📰 DAILY THREAT BRIEFING
Sunday, May 10, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 10, 2026.

  1. JDownloader site hacked to replace installers with Python RAT malware
    — Bleeping Computer

    The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux install…
  2. Fake OpenAI repository on Hugging Face pushes infostealer malware
    — Bleeping Computer

    A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver info…
  3. cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
    — The Hacker News

    cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privile…
  4. ShinyHunters Claims Second Attack Against Instructure
    — Dark Reading

    The edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line.
  5. TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
    — The Hacker News

    Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fint…
  6. NVIDIA confirms GeForce NOW data breach affecting Armenian users
    — Bleeping Computer

    NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. […]
  7. Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
    — The Hacker News

    Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access…
  8. Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
    — SANS ISC

    Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vu…
  9. Canvas Breach Disrupts Schools & Colleges Nationwide
    — Krebs on Security

    An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school d…
  10. ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  11. After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
    — Dark Reading

    PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.
  12. Has CISA Finally Found Its New Leader in Tom Parker?
    — Dark Reading

    Dark Reading investigates rumors that Tom Parker, a board room "operator" and longtime cyber exec, could be next in line to take over CISA.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (5637 in last 30 days).
Critical: 1 · High: 5 · Medium: 12 · Low: 2. View full dashboard →

  1. CVE-2026-8213
    — CVSS 5.3 (MEDIUM)

    A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap…
  2. CVE-2026-8212
    — CVSS 5.3 (MEDIUM)

    A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. T…
  3. CVE-2026-8211
    — CVSS 4.7 (MEDIUM)

    A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The m…
  4. CVE-2026-45184
    — CVSS 6.5 (MEDIUM)

    Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.
  5. CVE-2026-45182
    — CVSS 2.2 (LOW)

    GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP…
  6. CVE-2026-45181
    — CVSS 6.5 (MEDIUM)

    Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directry if the victim uses an attacker-suppl…
  7. CVE-2026-8210
    — CVSS 5.3 (MEDIUM)

    A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulat…
  8. CVE-2026-8196
    — CVSS 3.7 (LOW)

    A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the compone…
  9. CVE-2026-8195
    — CVSS 4.3 (MEDIUM)

    A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java …
  10. CVE-2026-8194
    — CVSS 4.3 (MEDIUM)

    A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument _method leads to…
  11. CVE-2026-42606
    — CVSS 8.1 (HIGH)

    AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy all…
  12. CVE-2026-42605
    — CVSS 8.8 (HIGH)

    AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) is not…
  13. CVE-2026-42576
    — CVSS 6.5 (MEDIUM)

    apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *rsa.PublicKey without …
  14. CVE-2026-42575
    — CVSS 7.5 (HIGH)

    apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against…
  15. CVE-2026-42574
    — CVSS 7.5 (HIGH)

    apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the buil…
  16. CVE-2026-42569
    — CVSS 9.4 (CRITICAL)

    phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0…
  17. CVE-2026-42562
    — CVSS 8.3 (HIGH)

    Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint…
  18. CVE-2026-8193
    — CVSS 6.3 (MEDIUM)

    A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side reques…
  19. CVE-2026-8192
    — CVSS 6.3 (MEDIUM)

    A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly p…
  20. CVE-2026-8191
    — CVSS 6.3 (MEDIUM)

    A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. Th…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 10, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com