📰 DAILY THREAT BRIEFING
Thursday, May 14, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 14, 2026.

  1. West Pharmaceutical says hackers stole data, encrypted systems
    — Bleeping Computer

    West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [..…
  2. Iranian hackers targeted major South Korean electronics maker
    — Bleeping Computer

    The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine …
  3. Checkbox Assessments Aren't Fit to Measure to Risk
    — Dark Reading

    Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in curre…
  4. Attackers Weaponize RubyGems for Data Dead Drops
    — Dark Reading

    Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear object…
  5. Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
    — Dark Reading

    An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effect…
  6. New critical Exim mailer flaw allows remote code execution
    — Bleeping Computer

    A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticat…
  7. Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
    — The Hacker News

    Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and r…
  8. Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
    — The Hacker News

    A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company b…
  9. [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
    — The Hacker News

    TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to …
  10. [GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
    — SANS ISC

    [This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor's degree i…
  11. ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  12. Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
    — SANS ISC

    .. if “unproxyable” is a word that is ..

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6459 in last 30 days).
Critical: 4 · High: 7 · Medium: 9 · Low: 0. View full dashboard →

  1. CVE-2026-41281
    — CVSS 4.8 (MEDIUM)

    Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communica…
  2. CVE-2026-32991
    — CVSS 7.1 (HIGH)

    Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.
  3. CVE-2026-29206
    — CVSS 8.1 (HIGH)

    Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.
  4. CVE-2026-45158
    — CVSS 9.1 (CRITICAL)

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote co…
  5. CVE-2026-44478
    — CVSS 7.5 (HIGH)

    hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboard…
  6. CVE-2026-44471
    — CVSS 7.8 (HIGH)

    gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing direct…
  7. CVE-2026-44448
    — CVSS 5.9 (MEDIUM)

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted ro…
  8. CVE-2026-44447
    — CVSS 8.8 (HIGH)

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sen…
  9. CVE-2026-44446
    — CVSS 8.8 (HIGH)

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor …
  10. CVE-2026-44442
    — CVSS 9.9 (CRITICAL)

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulne…
  11. CVE-2026-44441
    — CVSS 5.0 (MEDIUM)

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a se…
  12. CVE-2026-44440
    — CVSS 6.5 (MEDIUM)

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on an endpoint allows an…
  13. CVE-2026-44426
    — CVSS 6.5 (MEDIUM)

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including
    the members list (user IDs, e-mails, roles), settings, and device counts — to any call…
  14. CVE-2026-44425
    — CVSS 5.4 (MEDIUM)

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sort…
  15. CVE-2026-44424
    — CVSS 6.5 (MEDIUM)

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace (tena…
  16. CVE-2026-44423
    — CVSS 6.5 (MEDIUM)

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session …
  17. CVE-2026-44195
    — CVSS 5.3 (MEDIUM)

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication failure counter for the…
  18. CVE-2026-44194
    — CVSS 9.1 (CRITICAL)

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitra…
  19. CVE-2026-44193
    — CVSS 9.1 (CRITICAL)

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is …
  20. CVE-2026-32993
    — CVSS 8.3 (HIGH)

    Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 14, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com