📰 DAILY THREAT BRIEFING
Tuesday, May 19, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 19, 2026.

  1. INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
    — Bleeping Computer

    More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and Nor…
  2. Microsoft Exchange Zero-Day Under Attack, No Patch Available
    — Dark Reading

    CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailbo…
  3. SHub macOS infostealer variant spoofs Apple security updates
    — Bleeping Computer

    A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. […]
  4. 'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
    — Dark Reading

    The now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and mai…
  5. CISA Admin Leaked AWS GovCloud Keys on Github
    — Krebs on Security

    Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository th…
  6. TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
    — SANS ISC

    Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confir…
  7. Shai-Hulud Worm Clones Spread After Code Release
    — Dark Reading

    The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.
  8. 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
    — Bleeping Computer

    Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI g…
  9. INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
    — The Hacker News

    INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and…
  10. ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
    — The Hacker News

    Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were pois…
  11. How to Reduce Phishing Exposure Before It Turns into Business Disruption
    — The Hacker News

    What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click?…
  12. Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
    — Unit 42

    Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromi…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6271 in last 30 days).
Critical: 3 · High: 7 · Medium: 8 · Low: 2. View full dashboard →

  1. CVE-2026-32244
    — CVSS 5.3 (MEDIUM)

    Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cann…
  2. CVE-2026-30950
    — CVSS 7.1 (HIGH)

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an …
  3. CVE-2026-27964
    — CVSS 3.9 (LOW)

    FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The application reflects the…
  4. CVE-2026-27892
    — CVSS 6.5 (MEDIUM)

    FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticat…
  5. CVE-2026-27891
    — CVSS 7.2 (HIGH)

    FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within upl…
  6. CVE-2026-27737
    — CVSS 6.5 (MEDIUM)

    BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and…
  7. CVE-2026-8851
    — CVSS 8.1 (HIGH)

    SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the u…
  8. CVE-2026-8838
    — CVSS 9.8 (CRITICAL)

    Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client.
    …
  9. CVE-2026-4137
    — CVSS 7.0 (HIGH)

    In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_download…
  10. CVE-2026-27130
    — CVSS 9.9 (CRITICAL)

    Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack o…
  11. CVE-2026-25244
    — CVSS 9.8 (CRITICAL)

    WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution …
  12. CVE-2026-22810
    — CVSS 8.2 (HIGH)

    Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary …
  13. CVE-2026-47092
    — CVSS 7.8 (HIGH)

    Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can s…
  14. CVE-2026-47091
    — CVSS 3.3 (LOW)

    Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can …
  15. CVE-2026-47090
    — CVSS 4.6 (MEDIUM)

    Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing att…
  16. CVE-2026-45246
    — CVSS 5.5 (MEDIUM)

    Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissio…
  17. CVE-2026-45245
    — CVSS 7.4 (HIGH)

    Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticat…
  18. CVE-2026-45244
    — CVSS 5.4 (MEDIUM)

    Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attack…
  19. CVE-2026-21789
    — CVSS 4.6 (MEDIUM)

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
  20. CVE-2025-65954
    — CVSS 4.7 (MEDIUM)

    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver trea…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 19, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com