Security Articles

Stay ahead of emerging threats with expert analysis from 118 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. Opening the week of May 18 – May 24, 2026 (Tuesday outlook): the new week kicks off with back-to-back CRITICAL advisories — NGINX rewrite-module flaw CVE-2026-42945 hit active exploitation within days of disclosure on Monday, an 18-year-old bug now sitting on every NGINX-fronted application stack, and Cisco Catalyst SD-WAN CVE-2026-20182 landed Sunday at CVSS 10.0 under active exploitation by UAT-8616 with no workaround. Carrying forward from last week, Microsoft Exchange XSS CVE-2026-42897 remains under active attack with CISA listing in the Known Exploited Vulnerabilities catalog, May 2026 Patch Tuesday's unauthenticated Netlogon and DNS RCE pair stays the priority server-side patch at CVSS 9.8, and Ivanti EPMM CVE-2026-6973 still triggers the 3-day federal deadline for any organization running on-prem mobile device management. If your business depends on an NGINX-fronted application, a Cisco SD-WAN fabric, on-premises Exchange, or Ivanti EPMM, this week's advisories require action today — start with the article-level remediation steps below.

All Articles AdvisoryCyber AttackData BreachExploitMalwareThreat ActorVulnerability
Severity: All Critical High Medium Low
45 articles found
Featured Story
high
May 20, 2026
highCVE AdvisoryVulnerability

HIGH: Microsoft Ships Mitigation for YellowKey BitLocker Bypass Zero-Day (CVE-2026-45585)

Microsoft published mitigation guidance for CVE-2026-45585, the YellowKey BitLocker bypass zero-day publicly disclosed by researcher Chaotic Eclipse last week. The flaw lives in the FsTx Auto Recovery Utility inside Windows Recovery Environment and lets anyone with physical access and a USB stick spawn an unrestricted shell with the BitLocker-protected volume already mounted. Windows 11 24H2, 25H2, 26H1 and Windows Server 2025 are affected.

By Danny MercerRead Full Article
high
CVE AdvisoryVulnerabilityMay 16, 2026

HIGH: Microsoft Exchange Server XSS Flaw CVE-2026-42897 Under Active Attack

Microsoft Exchange Server CVE-2026-42897 is a cross-site scripting flaw in Outlook Web Access that lets a crafted email execute JavaScript in the victim OWA session. CISA added it to the Known Exploited Vulnerabilities catalog on May 15, 2026 after confirmed in-the-wild exploitation, with a May 29 federal mitigation deadline. Exchange Server 2016, 2019, and Subscription Edition are affected. Exchange Online is not. Microsoft scored it CVSS 8.1, and patches shipped in the May 2026 security update.

Read more
high
CVE AdvisoryVulnerabilityMay 11, 2026

HIGH: Ivanti EPMM CVE-2026-6973 Under Active Exploitation, CISA Mandates 3-Day Federal Patch Deadline

Ivanti has confirmed in-the-wild exploitation of CVE-2026-6973, an authenticated remote code execution flaw in on-premises Endpoint Manager Mobile rated CVSS 7.2. CISA added the bug to its Known Exploited Vulnerabilities catalog on May 7 and gave federal agencies until May 10, 2026 to remediate. The exploitation pattern strongly suggests reuse of admin credentials harvested during the unauthenticated EPMM compromises disclosed in January 2026.

Read more
high
CVE AdvisoryVulnerabilityMay 9, 2026

Zara Joins the Anodot Casualty List as ShinyHunters Cashes In on Third-Party Trust

Inditex confirmed roughly 197,000 Zara customer records were exposed via Anodot, an Israeli AI analytics platform compromised by ShinyHunters. The crew used stolen authentication tokens to pivot into BigQuery instances of multiple downstream customers, hauling out 140GB from Zara alone. Email addresses, order IDs, SKUs, and support tickets leaked, but no payment data or passwords. The supply-chain pattern mirrors the 2024 Snowflake campaign.

Read more
high
CVE AdvisoryVulnerabilityMay 9, 2026

HIGH: 'Dirty Frag' Linux Kernel Bugs Hand Locals Root, One Half Already Patched, RxRPC Half Still Open (CVE-2026-43284, CVE-2026-43500)

Two Linux kernel page-cache write bugs collectively named Dirty Frag let any unprivileged local user pop a root shell in one command. CVE-2026-43284 in xfrm-ESP was patched May 8. CVE-2026-43500 in RxRPC is still unpatched. Microsoft has already seen active exploitation in the wild and a public proof-of-concept is on GitHub.

Read more
high
CVE AdvisoryVulnerabilityApr 29, 2026

HIGH: Storm-1175 Chains ConnectWise ScreenConnect Bugs to Drop Medusa Ransomware (CVE-2024-1708)

CISA added the two-year-old ConnectWise ScreenConnect path traversal flaw CVE-2024-1708 to its Known Exploited Vulnerabilities catalog on April 28, 2026, after China-aligned Storm-1175 was caught chaining it with the SlashAndGrab auth bypass CVE-2024-1709 to deploy Medusa ransomware through compromised MSP infrastructure. Federal agencies have until May 12 to remediate.

Read more
high
CVE AdvisoryVulnerabilityApr 28, 2026

HIGH: APT28 Exploits Incomplete Windows Shell Patch for Zero-Click NTLM Theft (CVE-2026-32202)

Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing flaw that turns out to be an incomplete patch for an APT28 zero-day from earlier this year. The Russian GRU-linked group is using crafted LNK files to silently steal NTLM credentials with zero clicks, and the original April 14 advisory dramatically understated the severity until Microsoft corrected it on April 27.

Read more
high
CVE AdvisoryVulnerabilityApr 27, 2026

HIGH: Bitwarden CLI Hit by Shai-Hulud Third Coming Worm in Checkmarx Supply Chain Cascade

A poisoned build of @bitwarden/cli version 2026.4.0 lived on the npm registry for roughly ninety minutes on April 22, 2026, infecting around 334 developer machines with the third generation of the Shai-Hulud worm. The attack chained off the prior compromise of the checkmarx/ast-github-action GitHub Action, harvested cloud credentials, GitHub and npm tokens, and AI coding tool configs, then self-propagated by injecting malicious workflows into accessible repositories.

Read more
high
CVE AdvisoryVulnerabilityApr 23, 2026

HIGH: Apple Patches iOS Notification Bug That Let the FBI Pull Deleted Signal Messages Off an iPhone (CVE-2026-28950)

Apple shipped iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a data retention flaw in the Notification Services framework that kept the text of deleted notifications in an internal database. The FBI used the bug to recover Signal message content from a seized iPhone after the Signal app had been deleted. Patch every managed iPhone today and enforce preview redaction on sensitive messaging apps.

Read more
high
CVE AdvisoryVulnerabilityApr 21, 2026

HIGH: Three Microsoft Defender Zero-Days Chain Into SYSTEM Takeover With Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender, nicknamed BlueHammer, RedSun, and UnDefend, are under active exploitation after researcher Chaotic Eclipse dumped working proof-of-concept code. Only BlueHammer (CVE-2026-33825, CVSS 7.8) has been patched. RedSun escalates local users to SYSTEM on fully patched systems while UnDefend silently disables Defender definition updates, making the chained attack especially dangerous until the May 13 Patch Tuesday.

Read more

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen TestingMSP Partner Program
Page 1 of 3Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.