260Articles
10Categories
2026-05-12Date
🚨 CISA KEV 2[−]
12 May KEVWhy patching SLAs should be the floor, not the strategyI’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals clo…CSOONLINE.COM
12 May KEVHow Rapid7 is bringing Cyber GRC closer to security operationsSabeen Malik is VP, Global Government Affairs and Public Policy at Rapid7. ⠀ Security teams need a better way to connect what they detect, what they fix, and what they can prove. The pace of modern security operations no longer works in defenders’ favor. IBM’s Cost of a Data Brea…RAPID7.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 131[−]
12 MayLinux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patchedLinux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged …CSOONLINE.COM
12 MayBitUnlocker Downgrade Attack Bypasses Windows 11 Disk Encryption in MinutesA proof-of-concept (PoC) exploit that demonstrates how attackers can bypass Windows 11 BitLocker disk encryption in under 5 minutes. Dubbed the “BitUnlocker” attack, this physical downgrade technique exploits a known vulnerability, CVE-2025-48804. Initially documented…GBHACKERS.COM
12 MayCline AI Agent Flaw Allows Attackers to Launch RCE AttacksA critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply visiting a malicious website. Security researcher Sagilayani disclosed CVE-2026-44211 on GitH…GBHACKERS.COM
12 MaycPanel flaw exposes enterprises to hosting supply-chain risksA newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-419…CSOONLINE.COM
12 MayCopy.Fail Linux VulnerabilityThis is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four b…SCHNEIER.COM
12 MayAttackers exploit cPanel CVE-2026-41940 to deploy Filemanager BackdoorAttackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compr…SECURITYAFFAIRS.COM
12 MayJetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security…HELPNETSECURITY.COM
12 MayStealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows …HELPNETSECURITY.COM
12 MayCVE-2026-32204 Azure Monitor Agent Elevation of Privilege VulnerabilityExternal control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32177 .NET Elevation of Privilege VulnerabilityHeap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-21530 Windows Rich Text Edit Elevation of Privilege VulnerabilityDouble free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33117 Azure SDK for Java Security Feature Bypass VulnerabilityImproper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33834 Windows Event Logging Service Elevation of Privilege VulnerabilityImproper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33839 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33840 Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33841 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34330 Win32k Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34331 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34333 Windows Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34342 Windows Print Spooler Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34347 Windows Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34350 Windows Storport Miniport Driver Denial of Service VulnerabilityNull pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34351 Windows TCP/IP Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35417 Windows Win32k Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35419 Windows DWM Core Library Information Disclosure VulnerabilityOut-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35420 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35421 Windows GDI Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass VulnerabilityAuthentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35423 Windows 11 Telnet Client Information Disclosure VulnerabilityOut-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityMissing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35433 .NET Elevation of Privilege VulnerabilityImproper input validation in .NET allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35438 Windows Admin Center Elevation of Privilege VulnerabilityMissing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35439 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35440 Microsoft Word Information Disclosure VulnerabilityFiles or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40360 Microsoft Excel Information Disclosure VulnerabilityOut-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40363 Microsoft Office Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40364 Microsoft Word Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40366 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40368 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityHeap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.MSRC.MICROSOFT.COM
12 MayCVE-2026-40399 Windows TCP/IP Elevation of Privilege VulnerabilityStack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40405 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40406 Windows TCP/IP Information Disclosure VulnerabilityUse after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege VulnerabilityUse after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40410 Windows SMB Client Elevation of Privilege VulnerabilityUse after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40414 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40415 Windows TCP/IP Remote Code Execution VulnerabilityUse after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityWeak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityUse after free in Microsoft Office allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40421 Microsoft Word Information Disclosure VulnerabilityExternal control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExternal control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41089 Windows Netlogon Remote Code Execution VulnerabilityStack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41094 Microsoft Data Formulator Remote Code Execution VulnerabilityImproper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41095 Data Deduplication Elevation of Privilege VulnerabilityUse after free in Data Deduplication allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41096 Windows DNS Client Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41100 Microsoft 365 Copilot for Android Spoofing VulnerabilityImproper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41101 Microsoft Word for Android Spoofing VulnerabilityImproper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41102 Microsoft PowerPoint for Android Spoofing VulnerabilityImproper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityImproper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41610 Visual Studio Code Security Feature Bypass VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41611 Visual Studio Code Remote Code Execution VulnerabilityImproper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41612 Visual Studio Code Information Disclosure VulnerabilityRelative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41614 M365 Copilot for Desktop Spoofing VulnerabilityImproper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-32170 Windows Rich Text Edit Elevation of Privilege VulnerabilityDouble free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32185 Microsoft Teams Spoofing VulnerabilityFiles or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42831 Microsoft Office Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32175 .NET Core Tampering VulnerabilityA tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited c…MSRC.MICROSOFT.COM
12 MayCVE-2026-42825 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42896 Windows DWM Core Library Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityImproper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42899 ASP.NET Core Denial of Service VulnerabilityLoop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33110 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33112 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33833 Azure Machine Learning Notebook Spoofing VulnerabilityImproper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33837 Windows TCP/IP Local Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityDouble free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution VulnerabilityUse after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34334 Windows TCP/IP Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34336 Windows DWM Core Library Information Disclosure VulnerabilityBuffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34338 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityNull pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34340 Windows Projected File System Elevation of Privilege VulnerabilityUse after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityDouble free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40357 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40358 Microsoft Office Remote Code Execution VulnerabilityUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40359 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40361 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40362 Microsoft Excel Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40365 Microsoft SharePoint Server Remote Code Execution VulnerabilityInsufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40367 Microsoft Word Remote Code Execution VulnerabilityUntrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40370 SQL Server Remote Code Execution VulnerabilityExternal control of file name or path in SQL Server allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40369 Windows Kernel Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40382 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege VulnerabilityInteger underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityImproper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40401 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40402 Windows Hyper-V Elevation of Privilege VulnerabilityUse after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40403 Windows Graphics Component Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40413 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityUse after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityInsufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImproper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege VulnerabilityImproper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41097 Secure Boot Security Feature Bypass VulnerabilityReliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege VulnerabilityImproper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityIncorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41613 Visual Studio Code Elevation of Privilege VulnerabilitySession fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42823 Azure Logic Apps Elevation of Privilege VulnerabilityImproper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege VulnerabilityUntrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42832 Microsoft Office Spoofing VulnerabilityImproper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExecution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache CorruptionThis vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The m…MSRC.MICROSOFT.COM
12 MayCVE-2026-42893 Microsoft Outlook for iOS Tampering VulnerabilityImproper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
12 May KEVMicrosoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)16 Critical 102 Important 0 Moderate 0 Low Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024. Microsoft patched 118 CVEs in its May 2026 Patch Tuesday release, with …TENABLE.COM
12 MayNew Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code ExecutionExim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver …THEHACKERNEWS.COM
12 May KEVMicrosoft May 2026 Patch Tuesday: Many fixes, but no zero-daysMicrosoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than others. Patches to…HELPNETSECURITY.COM
⚠️ VULNERABILITY DISCLOSURE 43[−]
12 MayGoogle Warns Hackers Are Using AI to Build Working Zero-Day ExploitsArtificial intelligence has officially transitioned from an experimental hacking novelty into an industrial-scale weapon for cybercriminals. Google Threat Intelligence Group (GTIG) adversaries are now actively using generative AI models to discover vulnerabilities and engineer fu…GBHACKERS.COM
12 MayHEIDI: Free IDE security plugin for open-source vulnerability checksOpen-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a free plugin for Visual St…HELPNETSECURITY.COM
12 MayMagecart Hackers Exploit Google Tag Manager to Inject Credit Card SkimmersMagecart-style attackers are once again abusing trusted web services, this time weaponizing Google Tag Manager (GTM) to inject credit card skimmers into ecommerce websites stealthily. Because GTM is widely used and loaded from the trusted domain googletagmanager.com, malicious sc…GBHACKERS.COM
12 MayOpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch ValidationOpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak c…THEHACKERNEWS.COM
12 MayOpenAI Daybreak Automates Vulnerability Detection and PatchingThe relentless race against zero-day exploits and sophisticated cyberattacks requires a revolutionary approach to software security. Defenders are constantly overwhelmed by massive backlogs of alerts and the sheer volume of code requiring manual review. Enter OpenAI Daybreak, a f…GBHACKERS.COM
12 MayClaude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive DataA critical vulnerability dubbed “ClaudeBleed” has compromised Anthropic’s trusted AI assistant, potentially turning it into a backdoor. This severe design flaw in the Claude Chrome extension allows malicious add-ons to hijack the AI secretly. Even extensions wit…GBHACKERS.COM
12 MayOpenAI’s Daybreak uses Codex Security to identify risky attack pathsOpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prio…HELPNETSECURITY.COM
12 MayCISOs step into the AI spotlightServing in the military requires a precise, tactical mindset, and that’s exactly what Barry Hensley espoused during his 24 years in the US Army , where he rose to the rank of colonel. The military “is where you earn your stripes, showing your soldiers your willingness to jump int…CSOONLINE.COM
12 MayWhy Basic Security Practices Still Work - Rob Allen - ASW #382If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn't have a good strategy in the first place. Rob Allen shares how the mentality of "assume breach" doesn't have to be a defeatist attitude and can inste…YOUTUBE.COM
12 MayDeveloper workstations are the new beachheadI spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware oper…CSOONLINE.COM
12 MayWannaCry, the ransomware attack that changed the history of cybersecurityWannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant e…SECURITYAFFAIRS.COM
12 MaySix new dnsmasq vulnerabilities open the door to DNS cache poisoning, local rootRecent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among t…HELPNETSECURITY.COM
12 MayŠkoda confirms unauthorized access to its online shopCar manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed th…HELPNETSECURITY.COM
12 MayOpen WebUI File Upload Vulnerability Enables 1-Click RCE AttackA critical, unpatched vulnerability is actively threatening Open WebUI users, turning a simple profile picture upload into a gateway for complete system compromise. Security researchers have publicly disclosed a severe stored Cross-Site Scripting (XSS) flaw that enables 1-click R…GBHACKERS.COM
12 MayFake Claude Code takes the IElevator to your browser secretsDevelopers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is d…CSOONLINE.COM
12 MayGo fuzzing was missing half the toolkit. We forked the toolchain to fix it.Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, and C++ ecosystems offer with LibAFL and AFL++. Path constraints are hard to solve. Structured inputs usually need handmade parsing. It doesn’t even detect several common bug …TRAILOFBITS.COM
12 MayAttackers Combine ClickFix With PySoxy Proxying to Maintain PersistenceExploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchersINFOSECURITY-MAGAZINE.COM
12 MayCitrix moves secure access to a flexible, credit-based consumption modelCitrix has introduced Citrix Platform Flex, a secure access platform that combines software, management, and infrastructure to deliver managed desktops, enterprise browsing, and zero-trust access in a single offering. Built around workforce personas, Platform Flex replaces one-si…HELPNETSECURITY.COM
12 MayTop 10 Deep & Dark Web ForumsTop 10 Deep Web and Dark Web Forums in 2026 The top Deep Web and Dark Web Forums actively monitored in 2026 are XSS, Exploit.in, BHF, Dread, DarkForums, Altenen, CryptBB, Cracked, and DamageLib, based on how frequently they surface in threat intelligence investigations, court rec…SOCRADAR.IO
12 MayZoom Rooms and Workplace Flaws Expose Users to Elevated Access AttacksA newly disclosed batch of vulnerabilities in Zoom’s software suite could give attackers the leverage they need to hijack systems. Zoom has released critical security updates to patch three distinct flaws affecting its Windows and iOS applications. The most dangerous of the…GBHACKERS.COM
12 MayThreat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing SitesThreat actors are rapidly adopting generative AI platforms to scale phishing operations, and Vercel has emerged as a powerful enabler in this shift. Vercel is a cloud-based platform designed to help developers build and deploy modern web applications quickly. Its GenAI-powered to…GBHACKERS.COM
12 MaySAP Releases Patch for Critical SQL Injection Flaw in S/4HANAA severe vulnerability has struck the heart of enterprise resource planning systems this month, threatening organizations worldwide with potential data breaches. On May 12, 2026, the software giant released its monthly security patch update to address 15 newly discovered security…GBHACKERS.COM
12 MayOpenAI introduces Daybreak cyber platform, takes on Anthropic MythosOpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise securit…CSOONLINE.COM
12 MayGoogle Says Hackers Used AI to Build Zero-Day ExploitGoogle says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. The post Google Says Hackers Used AI to Build Zero-Day Exploit appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayExaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happenThe round valued the three-year-old startup at $725 million.TECHCRUNCH.COM
12 MayThe world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curlAnthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in cod…SECURITYAFFAIRS.COM
12 MayMullvad shares workaround for Android 16 VPN leak that remains unfixedMullvad has warned that a recently disclosed Android 16 flaw can allow malicious applications to bypass VPN protections and leak a device’s real IP address, even when Android’s strictest VPN lockdown settings are enabled. The VPN provider says the issue impacts all VPN applicatio…CYBERINSIDER.COM
12 MayExaforce raises $125 million to respond to AI-powered attacksExaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help Exaforce scale its AI-…HELPNETSECURITY.COM
12 MayAmazon Quick authorization bypass let users reach blocked AI chat agentsEnterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those restrictions were enforced only in th…HELPNETSECURITY.COM
12 MayGoogle launches new Android security feature to help uncover spyware attacksIntrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices.TECHCRUNCH.COM
12 MayMistral AI SDK, TanStack Router hit in npm software supply chain attackThe TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a …CSOONLINE.COM
12 MayCritical Patches Issued for Microsoft Products, May 12, 2026Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. …CISECURITY.ORG
12 MayMultiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated…CISECURITY.ORG
12 MayMultiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe After Effects is a digital effects, motion graphics, and compositing application. Adobe Commerce is a composable ecommerce solution that lets …CISECURITY.ORG
12 MayStop Chasing Individual CVEsMozilla shifted away from patching individual Firefox sandbox escape and JavaScript prototype vulnerabilities. Instead, they implemented an architectural change by freezing JavaScript prototypes. This move reduced entire classes of exploit paths rather than addressing each vulner…YOUTUBE.COM
12 May KEVWindows 11 security update fixes critical Bing and Azure flawsMicrosoft has released the May 2026 Patch Tuesday updates for Windows 11, fixing 97 security vulnerabilities across the Windows ecosystem. This month’s updates include fixes spanning Windows components, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, .NET, and …CYBERINSIDER.COM
12 MayMultiple Vulnerabilities in Fortinet Products Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution. * FortiAuthenticator is a centralized identity and access management (IAM) solution that secures network access by managing user identities, Multi-F…CISECURITY.ORG
12 MayHackers accessed BWH Hotels reservation system for monthsBWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident expos…SECURITYAFFAIRS.COM
12 MayAWS Security Agent full repository code scanning feature now available in previewToday, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent…AWS.AMAZON.COM
12 May‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attackThe campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself. The post ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack appeare…CYBERSCOOP.COM
12 MayIt's Patch Tuesday for Microsoft and Not a Zero-Day In SightIt's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.DARKREADING.COM
12 MayAI-Written Exploits Are HereA reported AI-assisted exploit may be a preview of where cybercrime is heading next. In this clip, the hosts discuss claims that attackers used an LLM to help generate a Python exploit targeting a vulnerability tied to two-factor authentication in an open-source administration to…YOUTUBE.COM
12 MaySN 1078: DigiCert does it right - Hugging Face Under FireDigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures ex…TWIT.TV
📋 SECURITY BULLETINS 5[−]
12 MayMicrosoft May 2026 Patch Tuesday, (Tue, May 12th)Today&#;x26;#;39;s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. ISC.SANS.EDU
12 MayiOS 26.5 Updates RCS Messaging, Apple Maps, and iPhone WallpapersApple’s iOS 26.5 update adds encrypted RCS, new wallpapers, Maps suggestions, and security updates for older devices. The post iOS 26.5 Updates RCS Messaging, Apple Maps, and iPhone Wallpapers appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayPatch Tuesday, May 2026 EditionArtificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used s…KREBSONSECURITY.COM
12 MayMicrosoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilitiesMicrosoft has released its monthly security update for May 2026, which includes 112 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”.TALOSINTELLIGENCE.COM
12 MayMicrosoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated criticalThe high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code. The post Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated …CYBERSCOOP.COM
📢 SECURITY ADVISORIES 2[−]
12 MayNavigating Human and Agentic Risks for Financial Institutions in the APJ RegionIntroduction The Asia-Pacific and Japan (APJ) region, with its dynamic economic growth and technological advancements, presents unique challenges and opportunities in the realm of human risk management and agentic risk management, particularly within the financial services sector…KNOWBE4.COM
12 MayMajor world economies spell out key elements of AI ‘ingredients list’Experts on the topic say the G7 guidance is good, but could still use some improvements. The post Major world economies spell out key elements of AI ‘ingredients list’ appeared first on CyberScoop .CYBERSCOOP.COM
🔥 INCIDENT REPORTING 23[−]
12 MayCheckmarx Jenkins AST Plugin Compromised in KICS Supply Chain AttackSupply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenkins Marketplace as part of the ongoing KICS/Trivy-linked compromise. The rogue release is identified as version 2026.5.09 a…GBHACKERS.COM
12 May84 npm Packages Linked to TanStack Hit by Supply-Chain BreachA massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by injecting a sophisticated credential-stealing tool designed to target continuous integration environments such as GitHub Actions. Pack…GBHACKERS.COM
12 MayInstructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas LeakAmerican educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In…THEHACKERNEWS.COM
12 MayState of ransomware in 2026Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.SECURELIST.COM
12 MayMicrosoft Warns: MistralAI PyPI Package Compromised with MalwareMistral’s official Python client on PyPI has been pulled into the ongoing wave of AI supply‑chain attacks, with Microsoft warning that version 2.4.6 of the mistralai package was backdoored to silently deploy a credential‑stealing payload on Linux systems. The logic is designed to…GBHACKERS.COM
12 MayStolen Canvas data was “returned” after hacker agreement, Instructure saysInstructure says the stolen Canvas data impacting millions of students and staff was “returned.” That’s not how breaches work.MALWAREBYTES.COM
12 MaySouth Staffordshire Water Fined £1m After Data BreachThe ICO has fined South Staffordshire Water nearly £1m for a series of data protection failingsINFOSECURITY-MAGAZINE.COM
12 MayCushman & Wakefield - 310,431 breached accountsIn May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group . Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email…HAVEIBEENPWNED.COM
12 MayState-sponsored actors, better known as the friends you don’t wantResponding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider.TALOSINTELLIGENCE.COM
12 MayNew ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packagesA rapidly expanding supply-chain attack tied to the “Mini Shai-Hulud” malware campaign has compromised more than 400 package artifacts across npm, PyPI, and Composer repositories. The breached projects include widely used libraries from TanStack, Mistral AI, UiPath, OpenSearch, a…CYBERINSIDER.COM
12 MayHackers Hijack Microsoft Teams Accounts to Spread ModeloRAT MalwareHackers are now abusing hijacked Microsoft Teams accounts and fake IT helpdesk chats to push a new, undocumented version of the Python‑based ModeloRAT into corporate environments. Instead, they use compromised or newly created Microsoft Teams accounts that impersonate internal IT…GBHACKERS.COM
12 MayANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation WorkflowsSecurity teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a mis…ANY.RUN
12 MayCushman and Wakefield Confirms Data Breach Impacting Over 310,000 AccountsGlobal real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense “pay or leak” standoff, the notorious ShinyHunters threat syndicate has carried out its threat, dumping hundreds of thousands of…GBHACKERS.COM
12 MayInstructure strikes deal with hackers who breached it twiceThe maker of the Canvas school software said it "reached an agreement" with the hackers, but provided no guarantees that the hackers would not release the data or keep their word.TECHCRUNCH.COM
12 MayInstructure pays ransom after Canvas incident as Congress announces investigationThe company said its agreement with the hackers involved their data being “returned” to them and digital confirmation of data destruction.THERECORD.MEDIA
12 MayCanvas owner reaches agreement with ShinyHunters, says user data was deletedInstructure says it reached an agreement with the threat actors behind the recent cyberattack targeting its Canvas learning platform. The company stated that stolen data was returned and that the attackers provided “digital confirmation of data destruction.” The attack was previo…CYBERINSIDER.COM
12 MayInstructure took a risky approach to recover stolen Canvas dataInstructure, the company behind the online learning platform Canvas, said it reached an agreement with the extortion group ShinyHunters to prevent data stolen in a recent breach from being leaked online. According to the company’s website, Canvas has more than 30 million active u…HELPNETSECURITY.COM
12 MayIdentity takes center stage as a leading factor in enterprise cyberattacksA new report shows two-thirds of ransomware attacks began with an identity-related breach.CYBERSECURITYDIVE.COM
12 MayHugging Face Packages Weaponized With a Single File TweakA tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.DARKREADING.COM
12 MayReport: Most Phishing Attacks Abuse Trusted ServicesPhishing attacks are increasingly abusing trusted services to evade security filters, according to VIPRE’s Email Threat Trends Report for Q1 2026. The two primary methods of delivery were compromised accounts at 33% and free email services 32%. Additionally, just under 90% of att…KNOWBE4.COM
12 MayWest Pharmaceutical warns of ransomware attack impacting business operationsWest Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems.THERECORD.MEDIA
12 MayFoxconn confirms cyberattack impacting North American factoriesA spokesperson for the company confirmed the incident but declined to provide specifics on how many factories in North America were impacted. Foxconn has factories in Wisconsin, Ohio, Texas, Virginia, Indiana and several across Mexico.THERECORD.MEDIA
12 MayFoxconn Ransomware Attack Shows Nothing Is Safe ForeverFamous for helping build Apple's iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world's most valuable data.WIRED.COM
🕵️ THREAT INTELLIGENCE 27[−]
12 MayISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 MayThe hidden smart fridge risks that emerge years after purchaseHousehold refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide, and the findings reach further than t…HELPNETSECURITY.COM
12 MayCybersecurity jobs available right now: May 12, 2026Application Security Engineer Total Quality Logistics | USA | On-site – View job details As an Application Security Engineer, you will design, implement, and maintain security controls across the software development lifecycle. You will work closely with engineeri…HELPNETSECURITY.COM
12 MayTrickMo Android Malware Targets Banking, Wallet, and Authenticator AppsTrickMo, the Android banking malware, has resurfaced with a significantly redesigned architecture, targeting banking, fintech, wallet, and authenticator applications while introducing advanced stealth and network capabilities. Rather than introducing entirely new user-facing func…GBHACKERS.COM
12 MayMini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More PackagesTeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have …THEHACKERNEWS.COM
12 MayFake TronLink Chrome Extension Steals Crypto Wallet CredentialsA newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign highlights how modern browser extension abuse is evolving beyond static code inspection, making detection significantly ha…GBHACKERS.COM
12 MayNorth Korea Hackers Abuse Git Hooks to Deploy Cross-Platform MalwareNorth Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git hooks for malware execution. The attack begins with a familiar social engineering lure. Victims, often developers targeted …GBHACKERS.COM
12 MayAI is separating the companies built to scale from the ones built to sellStartups are scaling faster, attackers are getting smarter, and investors are getting more selective. The cybersecurity industry is in the middle of a reset. The post AI is separating the companies built to scale from the ones built to sell appeared first on CyberScoop .CYBERSCOOP.COM
12 MayThe Civil War Spies and Saboteurs Across the Canadian BorderIt’s 1864, and against the backdrop of the US Civil War- a war the Confederacy is losing- a group of spies and saboteurs have set up a base in Montreal, Canada. Today we would call this a sanctuary or a safe haven. Canada would become home to several infamous Confederate missions…THECYBERWIRE.COM
12 MaySignal rolls out new protections against impersonation attacksSignal has announced a new set of in-app protections designed to help users identify phishing attempts and social engineering scams on the encrypted messaging platform. The changes introduce additional warning prompts, profile verification notices, and expanded safety guidance to…CYBERINSIDER.COM
12 MayVidar Stealer Campaign Evades EDR to Steal CredentialsA new Vidar Stealer campaign is abusing trusted tools, multi‑stage loaders, and heavy obfuscation to bypass EDR visibility and steal credentials from infected systems silently. This operation shows a clear shift toward “living‑off‑the‑land” techniques and stealthy backdoor archit…GBHACKERS.COM
12 MayAI and an absent government: Takeaways from RSAC 2026Cybersecurity professionals spent the recent conference discussing the balance between autonomy and oversight.CYBERSECURITYDIVE.COM
12 MayGeneral Motors to pay $12.75 million over driver data salesGeneral Motors has agreed to a $12.75 million settlement with California over allegations that it unlawfully sold drivers’ location and behavioral data to brokers, marking the largest penalty in the history of the state’s Consumer Privacy Act. Prosecutors say GM made …HELPNETSECURITY.COM
12 MayDownload: The IT and security field guide to AI adoptionSecurity and IT teams are under pressure to adopt AI, but many are seeing the opposite of what was promised. Tools that demo well don’t hold up in real workflows. Complexity increases. Trust breaks down. And instead of reducing workload, AI can introduce new risks and oversight b…HELPNETSECURITY.COM
12 MayAI Can’t Detect Malicious IntentRob Allen describes a limitation in AI systems: they do not reliably understand user intent. A request may be rejected when framed explicitly as malicious, but accepted when reframed in a neutral or technical way that produces a similar outcome. This creates inconsistent behavior…YOUTUBE.COM
12 MayThis Samsung 4TB Portable SSD Moves Files at 2,000 MB/s For $1KThe Samsung T9 delivers read and write speeds of up to 2,000 MB/s, making large file transfers feel instant. The post This Samsung 4TB Portable SSD Moves Files at 2,000 MB/s For $1K appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayVeeam Intelligent ResOps unifies data context and recoveryVeeam Software announced Veeam Intelligent ResOps, a new solution that unifies data context and recovery operations. As agentic AI accelerates change at machine speed, Intelligent ResOps gives teams the insight they need into their data to quickly understand impact and recover pr…HELPNETSECURITY.COM
12 MayFIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spreadThe cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlier this year suggests it … (more…) …LASTWATCHDOG.COM
12 MayThreatDown ITDR prevents credential-based attacksThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting use…HELPNETSECURITY.COM
12 MaySAP unveils Autonomous Enterprise for AI-driven business operationsSAP introduced the Autonomous Enterprise to help enhance the world’s most critical business workflows, so that humans and AI work together to meet the accelerating demands of global business profitably, strategically and safely. “For the mission-critical processes of our customer…HELPNETSECURITY.COM
12 MayGoogle and Amnesty International teamed up to make it harder for spyware vendors to hideIntrusion Logging marks the first feature from a major device vendor to aid with forensic detection of sophisticated threats, Amnesty International said. The post Google and Amnesty International teamed up to make it harder for spyware vendors to hide appeared first on CyberScoop…CYBERSCOOP.COM
12 MayOver 1 Million Baby Monitors, Security Cameras Exposed Through Meari FlawsMeari IoT flaws reportedly exposed baby monitor images, camera activity, and device data across more than 1 million connected devices. The post Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws appeared first on TechRepublic .TECHREPUBLIC.COM
12 MaySamsung Galaxy Watch Glucose Tracking: What Works Now and What Doesn’tSamsung Galaxy Watch can show compatible CGM glucose data today while Samsung works on future non-invasive blood sugar tracking features. The post Samsung Galaxy Watch Glucose Tracking: What Works Now and What Doesn’t appeared first on TechRepublic .TECHREPUBLIC.COM
12 May6 Best ChatGPT Photo Editing Trends in 2026 (With Prompts to Try)Explore the biggest ChatGPT photo editing trends of 2026, from caricatures and toy-style portraits to nostalgic film edits and AI collages. The post 6 Best ChatGPT Photo Editing Trends in 2026 (With Prompts to Try) appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayTomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland - SWN #580Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Marketing, Shai Haluds, Giedi Prime, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-580YOUTUBE.COM
12 MayFedora Hummingbird brings the container security model to a Linux host OSContainer image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat Summit 2026, Fedora announced Fe…HELPNETSECURITY.COM
🌐 CYBER THREAT LANDSCAPE 8[−]
12 MayTeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain AttackCheckmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 …THEHACKERNEWS.COM
12 MayAndroid banking Trojan TrickMo evolves using TON network for C2ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how…SECURITYAFFAIRS.COM
12 MayMalicious Hugging Face Repository Typosquats OpenAIHiddenLayer reveals infostealer malware in a Hugging Face repositoryINFOSECURITY-MAGAZINE.COM
12 MayWebinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can HelpWhy do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why …THEHACKERNEWS.COM
12 MayNew TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network PivotsCybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and …THEHACKERNEWS.COM
12 MayRubyGems Suspends New Signups After Hundreds of Malicious Packages Are UploadedRubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mensfeld, senior product…THEHACKERNEWS.COM
12 MayInstructure strikes a deal with ShinyHunters.Texas sues Netflix over alleged data sharing. Humanitarian-themed phishing lures deliver stealthy Python malware.THECYBERWIRE.COM
12 MayChina’s hackers aren’t invincible.Former NSA chief says the U.S. can beat China in cyberspace. Canvas cuts a deal with hackers. The FCC proposes KYC rules for phone users. SAP patches critical flaws. A poisoned TanStack npm supply chain attack spreads malware. Humanitarian aid lures deliver spyware. Japan launche…THECYBERWIRE.COM
🎙️ PODCASTS 1[−]
12 MayInside the Media Mind of Shaun Waterman: FreelancerIn this latest episode of #IMM, Christine and Madison welcome Shaun Waterman, freelance journalist specializing in cybersecurity, space and federal contracting.THECYBERWIRE.COM
📡 INFOSEC NEWS 18[−]
12 MayElastic Security MCP App: Interactive security operations inside your AI ToolsElastic Security is the first security vendor to ship an interactive UI in AI tools. Triage alerts, hunt threats, correlate attack chains, and open cases, all from inside your AI conversation.ELASTIC.CO
12 MayiOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and AndroidApple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out t…THEHACKERNEWS.COM
12 May1 in 8 employees have sold company logins or know someone who hasCifas just published research that should bother anyone who runs a business, or buys from one.MALWAREBYTES.COM
12 MayWhy Agentic AI Is Security's Next Blind SpotAgentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question…THEHACKERNEWS.COM
12 May10 Best Dark / Deep Web Browsers for Anonymity10 Best Dark / Deep Web Browsers for AnonymitySOCRADAR.IO
12 MayEnd‑to‑End Encrypted RCS Messaging Arrives Across iPhone and AndroidApple begins rolling out end-to-end encrypted RCS messaging between iPhone and Android in iOS 26.5INFOSECURITY-MAGAZINE.COM
12 May20 Leaders Who Built the CISO Era: 2 Decades of ChangeAs part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.DARKREADING.COM
12 MayMini Shai-Hulud Hits TanStack npm PackagesMini Shai-Hulud compromises TanStack npm packages and spreads across PyPIINFOSECURITY-MAGAZINE.COM
12 MayEnabling AI sovereignty on AWSCloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to reach…AWS.AMAZON.COM
12 MayOpenAI Launches 'Daybreak' to Help Build Secure By Design SoftwareWith Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground upINFOSECURITY-MAGAZINE.COM
12 MayU.S. bank disclose security lapse after sharing customer data with AI appThe bank said the security lapse was due to the use of an “unauthorized” AI software app.TECHCRUNCH.COM
12 MayFake Claude search results lure Mac users into ClickFix attackResearchers found a ClickFix campaign that uses fake Claude setup guides to trick Mac users into infecting themselves.MALWAREBYTES.COM
12 MayEuropean countries are exporting surveillance tech to countries with poor human rights records, report saysThe report, released by the advocacy group Human Rights Watch on Tuesday, alleges that the European Commission has failed to effectively police member states' surveillance tech sales despite the 2021 implementation of updated bloc-wide export rules designed to rein in the practic…THERECORD.MEDIA
12 MayGuardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating itPARK CITY, Utah (May 5, 2026) — Guardrail Technologies, the leading provider of AI security and governance software for enterprises building with AI, today announced the launch of Traffic Light for Code & AI™, which verifies both the code AI generat…CYBERSECURITYDIVE.COM
12 MayTwin brothers wipe 96 gov't databases minutes after being firedA case study in why credentials are revoked before firings.ARSTECHNICA.COM
12 MayCongressman launches inquiry into how food retailers use surveillance pricingThe letter noted that many Americans are unaware that their data is being used to set variable prices, a trend that is particularly pervasive for online shoppers.THERECORD.MEDIA
12 MayIran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of HormuzIran’s traditional naval fleet has been almost completely destroyed by US-Israeli raids. But Iran’s military has put a fleet of small vessels on the water that is crippling every passageway.WIRED.COM
12 MayLLMjacking: what these attacks are, and how to protect AI serversAn analysis of attacks on Ollama, LM Studio, AutoGPT, and LangServe servers, and recommendations on protecting your organization from the LLMjacking threat.KASPERSKY.COM