matlock.ca // THREAT INTELLIGENCE — 2026-05-17

16Articles

3Categories

2026-05-17Date

🐛

CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

MSRC.MICROSOFT.COM — 17 May 2026

🐛

CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

MSRC.MICROSOFT.COM — 17 May 2026

🐛

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

MSRC.MICROSOFT.COM — 17 May 2026

🐛

CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

MSRC.MICROSOFT.COM — 17 May 2026

🐛

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

KEVTHEHACKERNEWS.COM — 17 May 2026

🐛

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

SECURITYAFFAIRS.COM — 17 May 2026

⚠️

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

SECURITYAFFAIRS.COM — 17 May 2026

⚠️

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

THEHACKERNEWS.COM — 17 May 2026

⚠️

Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited

HELPNETSECURITY.COM — 17 May 2026

⚠️

GitHub Actions Cache Poisoning is eating open source

PROGRAMMING.DEV — 17 May 2026

⚠️

Pwn2Own Berlin 2026 concludes with $1.29 million paid for 47 zero-days

CYBERINSIDER.COM — 17 May 2026

⚠️

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITYAFFAIRS.COM — 17 May 2026

⚠️

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

KEVSECURITYAFFAIRS.COM — 17 May 2026

⚠️

iodéOS review: Privacy-focused Android that doesn’t get in your way

CYBERINSIDER.COM — 17 May 2026

⚠️

Debian 13.5 point release lands with security fixes, bug patches

HELPNETSECURITY.COM — 17 May 2026

🎙️

From cyberspace to space-cyber.

THECYBERWIRE.COM — 17 May 2026