📰 DAILY THREAT BRIEFING
Thursday, May 7, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 7, 2026.

  1. Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
    — Unit 42

    Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post T…
  2. Hackers abuse Google ads for GoDaddy ManageWP login phishing
    — Bleeping Computer

    A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing…
  3. Yet Another Way to Bypass Google Chrome's Encryption Protection
    — Dark Reading

    Authors of the VoidStealer Trojan uncovered a way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.
  4. Instructure Breach Exposes Schools' Vendor Dependence
    — Dark Reading

    ShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the tru…
  5. Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
    — The Hacker News

    Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices runn…
  6. Critical vm2 sandbox bug lets attackers execute code on hosts
    — Bleeping Computer

    A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host …
  7. New Cisco DoS flaw requires manual reboot to revive devices
    — Bleeping Computer

    Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually reboot…
  8. MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
    — The Hacker News

    The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ra…
  9. The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
    — The Hacker News

    For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. B…
  10. From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
    — Dark Reading

    As part of its 20th anniversary celebration, Dark Reading looks back on 20 of the biggest newsmaking events from the past two decades that i…
  11. ISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920, (Wed, May 6th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
    — Unit 42

    Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our …

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (5986 in last 30 days).
Critical: 2 · High: 8 · Medium: 10 · Low: 0. View full dashboard →

  1. CVE-2026-41484
    — CVSS 5.3 (MEDIUM)

    OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuc…
  2. CVE-2026-41483
    — CVSS 5.9 (MEDIUM)

    OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service …
  3. CVE-2026-41417
    — CVSS 5.3 (MEDIUM)

    Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace charac…
  4. CVE-2026-41310
    — CVSS 5.3 (MEDIUM)

    OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-ca…
  5. CVE-2026-40296
    — CVSS 5.4 (MEDIUM)

    PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom numb…
  6. CVE-2026-40281
    — CVSS 10.0 (CRITICAL)

    Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline char…
  7. CVE-2026-8033
    — CVSS 5.3 (MEDIUM)

    A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to in…
  8. CVE-2026-8032
    — CVSS 7.3 (HIGH)

    A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded c…
  9. CVE-2026-44118
    — CVSS 7.8 (HIGH)

    OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by m…
  10. CVE-2026-44117
    — CVSS 5.8 (MEDIUM)

    OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia…
  11. CVE-2026-44116
    — CVSS 8.6 (HIGH)

    OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protecti…
  12. CVE-2026-44115
    — CVSS 8.8 (HIGH)

    OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in her…
  13. CVE-2026-44114
    — CVSS 7.8 (HIGH)

    OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set v…
  14. CVE-2026-44113
    — CVSS 5.3 (MEDIUM)

    OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps du…
  15. CVE-2026-44112
    — CVSS 5.3 (MEDIUM)

    OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink…
  16. CVE-2026-44111
    — CVSS 4.3 (MEDIUM)

    OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory…
  17. CVE-2026-44110
    — CVSS 8.8 (HIGH)

    OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control com…
  18. CVE-2026-44109
    — CVSS 9.8 (CRITICAL)

    OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and …
  19. CVE-2026-43585
    — CVSS 8.1 (HIGH)

    OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication pe…
  20. CVE-2026-43584
    — CVSS 8.8 (HIGH)

    OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including V…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 7, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com