🐛 COMMON VULNERABILITIES AND EXPOSURES 20[−]
31 MayCVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereferenceInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.Information published.MSRC.MICROSOFT.COM
31 MayCVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAFInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verificationInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sansInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file readInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page dataInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output globInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submoduleInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.cInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.cInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validationInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative nameInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handlingInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchangeInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerabilityInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS dateInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UIInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
31 MayWeek in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flawHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their …HELPNETSECURITY.COM
31 MayWP Maps Pro bug exploited to create admin accounts on WordPress sitesHackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 2[−]
31 MayCyberWire Daily at 10: The evolution of ransomware.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner consider the tactics, trends, and turning points that shaped the threat landscape over the last decade of ransomware. Ransomware has evolved from small-scale exto…THECYBERWIRE.COM
31 MayDutch Authorities Dismantle Botnet Linked to 17 Million Infected DevicesDutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), …THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 1[−]
31 MayYARA-X 1.17.0 Release, (Sun, May 31st)YARA-X&#;x26;#;39;s 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix.
ISC.SANS.EDU
🌐 CYBER THREAT LANDSCAPE 1[−]
31 MayGPS: A backbone for critical infrastructure.Since its original creation in the 1970s, GPS has evolved from a technology primarily used by the military to a foundation for modern society. After the removal of selective availability for civilians in 2000, GPS’s value has significantly expanded. In the past two decades, nearl…THECYBERWIRE.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
31 MayThe evolution of GPS.This week on T-Minus: Space-Cyber Briefing: we look at GPS and how this technology has become instrumental to modern society. As governments have expanded the public’s use of this technology it has evolved from a fringe service to one that supports many of the modern day services…THECYBERWIRE.COM