Daily Threat Briefing — May 18, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 18, 2026.

1. The Boring Stuff is Dangerous Now
   — Dark Reading
   
   AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentia…
2. New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
   — Bleeping Computer
   
   A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets…
3. Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
   — Bleeping Computer
   
   The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 account…
4. NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
   — The Hacker News
   
   A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public di…
5. Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
   — The Hacker News
   
   Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment…
6. Microsoft rejects critical Azure vulnerability report, no CVE issued
   — Bleeping Computer
   
   A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a…
7. Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
   — The Hacker News
   
   A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject…
8. Cyber Pioneers Ponder Past as Prologue
   — Dark Reading
   
   Robert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for…
9. Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
   — Unit 42
   
   Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromi…
10. [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
    — SANS ISC
    
    
 
 :root {
 –isc-maroon: #7a1f1f;
 –isc-maroon-dark: #5e1717;
 –isc-lin…
11. ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
12. Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems
    — Dark Reading
    
    A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an ant…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6220 in last 30 days).
Critical: 1 · High: 10 · Medium: 9 · Low: 0. View full dashboard →

1. CVE-2026-8769
   — CVSS 4.3 (MEDIUM)
   
   A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the c…
2. CVE-2026-8768
   — CVSS 7.3 (HIGH)
   
   A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation res…
3. CVE-2026-8767
   — CVSS 5.0 (MEDIUM)
   
   A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os c…
4. CVE-2026-8766
   — CVSS 4.3 (MEDIUM)
   
   A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of …
5. CVE-2026-8765
   — CVSS 4.3 (MEDIUM)
   
   A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint.…
6. CVE-2026-8764
   — CVSS 7.2 (HIGH)
   
   A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attac…
7. CVE-2026-8759
   — CVSS 7.3 (HIGH)
   
   A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the compon…
8. CVE-2026-8758
   — CVSS 7.3 (HIGH)
   
   A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestri…
9. CVE-2026-8757
   — CVSS 7.3 (HIGH)
   
   A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Performing a manipulation r…
10. CVE-2026-8756
    — CVSS 7.3 (HIGH)
    
    A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the component Gradio Interfac…
11. CVE-2026-8755
    — CVSS 7.3 (HIGH)
    
    A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handler. This manipulation…
12. CVE-2026-8754
    — CVSS 6.3 (MEDIUM)
    
    A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument fil…
13. CVE-2026-8753
    — CVSS 6.3 (MEDIUM)
    
    A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fi…
14. CVE-2018-25339
    — CVSS 8.2 (HIGH)
    
    Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sle…
15. CVE-2018-25338
    — CVSS 8.2 (HIGH)
    
    Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter w…
16. CVE-2018-25337
    — CVSS 4.3 (MEDIUM)
    
    Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account…
17. CVE-2018-25336
    — CVSS 5.3 (MEDIUM)
    
    Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting en…
18. CVE-2018-25335
    — CVSS 9.8 (CRITICAL)
    
    WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload…
19. CVE-2018-25334
    — CVSS 5.4 (MEDIUM)
    
    Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use …
20. CVE-2018-25333
    — CVSS 8.2 (HIGH)
    
    Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in lo…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 18, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com