12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com
📰 Cybersecurity News Headlines
Top stories from leading cybersecurity publications as of May 2, 2026.
-
Microsoft tests modern Windows Run, says it's faster than legacy dialog
— Bleeping Computer
Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview bu… -
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
— Unit 42
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The… -
Edu tech firm Instructure discloses cyber incident, probes impact
— Bleeping Computer
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident a… -
Essential Data Sources for Detection Beyond the Endpoint
— Unit 42
Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essentia… -
76% of All Crypto Stolen in 2026 Is Now in North Korea
— Dark Reading
North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them. -
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
— SANS ISC
Introduction -
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
— The Hacker News
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails… -
15-year-old detained over French govt agency data breach
— Bleeping Computer
French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agen… -
If AI's So Smart, Why Does It Keep Deleting Production Databases?
— Dark Reading
The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper secu… -
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
— The Hacker News
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within th… -
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
— The Hacker News
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across S… -
Name That Toon: Mark of (Security) Progress
— Dark Reading
Feeling creative? Have something to say about the last 20 years of cybersecurity? Our editors will award the best cybersecurity-related capt…
🪲 NVD — Last 20 Scored Vulnerabilities
Latest scored CVEs from the National Vulnerability Database (5908 in last 30 days).
Critical: 0 · High: 9 · Medium: 10 · Low: 1. View full dashboard →
-
CVE-2026-7599
— CVSS 6.3 (MEDIUM)
A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation⦠-
CVE-2026-7598
— CVSS 7.3 (HIGH)
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to ⦠-
CVE-2026-7597
— CVSS 6.3 (MEDIUM)
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to in⦠-
CVE-2026-7596
— CVSS 4.3 (MEDIUM)
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slid⦠-
CVE-2026-7595
— CVSS 6.3 (MEDIUM)
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the compon⦠-
CVE-2026-7594
— CVSS 7.3 (HIGH)
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in⦠-
CVE-2026-7593
— CVSS 7.3 (HIGH)
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation l⦠-
CVE-2026-7592
— CVSS 7.3 (HIGH)
A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /edit_staff.php. Executing a manipulation of the argument ID can lead to sql injection. The attac⦠-
CVE-2026-7591
— CVSS 6.3 (MEDIUM)
A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation⦠-
CVE-2026-7590
— CVSS 7.3 (HIGH)
A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/⦠-
CVE-2026-7589
— CVSS 5.3 (MEDIUM)
A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service/app/api/v1/endpoints⦠-
CVE-2026-30363
— CVSS 8.4 (HIGH)
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. -
CVE-2025-52347
— CVSS 7.8 (HIGH)
An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a ⦠-
CVE-2026-7588
— CVSS 5.3 (MEDIUM)
A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results in path traversal. It ⦠-
CVE-2026-37457
— CVSS 7.5 (HIGH)
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a craft⦠-
CVE-2026-35233
— CVSS 4.4 (MEDIUM)
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to — or instruments — that process (via dtrace -p , pid prob⦠-
CVE-2026-26461
— CVSS 6.5 (MEDIUM)
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request. -
CVE-2026-21996
— CVSS 3.3 (LOW)
An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab() -
CVE-2025-69606
— CVSS 6.1 (MEDIUM)
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-supplied input, allowing at⦠-
CVE-2025-63548
— CVSS 7.5 (HIGH)
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
Source: NVD CVE API 2.0
Generated by CryptXNet.ai Threat Intelligence Platform · May 2, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com
Leave a Comment