Patch Alert

SaaS-Style Cybercrime: Attackers Weaponize Langflow RCE and NATS Messaging for Ultra-Scalable C2 NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

SaaS-Style Cybercrime: Attackers Weaponize Langflow RCE and NATS Messaging for Ultra-Scalable C2

Ddos May 18, 2026

A sophisticated new command-and-control (C2) technique has emerged, revealing threat actors who operate more like modern SaaS...

Critical RCE Flaw in Apache Flink (CVE-2026-35194) Threatens TaskManagers CVE-2020-17519 Apache Flink Vulnerability CVE-2026-35194 RCE

CVE-2020-17519 Apache Flink Vulnerability CVE-2026-35194 RCE

Critical RCE Flaw in Apache Flink (CVE-2026-35194) Threatens TaskManagers

Ddos May 18, 2026

A critical severity vulnerability, tracked as CVE-2026-35194, has been disclosed in Apache Flink, exposing the distributed processing...

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE Strapi CMS Vulnerabilities CVE-2026-27886 Admin Takeover

Strapi CMS Vulnerabilities CVE-2026-27886 Admin Takeover

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE

Ddos May 18, 2026

A pair of severe vulnerabilities discovered in Strapi, the widely used open-source headless Content Management System (CMS),...

The CVE Watchtower: Weekly Threat Intelligence Briefing (May 11 – May 17, 2026)

The CVE Watchtower: Weekly Threat Intelligence Briefing (May 11 – May 17, 2026)

Ddos May 18, 2026

Welcome to your weekly vulnerability digest. If your security dashboards have been flashing red, your telemetry is...

Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE

Ddos May 18, 2026

Technical teams using the popular workflow automation platform n8n are facing a high-stakes security advisory after researchers...

CVSS 10 Alert: Quest KACE SMA Auth Bypass Exploited to Hijack Managed Endpoints Quest KACE SMA Vulnerability CVE-2025-32975 Exploit

Quest KACE SMA Vulnerability CVE-2025-32975 Exploit

CVSS 10 Alert: Quest KACE SMA Auth Bypass Exploited to Hijack Managed Endpoints

Ddos May 16, 2026

Cybersecurity researchers have just dropped a report on a critical “management plane” threat that has spent the...

Root Access Race: TOCTOU Vulnerability (CVE-2026-41702) Hits VMware Fusion VMware Fusion Privilege Escalation CVE-2026-41702 TOCTOU VMware Vulnerabilities, Broadcom Security CVE-2024-38814 - VMware HCX CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226

VMware Fusion Privilege Escalation CVE-2026-41702 TOCTOU VMware Vulnerabilities, Broadcom Security CVE-2024-38814 - VMware HCX CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226

Root Access Race: TOCTOU Vulnerability (CVE-2026-41702) Hits VMware Fusion

Ddos May 15, 2026

Broadcom has recently issued a critical alert and accompanying patches for VMware Fusion, addressing a local privilege...

PoC Released: Critical Linux Kernel ptrace Flaw Publicly Disclosed—Unprivileged Root File Access Possible key

key

PoC Released: Critical Linux Kernel ptrace Flaw Publicly Disclosed—Unprivileged Root File Access Possible

Ddos May 15, 2026

A critical “sanity check” gap in the Linux kernel’s ptrace logic has finally been addressed, but not...

cPanel & WHM Patch 5 High-Severity Flaws, Including 8.6 Severity File Read and SQLi cPanel WHM Vulnerabilities 2026 CVE-2026-29205 Arbitrary File Read cPanel Security Vulnerability Perl Injection Exploit cPanel Authentication WHM Security cPanel Privilege Escalation, Directory Traversal LPE

cPanel WHM Vulnerabilities 2026 CVE-2026-29205 Arbitrary File Read cPanel Security Vulnerability Perl Injection Exploit cPanel Authentication WHM Security cPanel Privilege Escalation, Directory Traversal LPE

cPanel & WHM Patch 5 High-Severity Flaws, Including 8.6 Severity File Read and SQLi

Ddos May 15, 2026

Recently, cPanel & WHM and WP Squared have issued patches for five critical vulnerabilities. These flaws range...

No Password Required: 9.8 Severity ELECOM Router Flaws Allow Total Network Takeover ELECOM Router Vulnerability CVE-2026-42062 Command Injection

ELECOM Router Vulnerability CVE-2026-42062 Command Injection

No Password Required: 9.8 Severity ELECOM Router Flaws Allow Total Network Takeover

Ddos May 15, 2026

In a major security disclosure, JPCERT/CC has issued an urgent advisory regarding multiple high-severity vulnerabilities discovered in...

Cisco SD-WAN Manager XXE Flaw Grants Unauthenticated Access to Private Files Cisco SD-WAN Manager Vulnerability CVE-2026-20224 XXE

Cisco SD-WAN Manager Vulnerability CVE-2026-20224 XXE

Cisco SD-WAN Manager XXE Flaw Grants Unauthenticated Access to Private Files

Ddos May 15, 2026

Cisco has detailed the curtain on a fresh set of vulnerabilities haunting its Catalyst SD-WAN Manager (formerly...

Critical 9.2 CVSS RCE Found in Amazon Redshift JDBC Driver Amazon Redshift JDBC Driver RCE CVE-2026-8178 AWS Bahrain fire 2026 AWS UAE data center fire Amazon North Korean hacker keystroke latency, Arizona laptop farm infiltration

Amazon Redshift JDBC Driver RCE CVE-2026-8178 AWS Bahrain fire 2026 AWS UAE data center fire Amazon North Korean hacker keystroke latency, Arizona laptop farm infiltration

Critical 9.2 CVSS RCE Found in Amazon Redshift JDBC Driver

Ddos May 15, 2026

Security teams are being urged to move quickly following the disclosure of a critical Remote Code Execution...

Critical 9.4 CVSS pgAdmin 4 Flaws Enable Full OS Command Execution pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

Critical 9.4 CVSS pgAdmin 4 Flaws Enable Full OS Command Execution

Ddos May 15, 2026

In a major security overhaul, pgAdmin, the world’s most popular open-source administration platform for PostgreSQL, has released...

Kubernetes Alert: 9.4 Severity RCE in CloudNativePG Enables PostgreSQL Superuser Takeover CloudNativePG RCE Vulnerability CVE-2026-44477

CloudNativePG RCE Vulnerability CVE-2026-44477

Kubernetes Alert: 9.4 Severity RCE in CloudNativePG Enables PostgreSQL Superuser Takeover

Ddos May 15, 2026

In a critical discovery for Kubernetes-based database environments, researchers have unveiled a severe privilege escalation and Remote...

Exploited in the Wild: Critical OWA Spoofing Flaw (CVE-2026-42897) Hits On-Premises Exchange Servers Outlook Web Access Exploit CVE-2026-42897 Exchange Server

Outlook Web Access Exploit CVE-2026-42897 Exchange Server

Exploited in the Wild: Critical OWA Spoofing Flaw (CVE-2026-42897) Hits On-Premises Exchange Servers

Ddos May 15, 2026

Microsoft has issued an urgent warning for organizations running on-premises email infrastructure. A newly disclosed vulnerability in...

79 Security Holes Sealed: Google Issues Urgent Chrome Update to Fix 14 “Critical” Vulnerabilities Chrome Security Update May 2026 Chrome Critical Vulnerabilities Fix

Chrome Security Update May 2026 Chrome Critical Vulnerabilities Fix

79 Security Holes Sealed: Google Issues Urgent Chrome Update to Fix 14 “Critical” Vulnerabilities

Ddos May 15, 2026

Google has unleashed a major security update for the Chrome Stable channel, addressing a staggering 79 security...

Exploited in the Wild: Maximum CVSS 10 SD-WAN Flaw (CVE-2026-20182) Grants Admin Control Cisco SD-WAN Exploited CVE-2026-20182 CVSS 10

Cisco SD-WAN Exploited CVE-2026-20182 CVSS 10

Exploited in the Wild: Maximum CVSS 10 SD-WAN Flaw (CVE-2026-20182) Grants Admin Control

Ddos May 15, 2026

Cisco Talos has issued a high-priority warning regarding the active, in-the-wild exploitation of several critical vulnerabilities targeting...

Nginx Releases Critical Update: Six Vulnerabilities Patched in New Stable Version NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

Nginx Releases Critical Update: Six Vulnerabilities Patched in New Stable Version

Ddos May 14, 2026

The web infrastructure world received a major wake-up call today as nginx-1.30.1 was released to address a...

Critical IKEv2 Buffer Overflow and CAS Bypass Hit Palo Alto PAN-OS PAN-OS IKEv2 Buffer Overflow CVE-2026-0263 Palo Alto Cortex XDR Privilege Escalation Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

PAN-OS IKEv2 Buffer Overflow CVE-2026-0263 Palo Alto Cortex XDR Privilege Escalation Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

Critical IKEv2 Buffer Overflow and CAS Bypass Hit Palo Alto PAN-OS

Ddos May 14, 2026

Palo Alto Networks has released a series of important security updates addressing multiple vulnerabilities across its PAN-OS...

Exploited in the Wild: Critical 9.8 CVSS RCE Hits Canon GUARDIANWALL MailSuite GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

Exploited in the Wild: Critical 9.8 CVSS RCE Hits Canon GUARDIANWALL MailSuite

Ddos May 14, 2026

In a significant security disclosure, JPCERT/CC has issued an advisory regarding a critical stack-based buffer overflow vulnerability...