CISA Orders Patch for Sixth Cisco SD-WAN Zero-Day of 2026
May 19, 2026
Cisco confirmed active exploitation of CVE-2026-20182, a CVSS 10.0 authentication bypass in SD-WAN, as CISA gave federal agencies three days
News
CISA Orders Patch for Sixth Cisco SD-WAN Zero-Day of 2026
Cisco confirmed active exploitation of CVE-2026-20182, a CVSS 10.0 authentication bypass in SD-WAN, as CISA gave federal agencies three days to patch.
Exchange Server XSS CVE-2026-42897 Exploited via Crafted Email
Microsoft confirmed active exploitation of CVE-2026-42897, an XSS flaw in on-premises Exchange Server triggered when victims open malicious emails in OWA.
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
ESET documented a Ghostwriter spear-phishing campaign using geofenced PDFs to deliver Cobalt Strike against Ukrainian and Polish government targets since March 2026.
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
OpenAI confirmed two employee devices were compromised through a supply chain attack, exposing code-signing certificates for macOS, Windows, iOS, and Android apps.
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
ReliaQuest found KongTuke impersonating IT help desk staff via Microsoft Teams to trick employees into running PowerShell, deploying ModeloRAT and selling access to ransomware groups.
node-ipc npm Package Hid Credential Stealer Across Three Versions
Socket and StepSecurity found stealer backdoors in three node-ipc npm versions targeting 90 cloud and developer credential categories via an unknown new publisher account.
PraisonAI CVE-2026-44338 Exploited 3h44m After Public Disclosure
Attackers began exploiting a missing-authentication flaw in PraisonAI's Flask API server 3 hours and 44 minutes after the CVE-2026-44338 advisory was published on May 11.
Burst Statistics CVE-2026-8181 Draws 7,400 Attacks in 24 Hours
Wordfence blocked over 7,400 attacks against CVE-2026-8181 in the Burst Statistics WordPress plugin within 24 hours of disclosure, with 115,000 sites still unpatched.
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
VulnCheck confirmed in-the-wild exploitation of NGINX CVE-2026-42945, a critical heap overflow, within days of F5's patch; 5.7 million servers are exposed.
CoinbaseCartel Steals Grafana Source Code via GitHub Token
Grafana Labs confirmed CoinbaseCartel stole its source code via a stolen GitHub token; the group has links to ShinyHunters; no customer data was affected.
Exchange Server XSS CVE-2026-42897 Exploited via Crafted Email
May 19, 2026
Microsoft confirmed active exploitation of CVE-2026-42897, an XSS flaw in on-premises Exchange Server triggered when victims open malicious emails in
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
May 19, 2026
ESET documented a Ghostwriter spear-phishing campaign using geofenced PDFs to deliver Cobalt Strike against Ukrainian and Polish government targets since
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
May 19, 2026
OpenAI confirmed two employee devices were compromised through a supply chain attack, exposing code-signing certificates for macOS, Windows, iOS, and
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
May 19, 2026
ReliaQuest found KongTuke impersonating IT help desk staff via Microsoft Teams to trick employees into running PowerShell, deploying ModeloRAT and
node-ipc npm Package Hid Credential Stealer Across Three Versions
May 19, 2026
Socket and StepSecurity found stealer backdoors in three node-ipc npm versions targeting 90 cloud and developer credential categories via an
PraisonAI CVE-2026-44338 Exploited 3h44m After Public Disclosure
May 19, 2026
Attackers began exploiting a missing-authentication flaw in PraisonAI’s Flask API server 3 hours and 44 minutes after the CVE-2026-44338 advisory
Burst Statistics CVE-2026-8181 Draws 7,400 Attacks in 24 Hours
May 19, 2026
Wordfence blocked over 7,400 attacks against CVE-2026-8181 in the Burst Statistics WordPress plugin within 24 hours of disclosure, with 115,000
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
May 19, 2026
VulnCheck confirmed in-the-wild exploitation of NGINX CVE-2026-42945, a critical heap overflow, within days of F5’s patch; 5.7 million servers are
CoinbaseCartel Steals Grafana Source Code via GitHub Token
May 19, 2026
Grafana Labs confirmed CoinbaseCartel stole its source code via a stolen GitHub token; the group has links to ShinyHunters; no
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.