OSINT & geopolitical

Talos Intelligence Advisory — May 12, 2026

Talos Intelligence published an research on "Talos Intelligence Advisory — May 12, 2026". Topic areas: cisco, talos, malware, threat-intel. Published May 12, 2026. See the original source linked under

Long Term Support Channel Update for ChromeOS

Google Chrome Releases published an advisory on "Long Term Support Channel Update for ChromeOS". Topic areas: google, chrome, browser, patch. Published May 11, 2026. See the original source linked und

Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools

Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advan

SANS Internet Storm Center Advisory — May 11, 2026

Apple today released its typical feature update across it's operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. Upd

11th May – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure, the US education technology company behin

VU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation

Overview dnsmasq is affected by multiple memory safety and input validation vulnerabilities, including heap buffer overflows, heap corruption, and code execution flaws. Collectively, these vulnerabili

USN-8266-1: Linux kernel vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary

USN-8267-1: Linux kernel vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary

VU#937808: Casdoor contains Arbitrary File Write vulnerability

Overview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authentic

GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations

USN-8265-1: Linux kernel (NVIDIA Tegra) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En

CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

Microsoft Security Response Center published an advisory on "CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE". Topic areas: microsoft, windows, azure, patch. Published May 11, 2026. Se

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

Microsoft Security Response Center published an advisory on "CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net". Topic areas: microsoft, windows, azure, patch. Publi

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Microsoft Security Response Center published an advisory on "CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net". To

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

Microsoft Security Response Center published an advisory on "CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil". Topic areas: microsoft, win

Kubernetes v1.36: Moving Volume Group Snapshots to GA

Volume group snapshots were introduced as an Alpha feature with the Kubernetes v1.27 release, moved to Beta in v1.32, and to a second Beta in v1.34. We are excited to announce that in the Kubernetes v

VU#260001: Linux kernel contains local privilege escalation vulnerability (Copy Fail)

Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 (released 2017) and later. Many popular distributions and Linux-based containers are affected. T

CVE-2026-8178 - Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

Bulletin ID: 2026-028-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/08 11:30 AM PDT Description: Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provid

SANS Internet Storm Center Advisory — May 8, 2026

Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred

CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification

Microsoft Security Response Center published an advisory on "CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification". Topic areas: microsoft, windows, azure, patch. Published Ma

Canvas Breach Disrupts Schools & Colleges Nationwide

Krebs on Security published an research on "Canvas Breach Disrupts Schools & Colleges Nationwide". Topic areas: news, breach, investigation, ransomware. Published May 8, 2026. See the original source

Dirty Frag and other issues in Amazon Linux kernels

Bulletin ID: 2026-027-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/07 19:45 PM PDT Description: Amazon is aware of a class of issues in the Linux kernel relate

Kubernetes v1.36: More Drivers, New Features, and the Next Era of DRA

Dynamic Resource Allocation (DRA) has fundamentally changed how platform administrators handle hardware accelerators and specialized resources in Kubernetes. In the v1.36 release, DRA continues to mat

Dev Channel Update for ChromeOS / ChromeOS Flex

Google Chrome Releases published an advisory on "Dev Channel Update for ChromeOS / ChromeOS Flex". Topic areas: google, chrome, browser, patch. Published May 7, 2026. See the original source linked un

Talos Intelligence Advisory — May 7, 2026

Talos Intelligence published an research on "Talos Intelligence Advisory — May 7, 2026". Topic areas: cisco, talos, malware, threat-intel. Published May 7, 2026. See the original source linked under R

Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )

CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

Stable Channel Update for ChromeOS / ChromeOS Flex

Google Chrome Releases published an advisory on "Stable Channel Update for ChromeOS / ChromeOS Flex". Topic areas: google, chrome, browser, patch. Published May 7, 2026. See the original source linked

May 2026 EPMM Security Update

In today’s rapidly evolving technology and threat landscape, responsible transparency should be a cornerstone of any product security program. Especially with the advancements in AI, we believe it is

USN-8261-1: Linux kernel (Xilinx) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En

USN-8258-1: Linux kernel (Azure) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En

USN-8260-1: Linux kernel (Azure FIPS) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En

USN-8257-1: Linux kernel (Raspberry Pi) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En

USN-8245-1: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En

PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale

PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale

USN-8243-1: Linux kernel (Azure) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary

CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports

CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports

CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report

CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE

CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()

USN-8179-4: Linux kernel (GCP) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as En

Kubernetes v1.36: Server-Side Sharded List and Watch

As Kubernetes clusters grow to tens of thousands of nodes, controllers that watch high-cardinality resources like Pods face a scaling wall. Every replica of a horizontally scaled controller receives t

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day

CVE-2026-31431

Bulletin ID: 2026-026-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/06 17:30 PM PDT Description: Amazon is aware of an issue in the Linux kernel (CVE-2026-31431

SANS Internet Storm Center Advisory — May 7, 2026

[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program] ]]>

Cisco Slido Insecure Direct Object Reference Vulnerability

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addresse

Cisco IoT Field Network Director Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause d

Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow a

Cisco Prime Infrastructure Information Disclosure Vulnerability

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability i

Cisco Identity Services Engine Authentication Bypass Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on a

Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affected device. For more

Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the at

Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause

Talos Intelligence Advisory — May 6, 2026

Talos Intelligence Advisory — May 6, 2026

Rapid7 Blog Advisory — May 6, 2026

OverviewOn May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall a

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityW

Beta Channel Update for ChromeOS / ChromeOS Flex

Beta Channel Update for ChromeOS / ChromeOS Flex