploited by the Nightmare Eclipse threat actor, stemming from Microsoft's incomplete patching of a CVE originally disclosed in 2020. The flaw remained unresolved despite prior remediation attempts, allowing attackers to leverage the unpatched weakness for active exploitation.","https:\u002F\u002Fx.com\u002Fvxunderground\u002Fstatus\u002F2055556704998138251","2026-05-16T07:51:23+00:00",{"id":89,"title":90,"slug":91,"brief":92,"ai_summary":93,"url":94,"image_url":95,"published_at":96},"340aaed9-b730-417d-966f-01496eca3df9","In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws","in-other-news-big-tech-vs-canada-encryption-bill-cisco-s-free-ai-security-spec-a-406051","SecurityWeek roundup covers Nvidia cloud gaming breach, Android 17 security upgrades, and fake Claude Code malware","This weekly cybersecurity roundup highlights multiple threats and developments: a GeForce NOW data breach via Armenian regional partner exposed user PII, the FBI warns of ShinyHunters' Canvas hacks, and a sophisticated infostealer campaign uses fake Claude Code installers to steal browser credentials. Additionally, Google's Android 17 introduces AI-driven security defenses and post-quantum cryptography, while Iran-linked Seedworm targets electronics manufacturers globally using DLL sideloading.","https:\u002F\u002Fwww.securityweek.com\u002Fin-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002Fcybersecurity-news.jpg","2026-05-15T14:52:16+00:00",{"id":98,"title":99,"slug":100,"brief":101,"ai_summary":102,"url":103,"image_url":104,"published_at":105},"c9fc924c-2d60-4142-b750-3b96533b9ea6","Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild","microsoft-warns-of-exchange-server-zero-day-exploited-in-the-wild-5e3df7","Microsoft warns of CVE-2026-42897 Exchange Server zero-day exploited in active attacks.","Microsoft disclosed CVE-2026-42897, a spoofing and cross-site scripting (XSS) vulnerability affecting Exchange Server Subscription Edition, 2016, and 2019. The zero-day, which exploits Exchange Outlook Web Access (OWA) via specially crafted emails, is actively being exploited in the wild. Microsoft has released mitigation guidance while developing a permanent patch.","https:\u002F\u002Fwww.securityweek.com\u002Fmicrosoft-warns-of-exchange-server-zero-day-exploited-in-the-wild\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FExchange.jpg","2026-05-15T12:06:53+00:00",{"id":107,"title":108,"slug":109,"brief":110,"ai_summary":111,"url":112,"image_url":113,"published_at":114},"fb0e4e90-3b21-47e6-a6df-92a94bdb6898","Microsoft warns of Exchange zero-day flaw exploited in attacks","microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks-3e8a4c","Microsoft warns of actively exploited Exchange Server zero-day XSS flaw affecting OWA users.","Microsoft disclosed a high-severity zero-day vulnerability (CVE-2026-42897) in Exchange Server 2016, 2019, and Subscription Edition that allows attackers to execute arbitrary JavaScript in Outlook on the Web via specially crafted emails. While patches are not yet available, Microsoft is providing automatic mitigation through the Exchange Emergency Mitigation Service (EEMS) and the Exchange on-premises Mitigation Tool (EOMT), though applying mitigations causes some functionality issues including broken calendar printing and image display in OWA.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fmicrosoft\u002Fmicrosoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F15\u002FMicrosoft-Exchange.jpg","2026-05-15T09:40:42+00:00",{"id":116,"title":117,"slug":118,"brief":119,"ai_summary":120,"url":121,"image_url":122,"published_at":123},"dfb85755-1a5d-445b-85b4-c9422c38d564","Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026","cisco-patches-another-sd-wan-zero-day-the-sixth-exploited-in-2026-31fdc9","Cisco patches sixth exploited SD-WAN zero-day CVE-2026-20182 exploited by UAT-8616.","Cisco released patches for CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager that allows remote admin access. The vulnerability has been actively exploited by sophisticated threat actor UAT-8616 in targeted attacks since May 2026. This is the sixth SD-WAN zero-day exploited in 2026, with CISA adding it to the KEV catalog requiring federal agencies to patch within three days.","https:\u002F\u002Fwww.securityweek.com\u002Fcisco-patches-another-sd-wan-zero-day-the-sixth-exploited-in-2026\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F07\u002FCisco-switches-network.jpeg","2026-05-15T06:28:46+00:00",{"id":125,"title":126,"slug":127,"brief":128,"ai_summary":129,"url":130,"image_url":131,"published_at":132},"b8bcc1d8-4258-4b4a-a601-5a390d1008af","Active Directory Certificate Services is a high impact vector for privilege escalation. Adversari...","active-directory-certificate-services-is-a-high-impact-vector-for-privilege-esca-bad964","Research reveals Active Directory Certificate Services as high-impact privilege escalation vector for adversaries.","Security researchers have published an analysis demonstrating how adversaries exploit Active Directory Certificate Services (AD CS) to escalate privileges, impersonate accounts, and establish persistence in compromised environments. The research provides a deep dive into the attack methods leveraging built-in AD CS features to achieve post-exploitation objectives.","https:\u002F\u002Fx.com\u002FUnit42_Intel\u002Fstatus\u002F2055064891975692327","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIUOnLsWgAAEkqN.jpg","2026-05-14T23:17:06+00:00",{"id":134,"title":135,"slug":136,"brief":137,"ai_summary":138,"url":139,"image_url":140,"published_at":141},"d17eca6a-e1a0-47f2-8d85-0f6be86ea17a","Daily Dose of Dark Web Informer - May 14th, 2026","daily-dose-of-dark-web-informer-may-14th-2026-92ea64","Daily dark web threat intelligence digest reporting multiple breaches, CVEs, and exposed credentials across global","This is a curated daily digest from Dark Web Informer summarizing recent breach claims, CVE disclosures, and threat intelligence findings across multiple sectors and countries. Highlights include alleged breaches at CoreWeave (GPU cloud provider), McKissock\u002FColibri Real Estate (3.3M+ records), Nuvidio (KYC and biometric data), and critical vulnerabilities in Cisco SD-WAN and NGINX. The digest aggregates claims from dark web forums and public sources without independent verification.","https:\u002F\u002Fdarkwebinformer.com\u002Fdaily-dose-of-dark-web-informer-may-14th-2026\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002Fsize\u002Fw1200\u002F2026\u002F02\u002F23597862398746923879872364987342598723.png","2026-05-14T22:25:52+00:00",{"id":143,"title":144,"slug":145,"brief":146,"ai_summary":147,"url":148,"image_url":149,"published_at":150},"18cbceb8-4761-40cb-a1ac-cf283e8155ac","Maximum Severity Cisco SD-WAN Bug Exploited in the Wild","maximum-severity-cisco-sd-wan-bug-exploited-in-the-wild-fa6c29","Cisco SD-WAN maximum severity vulnerability exploited in active attacks.","A CVSS 10.0 vulnerability in Cisco's SD-WAN control system is being actively exploited in the wild, marking the second critical zero-day attack against the platform this year. The flaw allows remote code execution without authentication, making it an attractive target for threat actors. Cisco has not yet disclosed patching timelines or the identity of the attacking groups.","https:\u002F\u002Fwww.darkreading.com\u002Fvulnerabilities-threats\u002Fmaximum-severity-cisco-sd-wan-bug-exploited","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt413a34f746df538e\u002F6a0626f76111611c85c510d8\u002FCisco-MTP-Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-14T20:25:31+00:00",{"id":152,"title":153,"slug":154,"brief":155,"ai_summary":156,"url":157,"image_url":7,"published_at":158},"cec6ac92-1767-432c-ab18-c4e8b3f27178","‼️CVE-2026-20182: Critical Cisco SD-WAN Auth Bypass Under Active Exploitation\n\nhttps:\u002F\u002Ft.co\u002Fmm9rX...","cve-2026-20182-critical-cisco-sd-wan-auth-bypass-under-active-exploitation-https-44c5a9","CVE-2026-20182 critical Cisco SD-WAN authentication bypass under active exploitation","A critical authentication bypass vulnerability (CVE-2026-20182) in Cisco SD-WAN has been discovered and is currently under active exploitation. The flaw allows attackers to bypass authentication mechanisms in the SD-WAN platform, potentially leading to unauthorized access and control of network infrastructure. Organizations using Cisco SD-WAN should prioritize patching and monitoring for exploitation attempts.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2055021527158919470","2026-05-14T20:24:47+00:00",{"id":160,"title":161,"slug":162,"brief":163,"ai_summary":164,"url":165,"image_url":166,"published_at":167},"44b2ee87-d276-4d77-b9d7-ec541dcff4f9","Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks","cisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks-21a961","Cisco patches critical SD-WAN Controller authentication bypass (CVE-2026-20182) exploited in active zero-day attacks.","Cisco disclosed CVE-2026-20182, a critical authentication bypass flaw in Catalyst SD-WAN Controller and Manager (CVSS 10.0) that was actively exploited in zero-day attacks to gain administrative privileges. Attackers could bypass peering authentication to register rogue devices in SD-WAN fabrics, potentially enabling lateral network movement. CISA mandated federal agency patching by May 17, 2026, and Cisco released security updates with mitigation guidance.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F07\u002F18\u002FCisco.jpg","2026-05-14T20:09:56+00:00",{"id":169,"title":170,"slug":171,"brief":172,"ai_summary":173,"url":174,"image_url":175,"published_at":176},"2f962a5b-8062-4751-b4e5-0cc462ca244a","Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026","windows-11-and-microsoft-edge-hacked-at-pwn2own-berlin-2026-0bc442","Pwn2Own Berlin 2026 day one: researchers exploit 24 zero-days in Windows 11, Edge, Linux, and AI tools for $523K.","At Pwn2Own Berlin 2026's first day, security researchers demonstrated 24 unique zero-day vulnerabilities across enterprise and AI technologies, earning $523,000 in cash awards. Highlights included Orange Tsai's $175,000 sandbox escape on Microsoft Edge via chained logic bugs, multiple Windows 11 privilege escalation exploits, and zero-days in AI\u002FML tools like LiteLLM, NVIDIA Megatron, OpenAI Codex, and Chroma. Vendors have 90 days to patch all disclosed flaws.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fwindows-11-and-microsoft-edge-hacked-on-first-day-of-pwn2own-berlin-2026\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F05\u002F15\u002FPwn2Own_Berin.jpg","2026-05-14T18:53:50+00:00",{"id":178,"title":179,"slug":180,"brief":181,"ai_summary":182,"url":183,"image_url":184,"published_at":185},"5ee44e3b-9ed6-4508-9ee5-e9e273c5eafe","ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories","threatsday-bulletin-pan-os-rce-mythos-curl-bug-ai-tokenizer-attacks-and-10-stori-e8a90a","Weekly threat roundup: PAN-OS RCE exploited, Mythos cURL bug, AI tokenizer attacks, and 10+ security stories.","This week's threat bulletin covers multiple critical security incidents including a PAN-OS CVE-2026-0300 buffer overflow being actively exploited to drop EarthWorm and ReverseSocks5 payloads, a zero-auth data leak affecting Schemata's military training platform, and Operation GriefLure targeting Vietnam and Philippines sectors. The roundup highlights escalating supply chain attacks, weak authentication controls, and state-sponsored phishing campaigns alongside emerging AI security risks.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fthreatsday-bulletin-pan-os-rce-mythos.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEjImYNT-qC7frGzEXeok3KDX_JNMKote6V1FVXIpkAoSEER2z1YyT8dpFq5RtRhBQ0cweEPbBIuioDWFf5rw_Mf-0V6rXR2ZrMh2ISDa7X7NlV9zIGsoLSAnyd_86eVkrR4wU24yxbuCYaAmyGFwlF77YCjvgU3n43P-yFT-pzjsmQ35Oaut1klg62bs_-i\u002Fs1600\u002Fthreatsday-2.jpg","2026-05-14T16:07:46+00:00",{"id":187,"title":188,"slug":189,"brief":190,"ai_summary":191,"url":192,"image_url":7,"published_at":193},"0908882d-5c15-4462-bd5c-4f44570d49be","‼️🇪🇬 mutreasury Allegedly Breached: Admin Credentials and API Keys Exposed From the Egyptian Un...","mutreasury-allegedly-breached-admin-credentials-and-api-keys-exposed-from-the-eg-662b5d","Egyptian mutreasury payment gateway breached; admin credentials and API keys exposed across 28+ universities.","The mutreasury platform, a payment gateway serving 28+ Egyptian universities, has been allegedly breached with admin credentials and API keys exposed. The breach reportedly includes a zero-day vulnerability being sold alongside the compromised credentials, potentially affecting the financial systems of multiple educational institutions across Egypt.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054940632817262745","2026-05-14T15:03:20+00:00",{"id":195,"title":196,"slug":197,"brief":198,"ai_summary":199,"url":200,"image_url":201,"published_at":202},"1cf203e4-5c2b-4203-b768-19a8b6b3a35c","When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps","when-configuration-becomes-a-vulnerability-exploitable-misconfigurations-in-ai-a-049340","Microsoft warns of exploitable misconfigurations in cloud-native AI apps on Kubernetes enabling RCE and data leaks.","Microsoft Security Blog reports that AI and agentic applications deployed on cloud-native platforms like Kubernetes frequently suffer from exploitable misconfigurations—exposed UIs combined with weak or missing authentication. These misconfigurations enable low-effort, high-impact attacks including remote code execution, credential theft, and access to sensitive data without requiring zero-days or sophisticated techniques. Microsoft Defender for Cloud signals show over half of cloud-native workload exploitations stem from such configuration issues, particularly in popular AI applications and platforms.","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F05\u002F14\u002Fconfiguration-becomes-vulnerability-exploitable-misconfigurations-ai-apps\u002F","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002Fwp-content\u002Fuploads\u002F2026\u002F03\u002FMS_Actional-Insights_Adversarial-AI.png","2026-05-14T14:20:55+00:00",{"id":204,"title":205,"slug":206,"brief":207,"ai_summary":208,"url":209,"image_url":210,"published_at":211},"e5134450-6565-4c1c-b23c-12fd019c860b","New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation","new-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation-28e3f1","Linux kernel vulnerability CVE-2026-46300 (Fragnesia) allows local privilege escalation to root.","A new Linux kernel vulnerability tracked as CVE-2026-46300, dubbed Fragnesia, resides in the XFRM ESP-in-TCP subsystem and allows unprivileged local attackers to escalate privileges to root by corrupting kernel memory and modifying system files like \u002Fusr\u002Fbin\u002Fsu or \u002Fetc\u002Fpasswd. Similar to previously disclosed Dirty Frag and Copy Fail vulnerabilities, Fragnesia affects a majority of Linux distributions, which have begun releasing patches. While a proof-of-concept exists, there is currently no evidence of active exploitation in the wild.","https:\u002F\u002Fwww.securityweek.com\u002Fnew-linux-kernel-vulnerability-fragnesia-allows-root-privilege-escalation\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F02\u002FLinux-malware.jpeg","2026-05-14T13:44:46+00:00",{"id":213,"title":214,"slug":215,"brief":216,"ai_summary":217,"url":218,"image_url":7,"published_at":219},"0dea38f0-9f50-4a45-94ba-5af71037c2a1","Siemens Ruggedcom Rox","siemens-ruggedcom-rox-c2c931","Siemens Ruggedcom Rox improper access control flaw allows authenticated remote file read with root privileges","Siemens Ruggedcom Rox devices contain CVE-2025-40948, an improper input validation vulnerability in the JSON-RPC web interface that allows authenticated remote attackers to read arbitrary files with root privileges. The vulnerability affects multiple Ruggedcom Rox models (MX5000, RX1400–RX1536 series) across worldwide critical manufacturing infrastructure. Siemens recommends updating to version 2.17.1 or later to remediate the issue.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-02","2026-05-14T12:00:00+00:00",{"id":221,"title":214,"slug":222,"brief":223,"ai_summary":224,"url":225,"image_url":7,"published_at":219},"c4d19356-d9e2-4ae6-95b8-a6ddf5206131","siemens-ruggedcom-rox-2fb9ad","Siemens Ruggedcom Rox OS command injection vulnerability allows authenticated RCE with root privileges.","Siemens has disclosed CVE-2025-40947, a critical OS command injection vulnerability in Ruggedcom Rox industrial routers affecting 11 product variants. The flaw exists in the feature key installation process and allows authenticated remote attackers to execute arbitrary commands with root privileges. Siemens recommends immediate patching to version 2.17.1 or later for all affected models deployed worldwide in critical manufacturing environments.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-11",{"id":227,"title":228,"slug":229,"brief":230,"ai_summary":231,"url":232,"image_url":233,"published_at":234},"72092131-732c-4da8-bc61-6603e9529ad1","F5 Patches Over 50 Vulnerabilities","f5-patches-over-50-vulnerabilities-9f7ebc","F5 patches over 50 vulnerabilities in BIG-IP, BIG-IQ, and NGINX products.","F5 released security updates addressing 19 high-severity and 32 medium-severity vulnerabilities across BIG-IP, BIG-IQ, and NGINX. The most critical issue, CVE-2026-42945 in NGINX (CVSS 9.2), is a denial-of-service flaw in the rewrite module that can lead to code execution if ASLR is disabled. Other significant flaws include CVE-2026-41225 affecting iControl REST authentication and multiple RCE vulnerabilities requiring authentication.","https:\u002F\u002Fwww.securityweek.com\u002Ff5-patches-over-50-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002FF5-Vulnerability.jpg","2026-05-14T10:47:58+00:00",{"id":236,"title":237,"slug":238,"brief":239,"ai_summary":240,"url":241,"image_url":242,"published_at":243},"11eba9f7-511b-4c8d-b12d-fb7072a5a474","Hackers Targeted PraisonAI Vulnerability Hours After Disclosure","hackers-targeted-praisonai-vulnerability-hours-after-disclosure-51c3b5","Hackers probed PraisonAI authentication bypass CVE-2026-44338 within 3.75 hours of disclosure.","PraisonAI versions 2.5.6 to 4.6.33 contained an authentication bypass (CVE-2026-44338) due to disabled Flask API authentication by default, allowing unauthenticated access to agent workflows. Within 3 hours 44 minutes of public disclosure, a scanner identified as CVE-Detector\u002F1.0 began probing internet-exposed instances for the vulnerable endpoint. Sysdig assessed the activity as reconnaissance-focused reconnaissance rather than active exploitation, but highlights the accelerated threat timeline enabled by AI-assisted tooling in the modern attack landscape.","https:\u002F\u002Fwww.securityweek.com\u002Fhackers-targeted-praisonai-vulnerability-hours-after-disclosure\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F08\u002FAI-assistant-chatbot-artificial-intelligence.jpg","2026-05-14T09:45:53+00:00",{"id":245,"title":246,"slug":247,"brief":248,"ai_summary":249,"url":250,"image_url":251,"published_at":252},"8eaa8666-fdd9-4f37-be4d-bfd89d0a743a","Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation","windows-zero-days-expose-bitlocker-bypasses-and-ctfmon-privilege-escalation-793b30","Anonymous researcher discloses two Windows zero-days: BitLocker bypass (YellowKey) and CTFMON privilege escalation","A researcher known as Chaotic Eclipse has disclosed two new Windows zero-day vulnerabilities affecting Windows 11 and Windows Server 2022\u002F2025. YellowKey is a BitLocker bypass in the Windows Recovery Environment (WinRE) that allows an attacker with USB access to unlock encrypted drives by manipulating Transactional NTFS files. GreenPlasma is a privilege escalation via Windows CTFMON arbitrary section creation that enables unprivileged users to obtain SYSTEM-level permissions.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fwindows-zero-days-expose-bitlocker.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEgXt7ooDl2PwJY4nazAKdW9rmILsmosve2FZaO9usxTk_rkksEEvsLgY-uc_MErXvjvusuWjN7PWRM9KaRXB1OkL75gio7tcqpMsPZxaFNE9XDpYmARH3Dw_gGgddwWXHSt5VUJ-lb56F9bCVzTYghEo7qELWVv8K_W8V1BrWgssgqWkzPJxW6I31i_GyYf\u002Fs1600\u002Fwindowss.jpg","2026-05-14T09:25:50+00:00",{"id":254,"title":255,"slug":256,"brief":257,"ai_summary":258,"url":259,"image_url":260,"published_at":261},"3a025890-2ac1-42e1-8786-7b5553294a44","High-Severity Vulnerability Patched in VMware Fusion","high-severity-vulnerability-patched-in-vmware-fusion-3f3b97","Broadcom patches high-severity TOCTOU privilege escalation flaw in VMware Fusion.","Broadcom released a patch for CVE-2026-41702, a high-severity time-of-check time-of-use (TOCTOU) vulnerability in VMware Fusion that allows local non-administrative users to escalate privileges to root. The vulnerability was reported by Mathieu Farrell. The patch was announced as Broadcom attends Pwn2Own hacking competition in Berlin, where additional VMware patches are expected.","https:\u002F\u002Fwww.securityweek.com\u002Fhigh-severity-vulnerability-patched-in-vmware-fusion\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2022\u002F08\u002FVMWare.jpg","2026-05-14T08:42:25+00:00",{"id":263,"title":264,"slug":265,"brief":266,"ai_summary":267,"url":268,"image_url":269,"published_at":270},"872ede96-6681-4aec-bfe5-dc8a27160356","Researcher Drops YellowKey, GreenPlasma Windows Zero-Days","researcher-drops-yellowkey-greenplasma-windows-zero-days-3e65bf","Researcher publicly discloses YellowKey BitLocker bypass and GreenPlasma privilege escalation zero-days in Windows.","Security researcher Chaotic Eclipse publicly released proof-of-concept exploits for two unpatched Windows zero-day vulnerabilities: YellowKey, which bypasses BitLocker encryption with physical access, and GreenPlasma, which enables privilege escalation to System level. The researcher claims YellowKey may be an intentional backdoor and has previously expressed dissatisfaction with Microsoft's vulnerability handling; security experts confirmed the exploits work against recent Windows 11 builds.","https:\u002F\u002Fwww.securityweek.com\u002Fresearcher-drops-yellowkey-greenplasma-windows-zero-days\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F10\u002FWindows-Kernel-BSOD.jpg","2026-05-14T07:27:42+00:00",{"id":272,"title":273,"slug":274,"brief":275,"ai_summary":276,"url":277,"image_url":278,"published_at":279},"9288b5ba-f4c8-4108-aa03-7a90a679d56e","‼️ CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NG...","cve-2026-42945-rce-proof-of-concept-for-cve-2026-42945-a-critical-heap-buffer-ov-d46f23","CVE-2026-42945: Critical heap buffer overflow RCE PoC released for NGINX ngx_http_rewrite_module","A critical remote code execution vulnerability (CVE-2026-42945) in NGINX's ngx_http_rewrite_module has been publicly disclosed with proof-of-concept code. The heap buffer overflow flaw was introduced in 2008 and affects the module's rewrite functionality, allowing unauthenticated attackers to execute arbitrary code on vulnerable systems.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054719764971266052","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIPUn6sXAAAiL_C.png","2026-05-14T00:25:41+00:00",{"id":281,"title":282,"slug":283,"brief":284,"ai_summary":285,"url":286,"image_url":287,"published_at":288},"5605a5c5-1078-4dda-9f06-4df1bb0eaedb","‼️🇬🇷 Municipality of Agrinio allegedly breached: 28 databases exposed via SQL injection on the...","municipality-of-agrinio-allegedly-breached-28-databases-exposed-via-sql-injectio-f82511","Municipality of Agrinio breached; 28 databases exposed via SQL injection attack.","A threat actor has disclosed the results of an SQL injection attack against the Municipality of Agrinio, Greece's largest city in the Aetolia-Acarnania region, exposing 28 databases. The breach was carried out on the Greek local government portal. The incident highlights critical web application security vulnerabilities in critical infrastructure.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054703616871612717","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIPGC1WWAAAX0hi.jpg","2026-05-13T23:21:31+00:00",{"id":290,"title":291,"slug":292,"brief":293,"ai_summary":294,"url":295,"image_url":296,"published_at":297},"279ca76b-4d24-4cfd-8ada-c0c478072bea","Researchers say AI just broke every benchmark for autonomous cyber capability","researchers-say-ai-just-broke-every-benchmark-for-autonomous-cyber-capability-5a7aba","Claude Mythos Preview and GPT-5.5 break autonomous cyber capability benchmarks, solving previously unsolvable attack","Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 have significantly surpassed expected capability growth trajectories for autonomous cybersecurity tasks, according to independent studies from the UK's AI Security Institute and Palo Alto Networks. Claude Mythos became the first model to complete both of AISI's cyber range simulations, while Palo Alto Networks identified 26 CVEs (75 issues) through AI scanning—far exceeding typical monthly discovery rates. The rapid advancement raises questions about whether this represents an isolated leap or a new, accelerated development curve.","https:\u002F\u002Fcyberscoop.com\u002Fai-autonomous-cyber-capability-benchmarks-broken-gpt5-claude-mythos\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2026\u002F05\u002FGettyImages-2229149370-1-1.jpg","2026-05-13T22:29:19+00:00",{"id":299,"title":300,"slug":301,"brief":302,"ai_summary":303,"url":304,"image_url":305,"published_at":306},"3fd3bc5c-2676-4a16-a6bc-b89d2f444d74","Windows BitLocker zero-day gives access to protected drives, PoC released","windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released-0e4efb","Researcher releases PoC exploits for YellowKey BitLocker bypass and GreenPlasma privilege escalation zero-days.","A cybersecurity researcher operating as Chaotic Eclipse\u002FNightmare-Eclipse has published proof-of-concept exploits for two unpatched Windows zero-day vulnerabilities: YellowKey, a BitLocker bypass affecting Windows 11 and Server 2022\u002F2025, and GreenPlasma, a privilege escalation flaw in CTFMON. The researcher justified public disclosure citing dissatisfaction with Microsoft's handling of previous bug reports, and has promised further exploit releases.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fwindows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F02\u002F13\u002FWindows-headpic.jpg","2026-05-13T16:37:49+00:00",{"id":308,"title":309,"slug":310,"brief":311,"ai_summary":312,"url":313,"image_url":314,"published_at":315},"fcf2c449-2921-4383-8b71-cb4e4de479b4","Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises","microsoft-patches-critical-zero-click-outlook-vulnerability-threatening-enterpri-41bfbc","Microsoft patches critical zero-click Outlook RCE vulnerability CVE-2026-40361 affecting enterprises.","Microsoft released a patch for CVE-2026-40361, a critical zero-click remote code execution vulnerability in Outlook's email rendering engine that can be exploited when victims read or preview emails. Researcher Haifei Li, who discovered the flaw, compared it to BadWinmail (CVE-2015-6172), an \"enterprise killer\" vulnerability from over a decade ago with identical attack vectors. The vulnerability affects a DLL shared by Word and Outlook, and while Microsoft rated it as \"exploitation more likely,\" Li emphasized that threat actors should not be underestimated despite only releasing a proof-of-concept.","https:\u002F\u002Fwww.securityweek.com\u002Fmicrosoft-patches-critical-zero-click-outlook-vulnerability-threatening-enterprises\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F03\u002FMicrosoft-Outlook-CVE-2023-23397.jpg","2026-05-13T10:33:46+00:00",{"id":317,"title":318,"slug":319,"brief":320,"ai_summary":321,"url":322,"image_url":323,"published_at":324},"31d18e59-458f-4322-ad28-a01ec9962c20","Fortinet, Ivanti Patch Critical Vulnerabilities","fortinet-ivanti-patch-critical-vulnerabilities-53fdc9","Fortinet and Ivanti patch 18 vulnerabilities including three critical code execution flaws.","Fortinet released 11 advisories covering 11 vulnerabilities, including two critical-severity remote code execution bugs in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both with CVSS 9.1 scores. Ivanti patched 7 vulnerabilities across four products, with the most severe being CVE-2026-8043 (CVSS 9.6) in Xtraction allowing arbitrary file read\u002Fwrite. Neither vendor reported active exploitation of the patched flaws in the wild.","https:\u002F\u002Fwww.securityweek.com\u002Ffortinet-ivanti-patch-critical-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F07\u002Fsoftware-vulnerability-patch-update.jpg","2026-05-13T09:36:55+00:00",{"id":326,"title":327,"slug":328,"brief":329,"ai_summary":330,"url":331,"image_url":332,"published_at":333},"33075b97-13be-4864-a4db-69e84b2e370f","Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities","chipmaker-patch-tuesday-intel-and-amd-patch-70-vulnerabilities-f9ddf3","Intel and AMD release 70 vulnerability patches across product portfolios on May 2026 Patch Tuesday.","Intel and AMD released security advisories on May 2026 Patch Tuesday addressing 70 vulnerabilities combined. Intel patched 24 flaws across 13 advisories including a critical buffer overflow (CVE-2026-20794, CVSS 9.3) in Data Center Graphics Driver for VMware ESXi. AMD patched 45 vulnerabilities across 15 advisories, including a critical flaw (CVE-2026-0481, CVSS 9.2) in AMD Device Metrics Exporter exposing GPU configuration to unauthenticated remote attackers.","https:\u002F\u002Fwww.securityweek.com\u002Fchipmaker-patch-tuesday-intel-and-amd-patch-70-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F11\u002Fchipmaker-patch-tuesday.jpeg","2026-05-13T08:37:34+00:00",{"id":335,"title":336,"slug":337,"brief":338,"ai_summary":339,"url":340,"image_url":341,"published_at":342},"d378a243-8ebb-48e3-b1ae-07aab8fa9f85","ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA","ics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa-3f1cb4","Siemens, Schneider Electric, and CISA publish May 2026 Patch Tuesday advisories for ICS vulnerabilities.","Multiple industrial control system (ICS) vendors released security advisories for May 2026 Patch Tuesday, with Siemens publishing 18 advisories covering critical flaws in Sentron, Simatic, Ruggedcom, and other products. Vulnerabilities include device takeover, command execution as root, arbitrary file access, and missing authentication controls. Notable concern: Ruggedcom APE1808 is affected by a recently disclosed Palo Alto Networks PAN-OS vulnerability reportedly exploited by Chinese state-sponsored actors.","https:\u002F\u002Fwww.securityweek.com\u002Fics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F11\u002FICS_Patches.jpg","2026-05-13T06:50:51+00:00",{"id":344,"title":345,"slug":346,"brief":347,"ai_summary":348,"url":349,"image_url":350,"published_at":351},"48851fed-f256-49a0-a997-90c60e5e79c7","Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark","defense-at-ai-speed-microsoft-s-new-multi-model-agentic-security-system-tops-lea-c0941c","Microsoft announces MDASH, an AI agentic system that discovered 16 new Windows vulnerabilities including four Critical","Microsoft's Autonomous Code Security team has developed MDASH, a multi-model agentic scanning harness that orchestrates over 100 specialized AI agents to discover and validate exploitable vulnerabilities. The system identified 16 new vulnerabilities in Windows networking and authentication components, including four Critical remote code execution flaws in the Windows kernel TCP\u002FIP stack and IKEv2 service. MDASH achieved 88.45% on the public CyberGym benchmark with zero false positives on internal testing, demonstrating production-grade AI-powered vulnerability discovery at enterprise scale.","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F05\u002F12\u002Fdefense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark\u002F","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FMS_Actional-Insights_Lock-1.jpg","2026-05-12T22:00:00+00:00",{"id":353,"title":354,"slug":355,"brief":356,"ai_summary":357,"url":358,"image_url":7,"published_at":359},"ef51c965-7307-4065-9540-ddea6eee9b62","Yippie\n\nTwo new Microsoft Windows 0days. The exploits have cool and badass mysterious names to be...","yippie-two-new-microsoft-windows-0days-the-exploits-have-cool-and-badass-mysteri-cf15a5","Two new Microsoft Windows zero-day vulnerabilities disclosed with codenames GreenPlasma and YellowKey.","Two previously unknown Microsoft Windows zero-day vulnerabilities have been disclosed: GreenPlasma, an arbitrary section creation elevation of privileges flaw in CTFMON, and YellowKey, a BitLocker bypass vulnerability. The vulnerabilities carry mysterious codenames and appear to be actively exploited or monitored by threat researchers.","https:\u002F\u002Fx.com\u002Fvxunderground\u002Fstatus\u002F2054307403407970448","2026-05-12T21:07:06+00:00",{"id":361,"title":362,"slug":363,"brief":364,"ai_summary":365,"url":366,"image_url":367,"published_at":368},"02a330d4-a42e-4b3a-ad37-3a0b22598955","Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical","microsoft-addresses-137-vulnerabilities-in-may-s-patch-tuesday-including-13-rate-237839","Microsoft patches 137 vulnerabilities in May Patch Tuesday, including 13 critical flaws.","Microsoft released patches for 137 vulnerabilities in May's Patch Tuesday, with 13 assigned critical CVSS ratings and no actively exploited zero-days reported. Critical vulnerabilities include CVE-2026-33109 and CVE-2026-42823 in Azure, CVE-2026-42898 in Dynamics 365 (9.9 CVSS), CVE-2026-41096 in Windows DNS enabling unauthenticated RCE, and CVE-2026-41089 in Windows Netlogon. The high volume reflects a growing trend of AI models being deployed to discover previously unknown code defects.","https:\u002F\u002Fcyberscoop.com\u002Fmicrosoft-patch-tuesday-may-2026\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2024\u002F09\u002FGettyImages-1408775753.jpg","2026-05-12T21:00:37+00:00",{"id":370,"title":371,"slug":372,"brief":373,"ai_summary":374,"url":375,"image_url":376,"published_at":377},"ef7889e0-9385-4a8b-ab69-5bd4a8ab0838","Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review","microsoft-and-adobe-patch-tuesday-may-2026-security-update-review-044968","Microsoft patches 137 vulnerabilities including 30 critical; Adobe addresses 52 vulnerabilities with 27 critical in May","Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities across its ecosystem, including 30 critical and 103 important-severity issues affecting Windows, Edge, .NET, M365 Copilot, Hyper-V, and other components. Notable critical CVEs include remote code execution flaws in Microsoft Word and Windows Netlogon, plus an authentication bypass in the Microsoft SSO Plugin for Jira & Confluence. Adobe simultaneously released 10 security advisories patching 52 vulnerabilities (27 critical) across Premiere Pro, Media Encoder, After Effects, Commerce, Connect, and other products.","https:\u002F\u002Fblog.qualys.com\u002Fvulnerabilities-threat-research\u002F2026\u002F05\u002F12\u002Fmicrosoft-patch-tuesday-may-2026-security-update-review","https:\u002F\u002Fik.imagekit.io\u002Fqualys\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FMicrosoft-Patch-Tuesday-May-2026.png","2026-05-12T19:50:45+00:00",{"id":379,"title":380,"slug":381,"brief":382,"ai_summary":383,"url":384,"image_url":385,"published_at":386},"9f24b4e6-397c-4920-b34c-d580e287c5b3","Two more public disclosures, it will never stop","two-more-public-disclosures-it-will-never-stop-83f43d","Researcher discloses two Microsoft vulnerabilities via GitHub, threatens escalation.","A researcher publishing under the handle Nightmare-Eclipse has publicly disclosed two Microsoft vulnerabilities (YellowKey and GreenPlasma) via GitHub repositories, accompanied by a cryptographically signed message expressing frustration with Microsoft's handling of prior disclosure incidents. The actor threatens further escalations and additional disclosures targeting other companies, citing Microsoft's perceived uncooperative response and referencing a prior incident called 'bluehammer.' The tone suggests an ongoing dispute over vulnerability disclosure practices and responsible coordination.","https:\u002F\u002Fdeadeclipse666.blogspot.com\u002F2026\u002F05\u002Ftwo-more-public-disclosures-it-will.html","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHII2PXgW8AAhJcK.png","2026-05-12T18:15:44+00:00",{"id":388,"title":389,"slug":390,"brief":391,"ai_summary":392,"url":393,"image_url":394,"published_at":395},"38efd127-7134-45cc-a482-1bb4bb531b64","Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days","microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days-40079e","Microsoft May 2026 Patch Tuesday fixes 120 flaws with 17 critical vulnerabilities, no zero-days.","Microsoft released its May 2026 Patch Tuesday update addressing 120 vulnerabilities across its product portfolio, including 17 critical flaws—14 remote code execution, 2 privilege escalation, and 1 information disclosure. No zero-day exploits were disclosed this month. Notable vulnerabilities include remote code execution flaws in Microsoft Office, Windows GDI, SharePoint Server, and Windows DNS Client, with particular emphasis on Office file exploits via preview pane that warrant immediate patching.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fmicrosoft\u002Fmicrosoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F10\u002F08\u002Fpatch_tuesday_microsoft.jpg","2026-05-12T18:08:06+00:00",{"id":397,"title":398,"slug":399,"brief":400,"ai_summary":401,"url":402,"image_url":403,"published_at":404},"dce9a1be-d72c-4500-ad9d-b14ee9375b3a","Microsoft Patches 137 Vulnerabilities","microsoft-patches-137-vulnerabilities-b1a8bb","Microsoft patches 137 vulnerabilities including critical flaws in Azure, Windows, and Office products.","Microsoft released Patch Tuesday updates addressing 137 vulnerabilities across its product portfolio, with none currently exploited in the wild. Approximately a dozen vulnerabilities have been rated as 'exploitation more likely,' including critical flaws in the Microsoft SSO Plugin for Jira & Confluence (CVE-2026-41103) and two high-severity remote code execution bugs in Microsoft Word (CVE-2026-40364, CVE-2026-40361) that can be triggered via malicious documents in preview pane. Additional critical and high-severity issues were resolved in Windows components, Azure services, Dynamics 365, and Office suite products.","https:\u002F\u002Fwww.securityweek.com\u002Fmicrosoft-patches-137-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F10\u002FWindows-10.jpeg","2026-05-12T18:07:39+00:00",{"id":406,"title":407,"slug":408,"brief":409,"ai_summary":410,"url":411,"image_url":412,"published_at":413},"e1caa891-6287-4d05-aadb-0c036ed51c82","Škoda warns of customer data breach after online shop hack","skoda-warns-of-customer-data-breach-after-online-shop-hack-ed36a2","Škoda Auto discloses data breach after attackers exploited unspecified vulnerability in German online shop.","Škoda Auto, a Volkswagen Group subsidiary, confirmed a data breach affecting its German online shop (shop.skoda-auto.de) after threat actors exploited an unspecified vulnerability in the e-commerce platform's standard software. Stolen data includes customer names, addresses, contact information, phone numbers, order details, and password hashes, though financial information was not compromised. The company fixed the vulnerability, reported the incident to data protection authorities, and noted the breach does not affect its global operations or Škoda Connect Portal.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fskoda-warns-of-customer-data-breach-after-online-shop-hack\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F12\u002FSkoda.jpg","2026-05-12T17:07:01+00:00",{"id":415,"title":416,"slug":417,"brief":418,"ai_summary":419,"url":420,"image_url":421,"published_at":422},"85f1aab2-97f6-4e65-834e-2702e8028d7f","Adobe Patches 52 Vulnerabilities in 10 Products","adobe-patches-52-vulnerabilities-in-10-products-727412","Adobe patches 52 vulnerabilities across 10 products, including critical code execution flaws.","Adobe released security patches addressing 52 vulnerabilities spanning 10 products, with over half potentially enabling arbitrary code execution. Critical-severity bugs in Adobe Connect (CVE-2026-34659, CVE-2026-34660) and multiple high-severity code execution issues in Commerce, After Effects, Premiere Pro, and other applications were resolved. The company reports no active exploitation of these vulnerabilities in the wild.","https:\u002F\u002Fwww.securityweek.com\u002Fadobe-patches-52-vulnerabilities-in-10-products\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F07\u002FAdobe.jpg","2026-05-12T16:47:21+00:00",{"id":424,"title":425,"slug":426,"brief":427,"ai_summary":428,"url":429,"image_url":430,"published_at":431},"4d7103ff-4fe3-4514-ba46-3e428ac493cb","Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days","pwn2own-berlin-2026-hits-capacity-as-rejected-hackers-release-0-days-09b58a","Rejected Pwn2Own Berlin 2026 researchers publicly disclose zero-days for Firefox, NVIDIA, and AI platforms.","Pwn2Own Berlin 2026 reached capacity for the first time in 19 years, forcing organizers to close registration early on May 7. Dozens of rejected researchers responded by publicly disclosing zero-day exploits targeting Firefox, NVIDIA, Docker, Linux KVM, PyTorch, Oracle Autonomous AI Database, and AI coding tools like Claude Code and GitHub Copilot. This \"revenge disclosure\" wave threatens the contest's integrity and could render accepted competitors' exploits worthless if vendors patch vulnerabilities before the May 14 event.","https:\u002F\u002Fhackread.com\u002Fpwn2own-berlin-2026-hits-capacity-hackers-0-days\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fpwn2own-berlin-2026-hits-capacity-hackers-0-days.jpg","2026-05-12T16:41:26+00:00",{"id":433,"title":434,"slug":435,"brief":436,"ai_summary":437,"url":438,"image_url":439,"published_at":440},"d2c875c0-332a-4715-a5c5-697652db99f8","‼️ Nightmare-Eclipse has just released two new GitHub repositories... Same user behind RedSun, Un...","nightmare-eclipse-has-just-released-two-new-github-repositories-same-user-behind-7f8fb6","Threat actor releases two new exploitation tools: YellowKey (BitLocker bypass) and GreenPlasma (Windows privilege","A threat actor known as Nightmare-Eclipse, linked to previous malware campaigns RedSun, UnDefend, and BlueHammer, has released two new GitHub repositories containing exploitation tools. YellowKey targets BitLocker encryption bypass, while GreenPlasma exploits a Windows CTFMON vulnerability to achieve arbitrary privilege escalation. The public release of these tools increases their availability to other attackers and poses immediate risk to Windows systems.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054229813947211975","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIIXF4mXIAEavvO.jpg","2026-05-12T15:58:48+00:00",{"id":442,"title":443,"slug":444,"brief":445,"ai_summary":446,"url":447,"image_url":448,"published_at":449},"f6dcd2bc-8fec-4b39-8aa3-a47924f080f4","Apple Patches Dozens of Vulnerabilities in macOS, iOS","apple-patches-dozens-of-vulnerabilities-in-macos-ios-e44139","Apple patches 60+ iOS\u002FiPadOS and 80+ macOS vulnerabilities including WebKit issues.","Apple released 11 security advisories addressing over 60 CVEs in iOS 26.5 and iPadOS 26.5, including 20 WebKit vulnerabilities that can cause crashes, data exposure, and sandbox escapes. The same vulnerabilities were also patched in macOS Tahoe 26.5 (nearly 80 CVEs) and older macOS versions. A patched flaw previously exploited by the FBI to recover deleted Signal chats was backported to older iOS versions.","https:\u002F\u002Fwww.securityweek.com\u002Fapple-patches-dozens-of-vulnerabilities-in-macos-ios\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F09\u002FApple-MacBook-iPhone.jpeg","2026-05-12T12:37:21+00:00",[],[],[],[],50]