Atlassian security advisory (AV26-483)

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the...

Ubuntu security advisory (AV26-482)

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka...

Red Hat security advisory (AV26-481)

Dell security advisory (AV26-480)

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?

IBM security advisory (AV26-479)

Mozilla security advisory (AV26-478)

There is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company.

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. [...]

The org’s staying mum on the details, but Wednesday’s fixes reach back to unsupported 8.9 branches

The org’s staying mum on the details, but Wednesday’s fixes reach back to unsupported 8.9 branches

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by...

Discover the latest on malicious versions of the pypi package durabletask, matching TeamPCP tactics.

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The...

Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). [...]

The company unsealed a legal case in U.S. District Court on Tuesday detailing the disruption of Fox Tempest — a popular service that has operated since May 2025 and provides cybercriminals with...

AL26-013 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20182

HPE security advisory (AV26-477)

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to...

May 11, 2026 Dawn Capelli from the Dragos OT CERT issued a Linked-In request for OT Insider Threat cases in industrial environments. Dawn said she keeps hearing that insider threats rank as a top...

Microsoft Edge security advisory (AV26-476)

The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs. [...]

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN.The vulnerabilities...

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. [...]

The U.K. government published guidance on AI, open code, and vulnerability risk in the public sector, outlining how... The post UK links AI-accelerated cyber threats to operational weaknesses, not...

[Control systems] CISA ICS security advisories (AV26–475)

Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts...