📰 DAILY THREAT BRIEFING
Wednesday, May 13, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 13, 2026.

  1. US govt seeks Instructure testimony on massive Canvas cyberattack
    — Bleeping Computer

    The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters ext…
  2. Patch Tuesday, May 2026 Edition
    — Krebs on Security

    Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at …
  3. It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
    — Dark Reading

    It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of w…
  4. UK fines water supplier $1.3M for exposing data of 664k customers
    — Bleeping Computer

    The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 mil…
  5. Webinar: Fixing the gaps in network incident response
    — Bleeping Computer

    IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores ho…
  6. Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
    — SANS ISC

    Today's Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-relat…
  7. New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
    — The Hacker News

    Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption a…
  8. RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
    — The Hacker News

    RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been de…
  9. Hugging Face Packages Weaponized With a Single File Tweak
    — Dark Reading

    A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.
  10. New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
    — The Hacker News

    Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-…
  11. 20 Leaders Who Built the CISO Era: 2 Decades of Change
    — Dark Reading

    As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who re…
  12. ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6341 in last 30 days).
Critical: 3 · High: 11 · Medium: 6 · Low: 0. View full dashboard →

  1. CVE-2026-8108
    — CVSS 7.8 (HIGH)

    The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
  2. CVE-2026-5371
    — CVSS 7.1 (HIGH)

    The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_…
  3. CVE-2026-44548
    — CVSS 8.1 (HIGH)

    ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logge…
  4. CVE-2026-44547
    — CVSS 9.6 (CRITICAL)

    ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by…
  5. CVE-2026-44347
    — CVSS 5.8 (MEDIUM)

    Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the a…
  6. CVE-2026-44341
    — CVSS 5.3 (MEDIUM)

    GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks prop…
  7. CVE-2026-44245
    — CVSS 6.1 (MEDIUM)

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the au…
  8. CVE-2026-42289
    — CVSS 8.8 (HIGH)

    ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An unauthentic…
  9. CVE-2026-42288
    — CVSS 10.0 (CRITICAL)

    ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DB_PA…
  10. CVE-2026-41901
    — CVSS 9.0 (CRITICAL)

    Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the librar…
  11. CVE-2026-1250
    — CVSS 7.5 (HIGH)

    The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escapin…
  12. CVE-2025-15463
    — CVSS 6.5 (MEDIUM)

    The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action …
  13. CVE-2026-8449
    — CVSS 8.8 (HIGH)

    Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption…
  14. CVE-2026-45227
    — CVSS 8.8 (HIGH)

    Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Atta…
  15. CVE-2026-45226
    — CVSS 7.1 (HIGH)

    Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation…
  16. CVE-2026-45225
    — CVSS 7.6 (HIGH)

    Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traver…
  17. CVE-2026-44871
    — CVSS 7.2 (HIGH)

    Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an aut…
  18. CVE-2026-44306
    — CVSS 5.3 (MEDIUM)

    Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthentica…
  19. CVE-2026-44305
    — CVSS 6.8 (MEDIUM)

    Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module l…
  20. CVE-2026-44304
    — CVSS 8.1 (HIGH)

    Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticate…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 13, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com