MATLOCK.CA
109Articles
9Categories
2026-05-15Date
๐Ÿšจ
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access ExploitsThe U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediโ€ฆ
KEVTHEHACKERNEWS.COM — 15 May 2026
๐Ÿšจ
Cisco warns of an actively exploited SD-WAN flaw with max severityCisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypassโ€ฆ
KEVCSOONLINE.COM — 15 May 2026
๐Ÿšจ
CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw is in the peering aโ€ฆ
KEVSOCRADAR.IO — 15 May 2026
๐Ÿ›
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root
GBHACKERS.COM — 15 May 2026
๐Ÿ›
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
THEHACKERNEWS.COM — 15 May 2026
๐Ÿ›
Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces
GBHACKERS.COM — 15 May 2026
๐Ÿ›
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-4893 CVE-2026-4893
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-2291 CVE-2026-2291
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-5172 CVE-2026-5172
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-4890 CVE-2026-4890
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-8295 Integer overflow in simdjson
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-4891 CVE-2026-4891
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-4892 CVE-2026-4892
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
KEVGBHACKERS.COM — 15 May 2026
๐Ÿ›
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
GBHACKERS.COM — 15 May 2026
๐Ÿ›
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
HELPNETSECURITY.COM — 15 May 2026
๐Ÿ›
PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public
KEVGBHACKERS.COM — 15 May 2026
๐Ÿ›
VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges
GBHACKERS.COM — 15 May 2026
๐Ÿ›
Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)
KEVHELPNETSECURITY.COM — 15 May 2026
๐Ÿ›
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
MSRC.MICROSOFT.COM — 15 May 2026
๐Ÿ›
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
SECURITYAFFAIRS.COM — 15 May 2026
๐Ÿ›
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
KEVCSOONLINE.COM — 15 May 2026
๐Ÿ›
Metasploit Wrap-Up 05/15/2026
RAPID7.COM — 15 May 2026
โš ๏ธ
How a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber Attacks
CYBERSECURITYTODAY.LIBSYN.COM — 15 May 2026
โš ๏ธ
The AI oversight paradox: Is the investment worth the cost of watching it?
HELPNETSECURITY.COM — 15 May 2026
โš ๏ธ
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
GBHACKERS.COM — 15 May 2026
โš ๏ธ
Dell SupportAssist Update Forces Windows Systems Into BSOD Loop
GBHACKERS.COM — 15 May 2026
โš ๏ธ
Soap Box: Where does AI fit into cloud security?
RISKY.BIZ — 15 May 2026
โš ๏ธ
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
GBHACKERS.COM — 15 May 2026
โš ๏ธ
Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall
SECURITYAFFAIRS.COM — 15 May 2026
โš ๏ธ
Multiple cPanel Vulnerabilities Could Lead to Sensitive Resource Exposure
GBHACKERS.COM — 15 May 2026
โš ๏ธ
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
INFOSECURITY-MAGAZINE.COM — 15 May 2026
โš ๏ธ
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days
SECURITYAFFAIRS.COM — 15 May 2026
โš ๏ธ
Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
GBHACKERS.COM — 15 May 2026
โš ๏ธ
EUโ€™s Cyber Resiliency Act will put IT leaders to the test
KEVCSOONLINE.COM — 15 May 2026
โš ๏ธ
The economics of ransomware 3.0
CSOONLINE.COM — 15 May 2026
โš ๏ธ
Rocky Linux launches opt-in security repository for urgent fixes
HELPNETSECURITY.COM — 15 May 2026
โš ๏ธ
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
GBHACKERS.COM — 15 May 2026
โš ๏ธ
Autonomous systems are finally working. Security is next
CSOONLINE.COM — 15 May 2026
โš ๏ธ
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
UNIT42.PALOALTONETWORKS.COM — 15 May 2026
โš ๏ธ
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
THEHACKERNEWS.COM — 15 May 2026
โš ๏ธ
Akamai to acquire LayerX for $205 million
HELPNETSECURITY.COM — 15 May 2026
โš ๏ธ
Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes
GBHACKERS.COM — 15 May 2026
โš ๏ธ
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
GBHACKERS.COM — 15 May 2026
โš ๏ธ
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
GBHACKERS.COM — 15 May 2026
โš ๏ธ
Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
INFOSECURITY-MAGAZINE.COM — 15 May 2026
โš ๏ธ
Redesigning Security Culture for the Agentic Age
KNOWBE4.COM — 15 May 2026
โš ๏ธ
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
THERECORD.MEDIA — 15 May 2026
โš ๏ธ
Researchers claim the first macOS kernel exploit on Apple M5 chips
CYBERINSIDER.COM — 15 May 2026
โš ๏ธ
Hack One, Own Every Mower
YOUTUBE.COM — 2026-05-15
โš ๏ธ
Cisco zero-day under ongoing attack by persistent threat group
CYBERSCOOP.COM — 15 May 2026
โš ๏ธ
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
THEHACKERNEWS.COM — 15 May 2026
โš ๏ธ
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
TECHCRUNCH.COM — 15 May 2026
โš ๏ธ
OpenAI impacted by TanStack supply-chain attack.
THECYBERWIRE.COM — 15 May 2026
โš ๏ธ
Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
CYBERSECURITYDIVE.COM — 15 May 2026
โš ๏ธ
Mullvad VPN exit IP patterns could enable user fingerprinting
CYBERINSIDER.COM — 15 May 2026
โš ๏ธ
Hereโ€™s how the FTC plans to enforce the Take It Down Act
CYBERSCOOP.COM — 15 May 2026
โš ๏ธ
A Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 15 May 2026
โš ๏ธ
One email could be all it takes.
THECYBERWIRE.COM — 15 May 2026
โš ๏ธ
Microsoft Exchange zero-day chain nets DEVCORE $200K at Pwn2Own
CYBERINSIDER.COM — 15 May 2026
๐Ÿ“‹
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical
GBHACKERS.COM — 15 May 2026
๐Ÿ“ข
Signal threatens to leave Canada over proposed lawful access bill
CYBERINSIDER.COM — 15 May 2026
๐Ÿ“ข
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
THEHACKERNEWS.COM — 15 May 2026
๐Ÿ“ข
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
THEHACKERNEWS.COM — 15 May 2026
๐Ÿ”ฅ
Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems
DARKREADING.COM — 15 May 2026
๐Ÿ”ฅ
Windows 11 and NVIDIA hacked on the first day of Pwn2Own Berlin 2026
CYBERINSIDER.COM — 15 May 2026
๐Ÿ”ฅ
OpenAI confirms exposure in recent โ€˜Shai-Huludโ€™ supply-chain attack
CYBERINSIDER.COM — 15 May 2026
๐Ÿ”ฅ
Inside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunted
SOCRADAR.IO — 15 May 2026
๐Ÿ”ฅ
Gunra Ransomware Expands RaaS After Conti Locker Shift
GBHACKERS.COM — 15 May 2026
๐Ÿ”ฅ
Attackers replaced JDownloader installer downloads with malware
MALWAREBYTES.COM — 15 May 2026
๐Ÿ”ฅ
More than $10 million stolen from crypto platform THORChain
THERECORD.MEDIA — 15 May 2026
๐Ÿ•ต๏ธ
New infosec products of the week: May 15, 2026
HELPNETSECURITY.COM — 15 May 2026
๐Ÿ•ต๏ธ
ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
ISC.SANS.EDU — 15 May 2026
๐Ÿ•ต๏ธ
Popular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly Downloads
GBHACKERS.COM — 15 May 2026
๐Ÿ•ต๏ธ
Deepfake detection is losing ground to generative models
HELPNETSECURITY.COM — 15 May 2026
๐Ÿ•ต๏ธ
Zombie linkages are keeping expired domains trusted for years
HELPNETSECURITY.COM — 15 May 2026
๐Ÿ•ต๏ธ
Microsoft Exposes Kazuar Malwareโ€™s Modular P2P Botnet Architecture
GBHACKERS.COM — 15 May 2026
๐Ÿ•ต๏ธ
Keycard helps developers secure autonomous AI agents with scoped access
HELPNETSECURITY.COM — 15 May 2026
๐Ÿ•ต๏ธ
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
GBHACKERS.COM — 15 May 2026
๐Ÿ•ต๏ธ
OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials
GBHACKERS.COM — 15 May 2026
๐Ÿ•ต๏ธ
Thieves unlock stolen iPhones using cheap tools sold on Telegram
HELPNETSECURITY.COM — 15 May 2026
๐Ÿ•ต๏ธ
Bypassing On-Camera Age-Verification Checks
SCHNEIER.COM — 2026-05-15
๐Ÿ•ต๏ธ
Ghostwriter group resumes attacks on Ukrainian Government targets
SECURITYAFFAIRS.COM — 15 May 2026
๐Ÿ•ต๏ธ
Google lets Workspace admins apply one policy across all SAML apps
HELPNETSECURITY.COM — 15 May 2026
๐Ÿ•ต๏ธ
Traffic-Themed SMS Phishing Targets Users Around the World
KNOWBE4.COM — 15 May 2026
๐Ÿ•ต๏ธ
Raising the bar: Quality, shared responsibility, and the future of GitHubโ€™s bug bounty program
GITHUB.BLOG — 15 May 2026
๐Ÿ•ต๏ธ
Figure Humanoid Robots Sort Packages Non-Stop in 24/7 Demo
TECHREPUBLIC.COM — 15 May 2026
๐Ÿ•ต๏ธ
Googleโ€™s Default 15GB Free Storage Is Ending for Some New Accounts
TECHREPUBLIC.COM — 15 May 2026
๐Ÿ•ต๏ธ
MSPs need AI to fight AI-fueled cyberthreats: Guardz
CYBERSECURITYDIVE.COM — 15 May 2026
๐Ÿ•ต๏ธ
Why Integrate Threat Intelligence Feeds into Email Security?
KNOWBE4.COM — 15 May 2026
๐Ÿ•ต๏ธ
US Approves Nvidia H200 Sales to China, But Shipments Remain Stalled
TECHREPUBLIC.COM — 15 May 2026
๐Ÿ•ต๏ธ
New Windows Update May Undo Bad Driver Updates on Its Own
TECHREPUBLIC.COM — 15 May 2026
๐Ÿ•ต๏ธ
Apple and OpenAIโ€™s ChatGPT Deal Reportedly Risks Legal Clash
TECHREPUBLIC.COM — 15 May 2026
๐Ÿ•ต๏ธ
OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
TECHREPUBLIC.COM — 15 May 2026
๐ŸŒ
[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
ISC.SANS.EDU — 15 May 2026
๐Ÿ“ก
Strong Stack. Strong Team. Real Security Resilience.
HUNTRESS.COM — 2026-05-15
๐Ÿ“ก
Cyber Pioneers Ponder Past as Prologue
DARKREADING.COM — 15 May 2026
๐Ÿ“ก
Metaโ€™s confusing new approach to chat privacy
MALWAREBYTES.COM — 15 May 2026
๐Ÿ“ก
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
INFOSECURITY-MAGAZINE.COM — 15 May 2026
๐Ÿ“ก
The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases
AWS.AMAZON.COM — 15 May 2026
๐Ÿ“ก
A hotel check-in system left a million passports and driverโ€™s licenses open for anyone to see
TECHCRUNCH.COM — 15 May 2026