Daily Threat Briefing — May 11, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 11, 2026.

1. YARA-X 1.16.0 Release, (Sun, May 10th)
   — SANS ISC
   
   YARA-X's 1.16.0 release brings 4 improvements and 4 bugfixes.
2. Hackers abuse Google ads, Claude.ai chats to push Mac malware
   — Bleeping Computer
   
   Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac d…
3. Police shut down reboot of Crimenetwork marketplace, arrest admin
   — Bleeping Computer
   
   German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, …
4. Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
   — The Hacker News
   
   Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, …
5. JDownloader site hacked to replace installers with Python RAT malware
   — Bleeping Computer
   
   The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux install…
6. cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
   — The Hacker News
   
   cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privile…
7. ShinyHunters Claims Second Attack Against Instructure
   — Dark Reading
   
   The edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line.
8. TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
   — The Hacker News
   
   Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fint…
9. Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
   — SANS ISC
   
   Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vu…
10. Canvas Breach Disrupts Schools & Colleges Nationwide
    — Krebs on Security
    
    An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school d…
11. ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
12. After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
    — Dark Reading
    
    PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (5530 in last 30 days).
Critical: 0 · High: 0 · Medium: 17 · Low: 3. View full dashboard →

1. CVE-2026-8255
   — CVSS 2.4 (LOW)
   
   A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack can be initiated remot…
2. CVE-2026-8254
   — CVSS 2.4 (LOW)
   
   A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting. It is p…
3. CVE-2026-8253
   — CVSS 2.4 (LOW)
   
   A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross site scripting. It is…
4. CVE-2026-8252
   — CVSS 4.3 (MEDIUM)
   
   A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be p…
5. CVE-2026-8251
   — CVSS 4.3 (MEDIUM)
   
   A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of serv…
6. CVE-2026-8250
   — CVSS 4.3 (MEDIUM)
   
   A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. Th…
7. CVE-2026-8249
   — CVSS 4.3 (MEDIUM)
   
   A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. …
8. CVE-2026-8248
   — CVSS 4.3 (MEDIUM)
   
   A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of…
9. CVE-2022-50970
   — CVSS 5.4 (MEDIUM)
   
   WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payl…
10. CVE-2022-50969
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not prope…
11. CVE-2022-50968
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly saniti…
12. CVE-2022-50967
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitiz…
13. CVE-2022-50966
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized,…
14. CVE-2022-50965
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized…
15. CVE-2022-50964
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are no…
16. CVE-2022-50963
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are n…
17. CVE-2022-50962
    — CVSS 6.1 (MEDIUM)
    
    uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly saniti…
18. CVE-2022-50961
    — CVSS 6.4 (MEDIUM)
    
    WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attack…
19. CVE-2022-50960
    — CVSS 6.1 (MEDIUM)
    
    WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts…
20. CVE-2022-50959
    — CVSS 6.1 (MEDIUM)
    
    WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft mali…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 11, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com