Stay ahead of emerging threats with expert analysis from 118 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. Opening the week of May 18 – May 24, 2026 (Tuesday outlook): the new week kicks off with back-to-back CRITICAL advisories — NGINX rewrite-module flaw CVE-2026-42945 hit active exploitation within days of disclosure on Monday, an 18-year-old bug now sitting on every NGINX-fronted application stack, and Cisco Catalyst SD-WAN CVE-2026-20182 landed Sunday at CVSS 10.0 under active exploitation by UAT-8616 with no workaround. Carrying forward from last week, Microsoft Exchange XSS CVE-2026-42897 remains under active attack with CISA listing in the Known Exploited Vulnerabilities catalog, May 2026 Patch Tuesday's unauthenticated Netlogon and DNS RCE pair stays the priority server-side patch at CVSS 9.8, and Ivanti EPMM CVE-2026-6973 still triggers the 3-day federal deadline for any organization running on-prem mobile device management. If your business depends on an NGINX-fronted application, a Cisco SD-WAN fabric, on-premises Exchange, or Ivanti EPMM, this week's advisories require action today — start with the article-level remediation steps below.
DPRK-linked threat actors have infected over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist since January 2025. The Contagious Interview campaign delivers infostealers and RATs through developer tooling that looks completely legitimate until activated.
CVE-2025-59528 is a CVSS 10.0 RCE flaw in Flowise AI agent builder with 12,000 exposed instances. Here is who is affected, how to check, and what to patch.
Read moreNorth Korean hackers spent six months building trust with Drift Protocol contributors before stealing $285 million. The operation involved fake personas, conference appearances, and a million-dollar deposit to establish credibility before exploiting VS Code and TestFlight attack vectors.
Read moreNorth Korean hackers drained $285 million from Solana-based Drift Protocol using social engineering to compromise multi-signature approvals. The attack involved no code exploits, just patient manipulation of human trust over several weeks.
Read moreCheck Point researchers discovered a ChatGPT vulnerability allowing silent data exfiltration via DNS queries from the code execution sandbox. Separately, BeyondTrust found a critical command injection flaw in OpenAI Codex that enabled GitHub token theft through malicious branch names.
Read moreIran-linked Handala Hack breached FBI Director Kash Patel email and unleashed wiper malware on Stryker. First destructive attack on US Fortune 500.
Read moreThree critical vulnerabilities in LangChain and LangGraph let attackers steal files from filesystems, siphon API keys and environment secrets, and pillage conversation histories. With 84 million weekly downloads, most enterprise AI deployments are affected.
Read moreSecurity researchers at Cyera disclosed three vulnerabilities in LangChain and LangGraph affecting millions of AI applications. Path traversal, deserialization, and SQL injection flaws expose filesystem contents, environment secrets, and conversation histories.
Read moreTeamPCP has compromised LiteLLM, a Python package present in 36% of cloud environments. Malicious versions 1.82.7 and 1.82.8 deploy credential harvesters, Kubernetes lateral movement tools, and persistent backdoors.
Read moreOracle patches CVE-2026-21992, a pre-auth RCE in Identity Manager scoring 9.8 CVSS. No credentials needed to exploit. Emergency patches available now.
Read moreA second supply chain attack on Trivy compromised 75 GitHub Actions tags and spawned a credential-stealing worm across 47 npm packages. Check your CI pipeline.
Read moreCritical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.
Read moreCritical VMware ESXi flaw lets attackers escape guest VMs and execute code on the hypervisor. If you run ESXi, this needs immediate patching.
Read moreSophisticated iOS exploit kit chains six vulnerabilities including three zero-days to achieve complete device takeover. Multiple threat actors including Russian espionage groups and commercial surveillance vendors observed using DarkSword against targets in Ukraine, Saudi Arabia, and Turkey.
Read moreNine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.
Read moreCISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.
Read moreGoogle patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.
Read moreCVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.
Read moreA critical arbitrary file read vulnerability in Jenkins allows attackers to extract credentials, API keys, and secrets from CI/CD pipelines.
Read moreA critical authentication bypass in Citrix NetScaler Gateway and ADC allows attackers to access protected resources without valid credentials.
Read moreOur CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.
Subscribe to our newsletter and get the latest security insights delivered to your inbox.
