Daily Threat Briefing — May 15, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 15, 2026.

1. TeamPCP hackers advertise Mistral AI code repos for sale
   — Bleeping Computer
   
   The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. […]
2. Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
   — Bleeping Computer
   
   Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access …
3. SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
   — Dark Reading
   
   The acquisition looks to boost visibility into third-party ecosystems, which are becoming a bigger concern as vectors for supply chain attac…
4. Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
   — Dark Reading
   
   This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.
5. Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
   — Bleeping Computer
   
   Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in…
6. Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
   — The Hacker News
   
   Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been expl…
7. Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
   — The Hacker News
   
   Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-i…
8. 'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
   — Dark Reading
   
   Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarus…
9. ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
   — The Hacker News
   
   Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and peopl…
10. Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
    — SANS ISC
    
    Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be qu…
11. ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
12. [GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
    — SANS ISC
    
    [This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor's degree i…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6384 in last 30 days).
Critical: 3 · High: 10 · Medium: 6 · Low: 1. View full dashboard →

1. CVE-2026-6811
   — CVSS 5.9 (MEDIUM)
   
   Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.
2. CVE-2026-45248
   — CVSS 5.3 (MEDIUM)
   
   Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can …
3. CVE-2026-44671
   — CVSS 7.5 (HIGH)
   
   ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-pro…
4. CVE-2026-45781
   — CVSS 3.5 (LOW)
   
   The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting a…
5. CVE-2026-45370
   — CVSS 7.7 (HIGH)
   
   python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an at…
6. CVE-2026-45369
   — CVSS 8.3 (HIGH)
   
   python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any…
7. CVE-2026-44673
   — CVSS 7.5 (HIGH)
   
   libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binar…
8. CVE-2026-44661
   — CVSS 4.7 (MEDIUM)
   
   python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and too…
9. CVE-2026-44212
   — CVSS 9.3 (CRITICAL)
   
   PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attack…
10. CVE-2026-8634
    — CVSS 9.1 (CRITICAL)
    
    Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, …
11. CVE-2026-8629
    — CVSS 8.1 (HIGH)
    
    Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. A…
12. CVE-2026-8597
    — CVSS 7.2 (HIGH)
    
    Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference contai…
13. CVE-2026-8596
    — CVSS 7.2 (HIGH)
    
    Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key …
14. CVE-2026-8587
    — CVSS 8.8 (HIGH)
    
    Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium s…
15. CVE-2026-8584
    — CVSS 4.2 (MEDIUM)
    
    Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security …
16. CVE-2026-8583
    — CVSS 5.3 (MEDIUM)
    
    Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process mem…
17. CVE-2026-8582
    — CVSS 5.3 (MEDIUM)
    
    Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medi…
18. CVE-2026-8581
    — CVSS 8.8 (HIGH)
    
    Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
19. CVE-2026-8580
    — CVSS 9.6 (CRITICAL)
    
    Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
20. CVE-2026-8577
    — CVSS 8.8 (HIGH)
    
    Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 15, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com