🐛 COMMON VULNERABILITIES AND EXPOSURES 20[−]
10 MayCVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/netInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/templateInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literalsInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsingInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin commandInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-6666 PgBouncer crash in kill_pool_logins_server_errorInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-45130 Vim: Heap Buffer Overflow in spell file loadingInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-44656 Vim: OS Command Injection via 'path' completionInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-33811 Crash when handling long CNAME response in netInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/goInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/goInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39820 Quadratic string concatentation in consumeComment in net/mailInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputilInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39826 Escaper bypass leads to XSS in html/templateInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in netInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mailInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/goInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titlesInformation published.MSRC.MICROSOFT.COM
10 MayOllama Out-of-Bounds Read Vulnerability Allows Remote Process Memory LeakCybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally,…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
10 May KEVWeek in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scamsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Your work apps are quietly handing 19 data points to someone Office work in 2026 relies on mobile apps used alongside personal tools like banking and messaging. Ten widely used workp…HELPNETSECURITY.COM
10 MayOfficial JDownloader site served malware to Windows and Linux users between May 6 and May 7JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files betwee…SECURITYAFFAIRS.COM
10 MayNew cPanel vulnerabilities could allow file access and remote code executioncPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, exe…SECURITYAFFAIRS.COM
🔥 INCIDENT REPORTING 3[−]
10 MayCyberWire Daily at 10: The evolution of geopolitics and warfare.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss cybersecurity geopolitics and warfare that have been in the news over the past 10 years. Our conversation treks around the globe beginning with the su…THECYBERWIRE.COM
10 MaySecurity Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Quasar Linux RAT (QLNX): A Fi…SECURITYAFFAIRS.COM
10 MayWeekly Update 503Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains …TROYHUNT.COM
🕵️ THREAT INTELLIGENCE 1[−]
10 MayYARA-X 1.16.0 Release, (Sun, May 10th)YARA-X&#;x26;#;39;s 1.16.0 release brings 4 improvements and 4 bugfixes.
ISC.SANS.EDU
🌐 CYBER THREAT LANDSCAPE 1[−]
10 MaySECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CloudZ RAT potentially steals OTP messages using Pheno plugin Backdoored PyTorch Lightning package drops credential…SECURITYAFFAIRS.COM