Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension
Ivanti disclosed CVE-2026-6973, an actively exploited RCE vulnerability in EPMM 12.8.0.0 and earlier. CISA set a May 10 federal remediation
Three PyPI packages with 2,400+ combined downloads delivered ZiChatBot malware to developer machines, abusing Zulip’s REST API as a covert
Researchers identified a Linux variant of Quasar RAT targeting developer systems to steal source code access, CI/CD credentials, and signing
Disc Soft confirmed a build environment compromise that distributed trojanized DAEMON Tools Lite installers deploying an infostealer, backdoor, and QUIC
Trend Micro on May 5, 2026 disclosed QLNX (Quasar Linux), a Linux implant targeting software developers with a 58-command shell,
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on
CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.