Daily Threat Briefing — May 27, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 27, 2026.

1. KnowledgeDeliver flaw exploited as a zero-day to install web shells
   — Bleeping Computer
   
   Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the …
2. Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
   — Dark Reading
   
   In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, …
3. Charter confirms data breach after ShinyHunters extortion threat
   — Bleeping Computer
   
   U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threaten…
4. The Hackers Behind Shai-Hulud: Lucky or Skilled?
   — Dark Reading
   
   TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it's not necessarily due to s…
5. Microsoft Issues Out-of-Band SharePoint Patch
   — Dark Reading
   
   SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well.
6. MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
   — The Hacker News
   
   The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries …
7. How Varonis Atlas integrates Claude Compliance API for AI governance
   — Bleeping Computer
   
   AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compl…
8. [THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back
   — The Hacker News
   
   Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer…
9. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
   — The Hacker News
   
   Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in …
10. ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
11. Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)
    — SANS ISC
    
    Introduction
12. Microsoft Access VBA, (Mon, May 25th)
    — SANS ISC
    
    Microsoft Access files (Microsoft Office's Database) can contain VBA code.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6101 in last 30 days).
Critical: 0 · High: 13 · Medium: 7 · Low: 0. View full dashboard →

1. CVE-2026-9607
   — CVSS 6.3 (MEDIUM)
   
   A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results in sql injection. It …
2. CVE-2026-9606
   — CVSS 7.3 (HIGH)
   
   A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be p…
3. CVE-2026-9605
   — CVSS 7.3 (HIGH)
   
   A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is …
4. CVE-2026-9604
   — CVSS 4.3 (MEDIUM)
   
   A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. T…
5. CVE-2026-9603
   — CVSS 6.5 (MEDIUM)
   
   A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing au…
6. CVE-2026-9584
   — CVSS 7.3 (HIGH)
   
   A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possib…
7. CVE-2026-5260
   — CVSS 8.2 (HIGH)
   
   A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. Thi…
8. CVE-2026-48710
   — CVSS 6.5 (MEDIUM)
   
   Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw …
9. CVE-2026-45574
   — CVSS 8.1 (HIGH)
   
   epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-sign…
10. CVE-2026-45298
    — CVSS 8.6 (HIGH)
    
    Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authe…
11. CVE-2026-44983
    — CVSS 7.3 (HIGH)
    
    smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a he…
12. CVE-2026-44966
    — CVSS 8.3 (HIGH)
    
    Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of #set d…
13. CVE-2026-44905
    — CVSS 7.5 (HIGH)
    
    Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing inc…
14. CVE-2026-44900
    — CVSS 8.1 (HIGH)
    
    epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean…
15. CVE-2026-44788
    — CVSS 5.9 (MEDIUM)
    
    SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create direc…
16. CVE-2026-44213
    — CVSS 6.5 (MEDIUM)
    
    The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a con…
17. CVE-2026-43988
    — CVSS 7.5 (HIGH)
    
    Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed ne…
18. CVE-2026-42015
    — CVSS 5.3 (MEDIUM)
    
    A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that …
19. CVE-2026-42013
    — CVSS 8.2 (HIGH)
    
    A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a…
20. CVE-2026-42012
    — CVSS 7.1 (HIGH)
    
    A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SAN…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 27, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com