📰 DAILY THREAT BRIEFING
Wednesday, May 20, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 20, 2026.

  1. Max-severity flaw in ChromaDB for AI apps allows server hijacking
    — Bleeping Computer

    A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary …
  2. Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
    — Dark Reading

    Verizon's "2026 Data Breach Investigations Report" ("DBIR") finds that exploits are now involved in 31% of initial access for breaches, whil…
  3. Cybercrime service disrupted for abusing Microsoft platform to sign malware
    — Bleeping Computer

    Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to gener…
  4. Windows Zero-Day Barrage Continues After Patch Tuesday
    — Dark Reading

    YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.
  5. Discord rolls out end-to-end encryption on voice, video calls
    — Bleeping Computer

    Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption …
  6. CISA Exposes Secrets, Credentials in 'Private' Repo
    — Dark Reading

    The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."
  7. Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
    — The Hacker News

    Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users…
  8. DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
    — The Hacker News

    Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for loca…
  9. The New Phishing Click: How OAuth Consent Bypasses MFA
    — The Hacker News

    In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 …
  10. ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
  11. CISA Admin Leaked AWS GovCloud Keys on Github
    — Krebs on Security

    Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository th…
  12. TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
    — SANS ISC

    Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confir…

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6452 in last 30 days).
Critical: 1 · High: 5 · Medium: 14 · Low: 0. View full dashboard →

  1. CVE-2026-45585
    — CVSS 6.8 (MEDIUM)

    Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability…
  2. CVE-2026-39309
    — CVSS 5.5 (MEDIUM)

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt…
  3. CVE-2026-35593
    — CVSS 6.8 (MEDIUM)

    Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticat…
  4. CVE-2026-34754
    — CVSS 4.3 (MEDIUM)

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in…
  5. CVE-2026-34600
    — CVSS 5.7 (MEDIUM)

    Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes tha…
  6. CVE-2026-34358
    — CVSS 8.1 (HIGH)

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods …
  7. CVE-2026-34246
    — CVSS 4.8 (MEDIUM)

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In app/Http/Controllers/A…
  8. CVE-2026-34241
    — CVSS 8.7 (HIGH)

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitized reply content ($new…
  9. CVE-2026-34234
    — CVSS 10.0 (CRITICAL)

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it p…
  10. CVE-2025-15645
    — CVSS 4.6 (MEDIUM)

    Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provid…
  11. CVE-2023-7345
    — CVSS 6.5 (MEDIUM)

    Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal fi…
  12. CVE-2026-34233
    — CVSS 6.5 (MEDIUM)

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access …
  13. CVE-2026-34216
    — CVSS 6.6 (MEDIUM)

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it…
  14. CVE-2026-32882
    — CVSS 7.1 (HIGH)

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose …
  15. CVE-2026-32814
    — CVSS 6.5 (MEDIUM)

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the librar…
  16. CVE-2026-32741
    — CVSS 7.1 (HIGH)

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the f…
  17. CVE-2025-57798
    — CVSS 5.5 (MEDIUM)

    Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input functionality due to …
  18. CVE-2026-42526
    — CVSS 5.3 (MEDIUM)

    In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_team/conn"`) to the s…
  19. CVE-2026-32740
    — CVSS 8.8 (HIGH)

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully att…
  20. CVE-2026-32739
    — CVSS 6.5 (MEDIUM)

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely …

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 20, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com