📰 DAILY THREAT BRIEFING
Saturday, May 9, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 9, 2026.

  1. ShinyHunters Claims Second Attack Against Instructure
    — Dark Reading

    The edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line.
  2. TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
    — The Hacker News

    Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fint…
  3. NVIDIA confirms GeForce NOW data breach affecting Armenian users
    — Bleeping Computer

    NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. […]
  4. Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
    — The Hacker News

    Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access…
  5. Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
    — SANS ISC

    Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vu…
  6. Why More Analysts Won’t Solve Your SOC’s Alert Problem
    — Bleeping Computer

    Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts…
  7. One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
    — The Hacker News

    The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the …
  8. Trellix source code breach claimed by RansomHouse hackers
    — Bleeping Computer

    The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small …
  9. Canvas Breach Disrupts Schools & Colleges Nationwide
    — Krebs on Security

    An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school d…
  10. ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  11. After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
    — Dark Reading

    PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.
  12. Has CISA Finally Found Its New Leader in Tom Parker?
    — Dark Reading

    Dark Reading investigates rumors that Tom Parker, a board room "operator" and longtime cyber exec, could be next in line to take over CISA.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (5845 in last 30 days).
Critical: 5 · High: 6 · Medium: 8 · Low: 1. View full dashboard →

  1. CVE-2026-44313
    — CVSS 9.1 (CRITICAL)

    Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders f…
  2. CVE-2026-45130
    — CVSS 6.6 (MEDIUM)

    Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An atta…
  3. CVE-2026-44987
    — CVSS 3.8 (LOW)

    SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installat…
  4. CVE-2026-44284
    — CVSS 6.3 (MEDIUM)

    FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network…
  5. CVE-2026-42556
    — CVSS 8.9 (HIGH)

    Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and se…
  6. CVE-2026-42456
    — CVSS 4.3 (MEDIUM)

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to…
  7. CVE-2026-42454
    — CVSS 9.9 (CRITICAL)

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL pa…
  8. CVE-2026-42452
    — CVSS 8.1 (HIGH)

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token…
  9. CVE-2026-42451
    — CVSS 6.3 (MEDIUM)

    Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted E…
  10. CVE-2026-42354
    — CVSS 9.1 (CRITICAL)

    Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an at…
  11. CVE-2026-42352
    — CVSS 8.6 (HIGH)

    pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP s…
  12. CVE-2026-42351
    — CVSS 7.5 (HIGH)

    pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can a…
  13. CVE-2026-42346
    — CVSS 6.5 (MEDIUM)

    Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulnerability: isSafePubl…
  14. CVE-2026-42345
    — CVSS 7.7 (HIGH)

    FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith() chec…
  15. CVE-2026-42344
    — CVSS 6.3 (MEDIUM)

    FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Time-of-Check to Time-…
  16. CVE-2026-42307
    — CVSS 4.4 (MEDIUM)

    Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., usin…
  17. CVE-2026-42302
    — CVSS 9.8 (CRITICAL)

    FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint…
  18. CVE-2026-42298
    — CVSS 10.0 (CRITICAL)

    Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows any unauthenticated us…
  19. CVE-2026-42291
    — CVSS 6.8 (MEDIUM)

    SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows…
  20. CVE-2026-42224
    — CVSS 7.6 (HIGH)

    ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 9, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com