matlock.ca // THREAT INTELLIGENCE

124Articles

9Categories

2026-05-14Date

🚨

Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationA new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. Key Takeaways CVE-2026-46300 (Fragnesia) is the latest high severity local privilege escalation vulnerability in the Linux …

KEVTENABLE.COM — 14 May 2026

🚨

U.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 …

KEVSECURITYAFFAIRS.COM — 14 May 2026

🚨

Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor. Key Takeaways CVE-2…

KEVTENABLE.COM — 14 May 2026

🐛

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

THEHACKERNEWS.COM — 14 May 2026

🐛

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

THEHACKERNEWS.COM — 14 May 2026

🐛

Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker

KEVGBHACKERS.COM — 14 May 2026

🐛

MongoDB Security Flaw Enables Arbitrary Code Execution on Vulnerable Systems

GBHACKERS.COM — 14 May 2026

🐛

Critical Exim Mailer Flaw Enables Remote Code Execution Attacks

GBHACKERS.COM — 14 May 2026

🐛

PraisonAI vulnerability gets scanned within 4 hours of disclosure

CSOONLINE.COM — 14 May 2026

🐛

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

THEHACKERNEWS.COM — 14 May 2026

🐛

Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution

GBHACKERS.COM — 14 May 2026

🐛

CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE

SOCRADAR.IO — 14 May 2026

🐛

Critical WordPress Plugin Flaw Allows Unauthorized Access to Websites

GBHACKERS.COM — 14 May 2026

🐛

NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light

SECURITYAFFAIRS.COM — 14 May 2026

🐛

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

HELPNETSECURITY.COM — 14 May 2026

🐛

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

MSRC.MICROSOFT.COM — 14 May 2026

🐛

CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability

MSRC.MICROSOFT.COM — 14 May 2026

🐛

Broadcom releases VMware Fusion security update for root access bug

SECURITYAFFAIRS.COM — 14 May 2026

🐛

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

RAPID7.COM — 14 May 2026

🐛

The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers

KEVRAPID7.COM — 14 May 2026

🐛

Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

TALOSINTELLIGENCE.COM — 14 May 2026

🐛

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

KEVTHEHACKERNEWS.COM — 14 May 2026

🐛

Linux Kernel bug Fragnesia allows local root access attacks

SECURITYAFFAIRS.COM — 14 May 2026

🐛

CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS

KEVRAPID7.COM — 14 May 2026

🐛

Meet Fragnesia, the third Linux kernel vulnerability in a month

CSOONLINE.COM — 14 May 2026

🐛

AI agent finds 18-year-old remote code execution flaw in Nginx

CSOONLINE.COM — 14 May 2026

⚠️

Amazon Quick Security Flaw Allowed Restricted Users to Access AI Chat Agents

GBHACKERS.COM — 14 May 2026

⚠️

GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS

GBHACKERS.COM — 14 May 2026

⚠️

Hackers Hijack HWMonitor to Sideload Malicious DLL

GBHACKERS.COM — 14 May 2026

⚠️

PoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code Execution

GBHACKERS.COM — 14 May 2026

⚠️

Packagist Warns: Update Composer Now After GitHub Actions Token Leak

GBHACKERS.COM — 14 May 2026

⚠️

New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks

GBHACKERS.COM — 14 May 2026

⚠️

Gentlemen RaaS Exploits Fortinet and Cisco Edge Devices for Initial Access

GBHACKERS.COM — 14 May 2026

⚠️

Abrigo - 711,099 breached accounts

HAVEIBEENPWNED.COM — 14 May 2026

⚠️

What CISOs need to land a board role

CSOONLINE.COM — 14 May 2026

⚠️

Deepfake sextortion forces schools to remove student photos from websites

MALWAREBYTES.COM — 14 May 2026

⚠️

My relationship status is “compromised.”

THECYBERWIRE.COM — 14 May 2026

⚠️

CERN’s open source KiCad library gives the world 17,000 circuit board components

HELPNETSECURITY.COM — 14 May 2026

⚠️

Over 70% of organizations hit by identity breaches

HELPNETSECURITY.COM — 14 May 2026

⚠️

Machine identities outnumber humans 109 to 1

HELPNETSECURITY.COM — 14 May 2026

⚠️

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

THEHACKERNEWS.COM — 14 May 2026

⚠️

Microsoft turns Copilot Studio into an AI agent control center

HELPNETSECURITY.COM — 14 May 2026

⚠️

New Malware Framework Enables Screen Control and UAC Bypass

GBHACKERS.COM — 14 May 2026

⚠️

Canon MailSuite Security Flaw Allows Attackers to Execute Code Remotely

GBHACKERS.COM — 14 May 2026

⚠️

How AI Hallucinations Are Creating Real Security Risks

THEHACKERNEWS.COM — 14 May 2026

⚠️

Chinese APT Exploits Microsoft Exchange to Breach Energy Sector Network

GBHACKERS.COM — 14 May 2026

⚠️

TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest

GBHACKERS.COM — 14 May 2026

⚠️

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

CSOONLINE.COM — 14 May 2026

⚠️

Frontier AI models reap rapid discovery of security vulnerabilities

CYBERSECURITYDIVE.COM — 14 May 2026

⚠️

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

THEHACKERNEWS.COM — 14 May 2026

⚠️

The time of much patching is coming

TALOSINTELLIGENCE.COM — 14 May 2026

⚠️

ODNI taps officials to coordinate response to foreign election threats

THERECORD.MEDIA — 14 May 2026

⚠️

Regional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center

AWS.AMAZON.COM — 14 May 2026

⚠️

The era of AI-powered attacks is here.

THECYBERWIRE.COM — 14 May 2026

⚠️

Google announces hackers are using AI to create zero days.

THECYBERWIRE.COM — 14 May 2026

⚠️

OpenAI asks macOS users to update after TanStack npm supply chain attack

THERECORD.MEDIA — 14 May 2026

⚠️

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

KEVDARKREADING.COM — 14 May 2026

⚠️

You're not going to patch your way out of this - PSW #926

YOUTUBE.COM — 2026-05-14

⚠️

Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets

TENABLE.COM — 14 May 2026

⚠️

AI Just Hacked Hardware

YOUTUBE.COM — 2026-05-14

📢

The Human Side of Threat Intelligence

THECYBERWIRE.COM — 14 May 2026

📢

Sony's failed attempt to stop piracy.

THECYBERWIRE.COM — 14 May 2026

📢

HYCU aiR detects insider risk and AI activity from backups

HELPNETSECURITY.COM — 14 May 2026

📢

Pentagon cyber official calls advanced AI ‘revolutionary warfare’

CYBERSCOOP.COM — 14 May 2026

🔥

Welcoming the Bahamian Government to Have I Been Pwned

TROYHUNT.COM — 14 May 2026

🔥

When ransomware gets physical: cybercriminals turn to threats of violence

BITDEFENDER.COM — 14 May 2026

🔥

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

SECURITYAFFAIRS.COM — 14 May 2026

🔥

Nitrogen Ransomware claims massive data theft from Foxconn

SECURITYAFFAIRS.COM — 14 May 2026

🔥

BreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified

SOCRADAR.IO — 14 May 2026

🔥

Microsoft Research: AI Can Generate Realistic Command-Line and Process Telemetry

GBHACKERS.COM — 14 May 2026

🔥

LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises

ANY.RUN — 14 May 2026

🔥

Foxconn Attack Highlights Manufacturing's Cyber Crisis

DARKREADING.COM — 14 May 2026

🔥

Top 5 Surface Web Hacker Forums in 2026

SOCRADAR.IO — 14 May 2026

🔥

Sandworm Hackers Shift From IT Breaches to Critical OT Targets

GBHACKERS.COM — 14 May 2026

🔥

LABScon25 Replay | Breach Alpha: Trading on Cyber Fallout

SENTINELONE.COM — 14 May 2026

🔥

When Nobody Reports the Threat

YOUTUBE.COM — 2026-05-14

🔥

Major tech manufacturer Foxconn confirms cyberattack hit North American factories

CYBERSCOOP.COM — 14 May 2026

🔥

West Pharmaceutical starts restoring operations after ransomware attack

CYBERSECURITYDIVE.COM — 14 May 2026

🔥

Fighting AI-Assisted Ransomware Threats

KNOWBE4.COM — 14 May 2026

🕵️

ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)

ISC.SANS.EDU — 14 May 2026

🕵️

Lyrie.ai Unveils Open Standard for Agent Security and Joins Anthropic’s Cyber Verification Program

GBHACKERS.COM — 14 May 2026

🕵️

Russian official admits VPNs cannot be fully blocked without breaking the internet

CYBERINSIDER.COM — 14 May 2026

🕵️

Texas sues Netflix for profiling children and selling data to advertisers

CYBERINSIDER.COM — 14 May 2026

🕵️

AI cyber capability is speeding past earlier projections

HELPNETSECURITY.COM — 14 May 2026

🕵️

Vector embedding security gap exposes enterprise AI pipelines

HELPNETSECURITY.COM — 14 May 2026

🕵️

Closing the AI governance gap in your enterprise

HELPNETSECURITY.COM — 14 May 2026

🕵️

170 npm Packages Hijacked to Steal GitHub, AWS & Kubernetes Secrets

GBHACKERS.COM — 14 May 2026

🕵️

Microsoft’s WinUI agent plugin trims token use by over 70% during development

HELPNETSECURITY.COM — 14 May 2026

🕵️

How Dangerous Is Anthropic’s Mythos AI?

SCHNEIER.COM — 2026-05-14

🕵️

Kimsuky targets organizations with PebbleDash-based tools

SECURELIST.COM — 14 May 2026

🕵️

Cofense adds AI-powered campaign detection to stop phishing attacks

HELPNETSECURITY.COM — 14 May 2026

🕵️

Warning: Netflix Phishing Scams Can Lead to Serious Consequences

KNOWBE4.COM — 14 May 2026

🕵️

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

THEHACKERNEWS.COM — 14 May 2026

🕵️

A spyware investigator exposed Russian government hackers trying to hijack Signal accounts

TECHCRUNCH.COM — 14 May 2026

🕵️

Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign

INFOSECURITY-MAGAZINE.COM — 14 May 2026

🕵️

Apple’s iPhone Privacy Feature Expands to More Users Worldwide

TECHREPUBLIC.COM — 14 May 2026

🕵️

Jeff Bezos’ Blue Origin May Need Outside Cash to Catch SpaceX

TECHREPUBLIC.COM — 14 May 2026

🕵️

LinkedIn Cuts Jobs Despite Revenue Growth as Tech Layoffs Keep Spreading

TECHREPUBLIC.COM — 14 May 2026

🕵️

Upcoming Speaking Engagements

SCHNEIER.COM — 2026-05-14

🕵️

Phishing Attacks Begin Targeting the 2026 FIFA World Cup

KNOWBE4.COM — 14 May 2026

🕵️

More money is going to physical security, but it’s often CISOs that oversee it: EY

CYBERSECURITYDIVE.COM — 14 May 2026

🕵️

Microsoft: Russian hackers evolved Kazuar malware into stealthy P2P botnet

CYBERINSIDER.COM — 14 May 2026

🕵️

'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

DARKREADING.COM — 14 May 2026

🕵️

Trump’s China Summit Turns Into a Big Tech Power Play

TECHREPUBLIC.COM — 14 May 2026

🕵️

Top New Features in Android 17 You’ll Notice This Year

TECHREPUBLIC.COM — 14 May 2026

🕵️

Microsoft Retires ‘Copilot Mode’ as Edge Gets Built-In AI Tools

TECHREPUBLIC.COM — 14 May 2026

🕵️

Kevin O’Leary’s ‘Wonder Valley’ Data Center Advances as Job Estimates Shift

KEVTECHREPUBLIC.COM — 14 May 2026

🕵️

White House cyber official: identity security matters more than ever in the age of AI

CYBERSCOOP.COM — 14 May 2026

🕵️

SecurityScorecard Snags Driftnet to Level Up Threat Intelligence

DARKREADING.COM — 14 May 2026

🌐

Why Malwarebytes blocks some Yahoo Mail redirects

MALWAREBYTES.COM — 14 May 2026

🌐

Google Launches Android Spyware Forensics Tool for High-Risk Users

INFOSECURITY-MAGAZINE.COM — 14 May 2026

🌐

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

THEHACKERNEWS.COM — 14 May 2026

📰

Daily Briefing for 05.14.26

THECYBERWIRE.COM — 14 May 2026

📡

Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)

ISC.SANS.EDU — 14 May 2026

📡

Most Organizations Now Use AI Agents for Sensitive Security Tasks

INFOSECURITY-MAGAZINE.COM — 14 May 2026

📡

ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks

INFOSECURITY-MAGAZINE.COM — 14 May 2026

📡

Your iPhone Gets Stolen. Then the Hacking Begins

WIRED.COM — 14 May 2026

📡

New Fragnesia Flaw Hands Linux Local Users Root Access

INFOSECURITY-MAGAZINE.COM — 14 May 2026

📡

AI Drives Cybersecurity Investments, Widening 'Valley of Death'

DARKREADING.COM — 14 May 2026

📡

Cisco cuts nearly 4,000 jobs to spend more on AI, reports ‘record quarterly revenue’

TECHCRUNCH.COM — 14 May 2026

📡

OpenAI says hackers stole some data after latest code security issue

TECHCRUNCH.COM — 14 May 2026

📡

Automating post-quantum cryptography readiness using AWS Config

AWS.AMAZON.COM — 14 May 2026

📡

Suspected Dream Market kingpin arrested after gold bars sent to his home address

BITDEFENDER.COM — 14 May 2026

📡

13 Cybersecurity Frameworks for 2026 and How to Choose | Huntress

HUNTRESS.COM — 2026-05-14